Mailinglist Archive: opensuse-updates (35 mails)

< Previous Next >
openSUSE-SU-2011:0003-1 (important): Linux Kernel: security and bugfix update
openSUSE Security Update: Linux Kernel: security and bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:0003-1
Rating: important
References: #642043 #642302 #642311 #642313 #642484 #642486
#645659 #649187 #650128 #651218 #652563 #652939
#652940 #652945 #653258 #653260 #654581 #657350

Affected Products:
openSUSE 11.2
______________________________________________________________________________

An update that contains security fixes can now be
installed. It includes one version update.

Description:

This update of the openSUSE 11.2 kernel fixes various bugs
and lots of security issues.

Following security issues have been fixed: CVE-2010-4258: A
local attacker could use a Oops (kernel crash) caused by
other flaws to write a 0 byte to a attacker controlled
address in the kernel. This could lead to privilege
escalation together with other issues.

CVE-2010-4160: A overflow in sendto() and recvfrom()
routines was fixed that could be used by local attackers to
potentially crash the kernel using some socket families
like L2TP.

CVE-2010-4157: A 32bit vs 64bit integer mismatch in
gdth_ioctl_alloc could lead to memory corruption in the
GDTH driver.

CVE-2010-4165: The do_tcp_setsockopt function in
net/ipv4/tcp.c in the Linux kernel did not properly
restrict TCP_MAXSEG (aka MSS) values, which allows local
users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a
divide-by-zero error or incorrect use of a signed integer.

CVE-2010-4164: A remote (or local) attacker communicating
over X.25 could cause a kernel panic by attempting to
negotiate malformed facilities.

CVE-2010-4175: A local attacker could cause memory
overruns in the RDS protocol stack, potentially crashing
the kernel. So far it is considered not to be exploitable.

CVE-2010-3874: A minor heap overflow in the CAN network
module was fixed. Due to nature of the memory allocator it
is likely not exploitable.

CVE-2010-3874: A minor heap overflow in the CAN network
module was fixed. Due to nature of the memory allocator it
is likely not exploitable.

CVE-2010-4158: A memory information leak in berkely packet
filter rules allowed local attackers to read uninitialized
memory of the kernel stack.

CVE-2010-4162: A local denial of service in the blockdevice
layer was fixed.

CVE-2010-4163: By submitting certain I/O requests with 0
length, a local user could have caused a kernel panic.

CVE-2010-3861: The ethtool_get_rxnfc function in
net/core/ethtool.c in the Linux kernel did not initialize a
certain block of heap memory, which allowed local users to
obtain potentially sensitive information via an
ETHTOOL_GRXCLSRLALL ethtool command with a large
info.rule_cnt value.

CVE-2010-3442: Multiple integer overflows in the
snd_ctl_new function in sound/core/control.c in the Linux
kernel allowed local users to cause a denial of service
(heap memory corruption) or possibly have unspecified other
impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2)
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

CVE-2010-3437: A range checking overflow in pktcdvd ioctl
was fixed.

CVE-2010-4078: The sisfb_ioctl function in
drivers/video/sis/sis_main.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via an FBIOGET_VBLANK
ioctl call.

CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in
sound/pci/rme9652/hdsp.c in the Linux kernel did not
initialize a certain structure, which allowed local users
to obtain potentially sensitive information from kernel
stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl
call.

CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in
sound/pci/rme9652/hdspm.c in the Linux kernel did not
initialize a certain structure, which allowed local users
to obtain potentially sensitive information from kernel
stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl
call.

CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via a VIAFB_GET_INFO
ioctl call.

CVE-2010-3067: Integer overflow in the do_io_submit
function in fs/aio.c in the Linux kernel allowed local
users to cause a denial of service or possibly have
unspecified other impact via crafted use of the io_submit
system call.

CVE-2010-3865: A iovec integer overflow in RDS sockets was
fixed which could lead to local attackers gaining kernel
privileges.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.2:

zypper in -t patch kernel-debug-3706

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.2 (i586 x86_64) [New Version: 2.6.31.14]:

kernel-debug-2.6.31.14-0.6.1
kernel-debug-base-2.6.31.14-0.6.1
kernel-debug-devel-2.6.31.14-0.6.1
kernel-default-2.6.31.14-0.6.1
kernel-default-base-2.6.31.14-0.6.1
kernel-default-devel-2.6.31.14-0.6.1
kernel-desktop-2.6.31.14-0.6.1
kernel-desktop-base-2.6.31.14-0.6.1
kernel-desktop-devel-2.6.31.14-0.6.1
kernel-syms-2.6.31.14-0.6.1
kernel-trace-2.6.31.14-0.6.1
kernel-trace-base-2.6.31.14-0.6.1
kernel-trace-devel-2.6.31.14-0.6.1
kernel-vanilla-2.6.31.14-0.6.1
kernel-vanilla-base-2.6.31.14-0.6.1
kernel-vanilla-devel-2.6.31.14-0.6.1
kernel-xen-2.6.31.14-0.6.1
kernel-xen-base-2.6.31.14-0.6.1
kernel-xen-devel-2.6.31.14-0.6.1
preload-kmp-default-1.1_2.6.31.14_0.6-6.9.39
preload-kmp-desktop-1.1_2.6.31.14_0.6-6.9.39

- openSUSE 11.2 (noarch) [New Version: 2.6.31.14]:

kernel-source-2.6.31.14-0.6.1
kernel-source-vanilla-2.6.31.14-0.6.1

- openSUSE 11.2 (i586) [New Version: 2.6.31.14]:

kernel-pae-2.6.31.14-0.6.1
kernel-pae-base-2.6.31.14-0.6.1
kernel-pae-devel-2.6.31.14-0.6.1


References:

https://bugzilla.novell.com/642043
https://bugzilla.novell.com/642302
https://bugzilla.novell.com/642311
https://bugzilla.novell.com/642313
https://bugzilla.novell.com/642484
https://bugzilla.novell.com/642486
https://bugzilla.novell.com/645659
https://bugzilla.novell.com/649187
https://bugzilla.novell.com/650128
https://bugzilla.novell.com/651218
https://bugzilla.novell.com/652563
https://bugzilla.novell.com/652939
https://bugzilla.novell.com/652940
https://bugzilla.novell.com/652945
https://bugzilla.novell.com/653258
https://bugzilla.novell.com/653260
https://bugzilla.novell.com/654581
https://bugzilla.novell.com/657350


< Previous Next >
This Thread
  • No further messages