Mailinglist Archive: opensuse-security-announce (31 mails)

< Previous Next >
[security-announce] SUSE-SU-2011:0984-2: important: Security update for Linux kernel
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2011:0984-2
Rating: important
References: #225091 #602150 #635880 #649625 #663678 #685226
#692784 #693513 #694315 #699354 #699916 #701355
#703155 #703786 #704361 #704957 #705433 #705903
#706696 #707332 #707644 #708160 #708376 #708730
#710352 #711752 #711941 #712316 #712366
Cross-References: CVE-2010-3881 CVE-2011-1776 CVE-2011-2495
CVE-2011-2700 CVE-2011-2909 CVE-2011-2918

Affected Products:
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise High Availability Extension 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 23 fixes is
now available. It includes one version update.

Description:


The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.45 and fixes various bugs and security
issues.

The following security issues have been fixed:

*

CVE-2011-1776: Timo Warns reported an issue in the
Linux implementation for GUID partitions. Users with
physical access could gain access to sensitive kernel
memory by adding a storage device with a specially crafted
corrupted invalid partition table.

*

CVE-2010-3881: The second part of this fix was not
yet applied to our kernel: arch/x86/kvm/x86.c in the Linux
kernel before 2.6.36.2 does not initialize certain
structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory
via read operations on the /dev/kvm device.

*

CVE-2011-2495: The /proc/PID/io interface could be
used by local attackers to gain information on other
processes like number of password characters typed or
similar.

*

CVE-2011-2700: A small buffer overflow in the radio
driver si4713-i2c was fixed that could potentially used by
local attackers to crash the kernel or potentially execute
code.

*

CVE-2011-2909: A kernel information leak in the
comedi driver from kernel to userspace was fixed.

*

CVE-2011-2918: In the perf framework software event
overflows could deadlock or delete an uninitialized timer.

Security Issue references:

* CVE-2011-1776
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
>
* CVE-2010-3881
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3881
>
* CVE-2011-2495
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495
>
* CVE-2011-2700
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2700
>
* CVE-2011-2909
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2909
>
* CVE-2011-2918
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918
>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 11 SP1 for VMware:

zypper in -t patch slessp1-kernel-5055 slessp1-kernel-5056

- SUSE Linux Enterprise Server 11 SP1:

zypper in -t patch slessp1-kernel-5031 slessp1-kernel-5054
slessp1-kernel-5055 slessp1-kernel-5056 slessp1-kernel-5059

- SUSE Linux Enterprise High Availability Extension 11 SP1:

zypper in -t patch sleshasp1-kernel-5031 sleshasp1-kernel-5054
sleshasp1-kernel-5055 sleshasp1-kernel-5056 sleshasp1-kernel-5059

- SUSE Linux Enterprise Desktop 11 SP1:

zypper in -t patch sledsp1-kernel-5055 sledsp1-kernel-5056

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

btrfs-kmp-default-0_2.6.32.45_0.3-0.3.54
ext4dev-kmp-default-0_2.6.32.45_0.3-7.9.21
hyper-v-kmp-default-0_2.6.32.45_0.3-0.14.10

- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version:
2.6.32.45]:

kernel-default-2.6.32.45-0.3.2
kernel-default-base-2.6.32.45-0.3.2
kernel-default-devel-2.6.32.45-0.3.2
kernel-source-2.6.32.45-0.3.2
kernel-syms-2.6.32.45-0.3.2
kernel-trace-2.6.32.45-0.3.2
kernel-trace-base-2.6.32.45-0.3.2
kernel-trace-devel-2.6.32.45-0.3.2

- SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version:
2.6.32.45]:

btrfs-kmp-pae-0_2.6.32.45_0.3-0.3.54
ext4dev-kmp-pae-0_2.6.32.45_0.3-7.9.21
hyper-v-kmp-pae-0_2.6.32.45_0.3-0.14.10
kernel-default-2.6.32.45-0.3.1
kernel-default-base-2.6.32.45-0.3.1
kernel-default-devel-2.6.32.45-0.3.1
kernel-pae-2.6.32.45-0.3.1
kernel-pae-base-2.6.32.45-0.3.1
kernel-pae-devel-2.6.32.45-0.3.1
kernel-source-2.6.32.45-0.3.1
kernel-syms-2.6.32.45-0.3.1
kernel-trace-2.6.32.45-0.3.1
kernel-trace-base-2.6.32.45-0.3.1
kernel-trace-devel-2.6.32.45-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):

btrfs-kmp-default-0_2.6.32.45_0.3-0.3.54
ext4dev-kmp-default-0_2.6.32.45_0.3-7.9.21

- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x) [New Version:
2.6.32.45]:

kernel-default-2.6.32.45-0.3.1
kernel-default-base-2.6.32.45-0.3.1
kernel-default-devel-2.6.32.45-0.3.1
kernel-source-2.6.32.45-0.3.1
kernel-syms-2.6.32.45-0.3.1
kernel-trace-2.6.32.45-0.3.1
kernel-trace-base-2.6.32.45-0.3.1
kernel-trace-devel-2.6.32.45-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (i586 x86_64):

btrfs-kmp-xen-0_2.6.32.45_0.3-0.3.54
ext4dev-kmp-xen-0_2.6.32.45_0.3-7.9.21
hyper-v-kmp-default-0_2.6.32.45_0.3-0.14.10

- SUSE Linux Enterprise Server 11 SP1 (x86_64) [New Version: 2.6.32.45]:

kernel-default-2.6.32.45-0.3.2
kernel-default-base-2.6.32.45-0.3.2
kernel-default-devel-2.6.32.45-0.3.2
kernel-ec2-2.6.32.45-0.3.2
kernel-ec2-base-2.6.32.45-0.3.2
kernel-source-2.6.32.45-0.3.2
kernel-syms-2.6.32.45-0.3.2
kernel-trace-2.6.32.45-0.3.2
kernel-trace-base-2.6.32.45-0.3.2
kernel-trace-devel-2.6.32.45-0.3.2
kernel-xen-2.6.32.45-0.3.2
kernel-xen-base-2.6.32.45-0.3.2
kernel-xen-devel-2.6.32.45-0.3.2

- SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.45]:

kernel-default-man-2.6.32.45-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.45]:

ext4dev-kmp-ppc64-0_2.6.32.45_0.3-7.9.21
kernel-ppc64-2.6.32.45-0.3.1
kernel-ppc64-base-2.6.32.45-0.3.1
kernel-ppc64-devel-2.6.32.45-0.3.1

- SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.45]:

btrfs-kmp-pae-0_2.6.32.45_0.3-0.3.54
ext4dev-kmp-pae-0_2.6.32.45_0.3-7.9.21
hyper-v-kmp-pae-0_2.6.32.45_0.3-0.14.10
kernel-ec2-2.6.32.45-0.3.1
kernel-ec2-base-2.6.32.45-0.3.1
kernel-pae-2.6.32.45-0.3.1
kernel-pae-base-2.6.32.45-0.3.1
kernel-pae-devel-2.6.32.45-0.3.1
kernel-xen-2.6.32.45-0.3.1
kernel-xen-base-2.6.32.45-0.3.1
kernel-xen-devel-2.6.32.45-0.3.1

- SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64
s390x x86_64):

cluster-network-kmp-default-1.4_2.6.32.45_0.3-2.5.5
gfs2-kmp-default-2_2.6.32.45_0.3-0.2.53
ocfs2-kmp-default-1.6_2.6.32.45_0.3-0.4.2.5

- SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64):

cluster-network-kmp-xen-1.4_2.6.32.45_0.3-2.5.5
gfs2-kmp-xen-2_2.6.32.45_0.3-0.2.53
ocfs2-kmp-xen-1.6_2.6.32.45_0.3-0.4.2.5

- SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

cluster-network-kmp-ppc64-1.4_2.6.32.45_0.3-2.5.5
gfs2-kmp-ppc64-2_2.6.32.45_0.3-0.2.53
ocfs2-kmp-ppc64-1.6_2.6.32.45_0.3-0.4.2.5

- SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

cluster-network-kmp-pae-1.4_2.6.32.45_0.3-2.5.5
gfs2-kmp-pae-2_2.6.32.45_0.3-0.2.53
ocfs2-kmp-pae-1.6_2.6.32.45_0.3-0.4.2.5

- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

btrfs-kmp-default-0_2.6.32.45_0.3-0.3.54
btrfs-kmp-xen-0_2.6.32.45_0.3-0.3.54
hyper-v-kmp-default-0_2.6.32.45_0.3-0.14.10

- SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 2.6.32.45]:

kernel-default-2.6.32.45-0.3.2
kernel-default-base-2.6.32.45-0.3.2
kernel-default-devel-2.6.32.45-0.3.2
kernel-default-extra-2.6.32.45-0.3.2
kernel-desktop-devel-2.6.32.45-0.3.2
kernel-source-2.6.32.45-0.3.2
kernel-syms-2.6.32.45-0.3.2
kernel-xen-2.6.32.45-0.3.2
kernel-xen-base-2.6.32.45-0.3.2
kernel-xen-devel-2.6.32.45-0.3.2
kernel-xen-extra-2.6.32.45-0.3.2

- SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.45]:

btrfs-kmp-pae-0_2.6.32.45_0.3-0.3.54
hyper-v-kmp-pae-0_2.6.32.45_0.3-0.14.10
kernel-default-2.6.32.45-0.3.1
kernel-default-base-2.6.32.45-0.3.1
kernel-default-devel-2.6.32.45-0.3.1
kernel-default-extra-2.6.32.45-0.3.1
kernel-desktop-devel-2.6.32.45-0.3.1
kernel-pae-2.6.32.45-0.3.1
kernel-pae-base-2.6.32.45-0.3.1
kernel-pae-devel-2.6.32.45-0.3.1
kernel-pae-extra-2.6.32.45-0.3.1
kernel-source-2.6.32.45-0.3.1
kernel-syms-2.6.32.45-0.3.1
kernel-xen-2.6.32.45-0.3.1
kernel-xen-base-2.6.32.45-0.3.1
kernel-xen-devel-2.6.32.45-0.3.1
kernel-xen-extra-2.6.32.45-0.3.1


References:

http://support.novell.com/security/cve/CVE-2010-3881.html
http://support.novell.com/security/cve/CVE-2011-1776.html
http://support.novell.com/security/cve/CVE-2011-2495.html
http://support.novell.com/security/cve/CVE-2011-2700.html
http://support.novell.com/security/cve/CVE-2011-2909.html
http://support.novell.com/security/cve/CVE-2011-2918.html
https://bugzilla.novell.com/225091
https://bugzilla.novell.com/602150
https://bugzilla.novell.com/635880
https://bugzilla.novell.com/649625
https://bugzilla.novell.com/663678
https://bugzilla.novell.com/685226
https://bugzilla.novell.com/692784
https://bugzilla.novell.com/693513
https://bugzilla.novell.com/694315
https://bugzilla.novell.com/699354
https://bugzilla.novell.com/699916
https://bugzilla.novell.com/701355
https://bugzilla.novell.com/703155
https://bugzilla.novell.com/703786
https://bugzilla.novell.com/704361
https://bugzilla.novell.com/704957
https://bugzilla.novell.com/705433
https://bugzilla.novell.com/705903
https://bugzilla.novell.com/706696
https://bugzilla.novell.com/707332
https://bugzilla.novell.com/707644
https://bugzilla.novell.com/708160
https://bugzilla.novell.com/708376
https://bugzilla.novell.com/708730
https://bugzilla.novell.com/710352
https://bugzilla.novell.com/711752
https://bugzilla.novell.com/711941
https://bugzilla.novell.com/712316
https://bugzilla.novell.com/712366

http://download.novell.com/patch/finder/?keywords=59c338a7210363a87ce60c5448842190

http://download.novell.com/patch/finder/?keywords=6499f4c180072d54d54780ca1a2ecc2f

http://download.novell.com/patch/finder/?keywords=6fe973a3186c5d88981a175a256a8309

http://download.novell.com/patch/finder/?keywords=73bec7d5d91bb11febbcb08523f6eec4

http://download.novell.com/patch/finder/?keywords=7d158b734b5f3b91e58c550a6b83a4ca

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages