Mailinglist Archive: opensuse-security-announce (30 mails)

< Previous Next >
[security-announce] SUSE-SU-2011:0899-1: important: Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2011:0899-1
Rating: important
References: #644541 #645084 #655973 #657017 #657029 #658035
#668483 #670465 #677676 #678422 #682251 #683101
#683282 #683886 #684297 #685276 #685402 #687812
#688432 #689797 #690869 #692601 #693043 #693149
#693796 #696107 #697932 #698221 #700254 #701254
#701542 #702013 #702285 #703013 #703153 #705463

Cross-References: CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
CVE-2011-1593 CVE-2011-1745 CVE-2011-1746
CVE-2011-2022 CVE-2011-2182 CVE-2011-2484
CVE-2011-2491 CVE-2011-2496
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________

An update that solves 14 vulnerabilities and has 22 fixes
is now available.

Description:


This kernel update for the SUSE Linux Enterprise 10 SP4
kernel fixes several security issues and bugs.

The following security issues were fixed:

*

CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control
Protocol (DCCP) implementation in the Linux kernel did not
properly handle packets for a CLOSED endpoint, which
allowed remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by sending a DCCP-Close
packet followed by a DCCP-Reset packet.

*

CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.

*

CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.

*

CVE-2011-1746: Multiple integer overflows in the (1)
agp_allocate_memory and (2) agp_create_user_memory
functions in drivers/char/agp/generic.c in the Linux kernel
allowed local users to trigger buffer overflows, and
consequently cause a denial of service (system crash) or
possibly have unspecified other impact, via vectors related
to calls that specify a large number of memory pages.

*

CVE-2011-2022: The agp_generic_remove_memory function
in drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.

*

CVE-2011-1585: When using a setuid root mount.cifs,
local users could hijack password protected mounted CIFS
shares of other local users.

*

CVE-2011-0726: The do_task_stat function in
fs/proc/array.c in the Linux kernel did not perform an
expected uid check, which made it easier for local users to
defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file
for a process executing a PIE binary.

*

CVE-2011-2496: The normal mmap paths all avoid
creating a mapping where the pgoff inside the mapping could
wrap around due to overflow. However, an expanding mremap()
can take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.

*

CVE-2011-2491: A local unprivileged user able to
access a NFS filesystem could use file locking to deadlock
parts of an nfs server under some circumstance.

*

CVE-2011-1017, CVE-2011-2182: The code for evaluating
LDM partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.

*

CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.

*

CVE-2011-1494: Integer overflow in the
_ctl_do_mpt_command function in
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
might have allowed local users to gain privileges or cause
a denial of service (memory corruption) via an ioctl call
specifying a crafted value that triggers a heap-based
buffer overflow.

*

CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
the Linux kernel did not validate (1) length and (2) offset
values before performing memory copy operations, which
might have allowed local users to gain privileges, cause a
denial of service (memory corruption), or obtain sensitive
information from kernel memory via a crafted ioctl call,
related to the _ctl_do_mpt_command and
_ctl_diag_read_buffer functions.

Security Issue references:

* CVE-2011-1093
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
>
* CVE-2011-2484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484
>
* CVE-2011-1745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
>
* CVE-2011-1746
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
>
* CVE-2011-2022
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
>
* CVE-2011-1745
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
>
* CVE-2011-1585
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585
>
* CVE-2011-0726
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
>
* CVE-2011-2496
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496
>
* CVE-2011-2491
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
>
* CVE-2011-1017
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017
>
* CVE-2011-2182
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
>
* CVE-2011-1593
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
>
* CVE-2011-1494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
>
* CVE-2011-1495
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.


Package List:

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

kernel-default-2.6.16.60-0.89.1
kernel-source-2.6.16.60-0.89.1
kernel-syms-2.6.16.60-0.89.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.89.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.89.1

- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

kernel-smp-2.6.16.60-0.89.1
kernel-xen-2.6.16.60-0.89.1

- SUSE Linux Enterprise Server 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.89.1
kernel-kdumppae-2.6.16.60-0.89.1
kernel-vmi-2.6.16.60-0.89.1
kernel-vmipae-2.6.16.60-0.89.1
kernel-xenpae-2.6.16.60-0.89.1

- SUSE Linux Enterprise Server 10 SP4 (ppc):

kernel-iseries64-2.6.16.60-0.89.1
kernel-ppc64-2.6.16.60-0.89.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

kernel-default-2.6.16.60-0.89.1
kernel-smp-2.6.16.60-0.89.1
kernel-source-2.6.16.60-0.89.1
kernel-syms-2.6.16.60-0.89.1
kernel-xen-2.6.16.60-0.89.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

kernel-bigsmp-2.6.16.60-0.89.1
kernel-xenpae-2.6.16.60-0.89.1

- SLE SDK 10 SP4 (i586 ia64 x86_64):

kernel-debug-2.6.16.60-0.89.1

- SLE SDK 10 SP4 (i586 ppc x86_64):

kernel-kdump-2.6.16.60-0.89.1

- SLE SDK 10 SP4 (i586 x86_64):

kernel-xen-2.6.16.60-0.89.1

- SLE SDK 10 SP4 (i586):

kernel-xenpae-2.6.16.60-0.89.1


References:

http://support.novell.com/security/cve/CVE-2011-0726.html
http://support.novell.com/security/cve/CVE-2011-1017.html
http://support.novell.com/security/cve/CVE-2011-1093.html
http://support.novell.com/security/cve/CVE-2011-1494.html
http://support.novell.com/security/cve/CVE-2011-1495.html
http://support.novell.com/security/cve/CVE-2011-1585.html
http://support.novell.com/security/cve/CVE-2011-1593.html
http://support.novell.com/security/cve/CVE-2011-1745.html
http://support.novell.com/security/cve/CVE-2011-1746.html
http://support.novell.com/security/cve/CVE-2011-2022.html
http://support.novell.com/security/cve/CVE-2011-2182.html
http://support.novell.com/security/cve/CVE-2011-2484.html
http://support.novell.com/security/cve/CVE-2011-2491.html
http://support.novell.com/security/cve/CVE-2011-2496.html
https://bugzilla.novell.com/644541
https://bugzilla.novell.com/645084
https://bugzilla.novell.com/655973
https://bugzilla.novell.com/657017
https://bugzilla.novell.com/657029
https://bugzilla.novell.com/658035
https://bugzilla.novell.com/668483
https://bugzilla.novell.com/670465
https://bugzilla.novell.com/677676
https://bugzilla.novell.com/678422
https://bugzilla.novell.com/682251
https://bugzilla.novell.com/683101
https://bugzilla.novell.com/683282
https://bugzilla.novell.com/683886
https://bugzilla.novell.com/684297
https://bugzilla.novell.com/685276
https://bugzilla.novell.com/685402
https://bugzilla.novell.com/687812
https://bugzilla.novell.com/688432
https://bugzilla.novell.com/689797
https://bugzilla.novell.com/690869
https://bugzilla.novell.com/692601
https://bugzilla.novell.com/693043
https://bugzilla.novell.com/693149
https://bugzilla.novell.com/693796
https://bugzilla.novell.com/696107
https://bugzilla.novell.com/697932
https://bugzilla.novell.com/698221
https://bugzilla.novell.com/700254
https://bugzilla.novell.com/701254
https://bugzilla.novell.com/701542
https://bugzilla.novell.com/702013
https://bugzilla.novell.com/702285
https://bugzilla.novell.com/703013
https://bugzilla.novell.com/703153
https://bugzilla.novell.com/705463

http://download.novell.com/patch/finder/?keywords=0e9208ee65c884d152a545b8766938bc

http://download.novell.com/patch/finder/?keywords=2284bd78d78b00accc68729a9634d92d

http://download.novell.com/patch/finder/?keywords=3b9cb9db7d375a34d07fb460aad8137b

http://download.novell.com/patch/finder/?keywords=5f3e206eac108e161bdd1b3928ce7c3e

http://download.novell.com/patch/finder/?keywords=75c70ba80807aed777189444e17910e5

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages