Mailinglist Archive: opensuse-security-announce (31 mails)

< Previous Next >
[security-announce] SUSE-SU-2011:0984-3: important: kernel update for SLE11 SP1
SUSE Security Update: kernel update for SLE11 SP1

Announcement ID: SUSE-SU-2011:0984-3
Rating: important
References: #225091 #602150 #635880 #649625 #663678 #685226
#692784 #693513 #694315 #699354 #699916 #701355
#703155 #703786 #704361 #704957 #705433 #705903
#706696 #707332 #707644 #708160 #708376 #708730
#710352 #711752 #711941 #712316 #712366
Cross-References: CVE-2010-3881 CVE-2011-1776 CVE-2011-2495
CVE-2011-2700 CVE-2011-2909 CVE-2011-2918

Affected Products:
SLE 11 SERVER Unsupported Extras

An update that solves 6 vulnerabilities and has 23 fixes is
now available.


The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to and fixes various bugs and security

Following security issues were fixed: CVE-2011-1776: Timo
Warns reported an issue in the Linux implementation for
GUID partitions. Users with physical access could gain
access to sensitive kernel memory by adding a storage
device with a specially crafted corrupted invalid partition

CVE-2010-3881: The second part of this fix was not yet
applied to our kernel: arch/x86/kvm/x86.c in the Linux
kernel before does not initialize certain
structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory
via read operations on the /dev/kvm device.

CVE-2011-2495: The /proc/PID/io interface could be used by
local attackers to gain information on other processes like
number of password characters typed or similar.

CVE-2011-2700: A small buffer overflow in the radio driver
si4713-i2c was fixed that could potentially used by local
attackers to crash the kernel or potentially execute code.

CVE-2011-2909: A kernel information leak in the comedi
driver from kernel to userspace was fixed.

CVE-2011-2918: In the perf framework software event
overflows could deadlock or delete an uninitialized timer.

Special Instructions and Notes:

Please reboot the system after installing this update.

Package List:

- SLE 11 SERVER Unsupported Extras (s390x):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages