Mailinglist Archive: opensuse-updates (54 mails)

< Previous Next >
openSUSE-SU-2010:1047-1 (important): Linux Kernel: Security/Bugfix update to fix local privilege escalations
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Fri, 10 Dec 2010 17:08:16 +0100 (CET)
  • Message-id: <20101210160817.248ABBE66@xxxxxxxxxxxxxx>
openSUSE Security Update: Linux Kernel: Security/Bugfix update to fix local
privilege escalations
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:1047-1
Rating: important
References: #595215 #642302 #642311 #642312 #642313 #642314
#642484 #642486 #643477 #645659 #646045 #651218
#651356 #651626 #652563 #652940 #652945 #653260

Affected Products:
openSUSE 11.1
______________________________________________________________________________

An update that contains security fixes can now be
installed. It includes one version update.

Description:

This security update of the openSUSE 11.1 kernel updates
the kernel to 2.6.27.56 and fixes various security issues
and other bugs.

Following security issues were fixed by this update:
CVE-2010-2963: A problem in the compat ioctl handling in
video4linux allowed local attackers with a video device
plugged in to gain privileges on x86_64 systems.

CVE-2010-4157: A 32bit vs 64bit integer mismatch in
gdth_ioctl_alloc could lead to memory corruption in the
GDTH driver.

CVE-2010-4164: A remote (or local) attacker communicating
over X.25 could cause a kernel panic by attempting to
negotiate malformed facilities.

CVE-2010-3874: A minor heap overflow in the CAN network
module was fixed. Due to nature of the memory allocator it
is likely not exploitable.

CVE-2010-4158: A memory information leak in berkely packet
filter rules allowed local attackers to read uninitialized
memory of the kernel stack.

CVE-2010-4162: A local denial of service in the blockdevice
layer was fixed.

CVE-2010-3437: A range checking overflow in pktcdvd ioctl
was fixed.

CVE-2010-4078: The sisfb_ioctl function in
drivers/video/sis/sis_main.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via an FBIOGET_VBLANK
ioctl call.

CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via a VIAFB_GET_INFO
ioctl call.

CVE-2010-4073: The ipc subsystem in the Linux kernel did
not initialize certain structures, which allowed local
users to obtain potentially sensitive information from
kernel stack memory via vectors related to the (1)
compat_sys_semctl, (2) compat_sys_msgctl, and (3)
compat_sys_shmctl functions in ipc/compat.c; and the (4)
compat_sys_mq_open and (5) compat_sys_mq_getsetattr
functions in ipc/compat_mq.c.

CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c
in the Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially sensitive
information from kernel stack memory via vectors related to
the shmctl system call and the "old shm interface."

CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c
in the Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially sensitive
information from kernel stack memory via a (1) IPC_INFO,
(2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a
semctl system call.

CVE-2010-3067: Integer overflow in the do_io_submit
function in fs/aio.c in the Linux kernel allowed local
users to cause a denial of service or possibly have
unspecified other impact via crafted use of the io_submit
system call.

CVE-2010-3442: Multiple integer overflows in the
snd_ctl_new function in sound/core/control.c in the Linux
kernel allowed local users to cause a denial of service
(heap memory corruption) or possibly have unspecified other
impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2)
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in
sound/pci/rme9652/hdsp.c in the Linux kernel did not
initialize a certain structure, which allowed local users
to obtain potentially sensitive information from kernel
stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl
call.

CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in
sound/pci/rme9652/hdspm.c in the Linux kernel did not
initialize a certain structure, which allowed local users
to obtain potentially sensitive information from kernel
stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl
call.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.1:

zypper in -t patch kernel-3619

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.1 (i586 ppc x86_64) [New Version: 2.6.27.56]:

kernel-default-2.6.27.56-0.1.1
kernel-default-base-2.6.27.56-0.1.1
kernel-default-extra-2.6.27.56-0.1.1
kernel-source-2.6.27.56-0.1.1
kernel-syms-2.6.27.56-0.1.1
kernel-vanilla-2.6.27.56-0.1.1

- openSUSE 11.1 (i586 x86_64) [New Version: 2.6.27.56]:

kernel-debug-2.6.27.56-0.1.1
kernel-debug-base-2.6.27.56-0.1.1
kernel-debug-extra-2.6.27.56-0.1.1
kernel-trace-2.6.27.56-0.1.1
kernel-trace-base-2.6.27.56-0.1.1
kernel-trace-extra-2.6.27.56-0.1.1
kernel-xen-2.6.27.56-0.1.1
kernel-xen-base-2.6.27.56-0.1.1
kernel-xen-extra-2.6.27.56-0.1.1

- openSUSE 11.1 (noarch):

kernel-docs-2.6.3-3.13.135

- openSUSE 11.1 (i586) [New Version: 2.6.27.56]:

kernel-pae-2.6.27.56-0.1.1
kernel-pae-base-2.6.27.56-0.1.1
kernel-pae-extra-2.6.27.56-0.1.1

- openSUSE 11.1 (ppc) [New Version: 2.6.27.56]:

kernel-kdump-2.6.27.56-0.1.1
kernel-ppc64-2.6.27.56-0.1.1
kernel-ppc64-base-2.6.27.56-0.1.1
kernel-ppc64-extra-2.6.27.56-0.1.1
kernel-ps3-2.6.27.56-0.1.1


References:

https://bugzilla.novell.com/595215
https://bugzilla.novell.com/642302
https://bugzilla.novell.com/642311
https://bugzilla.novell.com/642312
https://bugzilla.novell.com/642313
https://bugzilla.novell.com/642314
https://bugzilla.novell.com/642484
https://bugzilla.novell.com/642486
https://bugzilla.novell.com/643477
https://bugzilla.novell.com/645659
https://bugzilla.novell.com/646045
https://bugzilla.novell.com/651218
https://bugzilla.novell.com/651356
https://bugzilla.novell.com/651626
https://bugzilla.novell.com/652563
https://bugzilla.novell.com/652940
https://bugzilla.novell.com/652945
https://bugzilla.novell.com/653260


< Previous Next >
This Thread
  • No further messages