Mailinglist Archive: opensuse-updates (35 mails)

< Previous Next >
openSUSE-SU-2011:0048-1 (important): SLE11 SP1
openSUSE Security Update: SLE11 SP1
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:0048-1
Rating: important
References: #595215 #602838 #615630 #628180 #636672 #637542
#638258 #639803 #640878 #641105 #641811 #642043
#642313 #642314 #642486 #643173 #643477 #645659
#646226 #646542 #646702 #646908 #647567 #648112
#648701 #649187 #649548 #650067 #650185 #650487
#650748 #651066 #651218 #651596 #652024 #652293
#652563 #652603 #652842 #652939 #652940 #652945
#653148 #653258 #653260 #653266 #653800 #653930
#654150 #654530 #654581 #654701 #654837 #654967
#655027 #655278 #656471 #657324 #657350 #657412
#657415 #657976 #658464 #658829 #659144
Cross-References: CVE-2010-3437 CVE-2010-3861 CVE-2010-3874
CVE-2010-3881 CVE-2010-4072 CVE-2010-4073
CVE-2010-4082 CVE-2010-4083 CVE-2010-4157
CVE-2010-4158 CVE-2010-4160 CVE-2010-4162
CVE-2010-4163 CVE-2010-4164 CVE-2010-4165
CVE-2010-4169 CVE-2010-4175 CVE-2010-4258

Affected Products:
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

An update that solves 18 vulnerabilities and has 47 fixes
is now available.

Description:

The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.27 and fixes various bugs and security
issues.

Following security issues were fixed: CVE-2010-4258: A
local attacker could use a Oops (kernel crash) caused by
other flaws to write a 0 byte to a attacker controlled
address in the kernel. This could lead to privilege
escalation together with other issues.

CVE-2010-4160: A overflow in sendto() and recvfrom()
routines was fixed that could be used by local attackers to
potentially crash the kernel using some socket families
like L2TP.

CVE-2010-4157: A 32bit vs 64bit integer mismatch in
gdth_ioctl_alloc could lead to memory corruption in the
GDTH driver.

CVE-2010-4165: The do_tcp_setsockopt function in
net/ipv4/tcp.c in the Linux kernel did not properly
restrict TCP_MAXSEG (aka MSS) values, which allowed local
users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a
divide-by-zero error or incorrect use of a signed integer.

CVE-2010-4164: A remote (or local) attacker communicating
over X.25 could cause a kernel panic by attempting to
negotiate malformed facilities.

CVE-2010-4175: A local attacker could cause memory overruns
in the RDS protocol stack, potentially crashing the kernel.
So far it is considered not to be exploitable.

CVE-2010-4169: Use-after-free vulnerability in
mm/mprotect.c in the Linux kernel allwed local users to
cause a denial of service via vectors involving an mprotect
system call.

CVE-2010-3874: A minor heap overflow in the CAN network
module was fixed. Due to nature of the memory allocator it
is likely not exploitable.

CVE-2010-4158: A memory information leak in berkely packet
filter rules allowed local attackers to read uninitialized
memory of the kernel stack.

CVE-2010-4162: A local denial of service in the blockdevice
layer was fixed.

CVE-2010-4163: By submitting certain I/O requests with 0
length, a local user could have caused a kernel panic.

CVE-2010-3861: The ethtool_get_rxnfc function in
net/core/ethtool.c in the Linux kernel did not initialize a
certain block of heap memory, which allowed local users to
obtain potentially sensitive information via an
ETHTOOL_GRXCLSRLALL ethtool command with a large
info.rule_cnt value.

CVE-2010-3881: arch/x86/kvm/x86.c in the Linux kernel did
not initialize certain structure members, which allowed
local users to obtain potentially sensitive information
from kernel stack memory via read operations on the
/dev/kvm device.

CVE-2010-3437: A range checking overflow in pktcdvd ioctl
was fixed.

CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via a VIAFB_GET_INFO
ioctl call.

CVE-2010-4073: The ipc subsystem in the Linux kernel did
not initialize certain structures, which allowed local
users to obtain potentially sensitive information from
kernel stack memory via vectors related to the (1)
compat_sys_semctl, (2) compat_sys_msgctl, and (3)
compat_sys_shmctl functions in ipc/compat.c; and the (4)
compat_sys_mq_open and (5) compat_sys_mq_getsetattr
functions in ipc/compat_mq.c.

CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c
in the Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially sensitive
information from kernel stack memory via vectors related to
the shmctl system call and the "old shm interface."

CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c
in the Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially sensitive
information from kernel stack memory via a (1) IPC_INFO,
(2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a
semctl system call.


Special Instructions and Notes:

Please reboot the system after installing this update.


Package List:

- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-2.6.32.27-0.2.2

- SLE 11 SERVER Unsupported Extras (i586 x86_64):

kernel-xen-extra-2.6.32.27-0.2.2

- SLE 11 SERVER Unsupported Extras (ppc64):

kernel-ppc64-extra-2.6.32.27-0.2.2

- SLE 11 SERVER Unsupported Extras (i586):

kernel-pae-extra-2.6.32.27-0.2.2


References:

http://support.novell.com/security/cve/CVE-2010-3437.html
http://support.novell.com/security/cve/CVE-2010-3861.html
http://support.novell.com/security/cve/CVE-2010-3874.html
http://support.novell.com/security/cve/CVE-2010-3881.html
http://support.novell.com/security/cve/CVE-2010-4072.html
http://support.novell.com/security/cve/CVE-2010-4073.html
http://support.novell.com/security/cve/CVE-2010-4082.html
http://support.novell.com/security/cve/CVE-2010-4083.html
http://support.novell.com/security/cve/CVE-2010-4157.html
http://support.novell.com/security/cve/CVE-2010-4158.html
http://support.novell.com/security/cve/CVE-2010-4160.html
http://support.novell.com/security/cve/CVE-2010-4162.html
http://support.novell.com/security/cve/CVE-2010-4163.html
http://support.novell.com/security/cve/CVE-2010-4164.html
http://support.novell.com/security/cve/CVE-2010-4165.html
http://support.novell.com/security/cve/CVE-2010-4169.html
http://support.novell.com/security/cve/CVE-2010-4175.html
http://support.novell.com/security/cve/CVE-2010-4258.html
https://bugzilla.novell.com/595215
https://bugzilla.novell.com/602838
https://bugzilla.novell.com/615630
https://bugzilla.novell.com/628180
https://bugzilla.novell.com/636672
https://bugzilla.novell.com/637542
https://bugzilla.novell.com/638258
https://bugzilla.novell.com/639803
https://bugzilla.novell.com/640878
https://bugzilla.novell.com/641105
https://bugzilla.novell.com/641811
https://bugzilla.novell.com/642043
https://bugzilla.novell.com/642313
https://bugzilla.novell.com/642314
https://bugzilla.novell.com/642486
https://bugzilla.novell.com/643173
https://bugzilla.novell.com/643477
https://bugzilla.novell.com/645659
https://bugzilla.novell.com/646226
https://bugzilla.novell.com/646542
https://bugzilla.novell.com/646702
https://bugzilla.novell.com/646908
https://bugzilla.novell.com/647567
https://bugzilla.novell.com/648112
https://bugzilla.novell.com/648701
https://bugzilla.novell.com/649187
https://bugzilla.novell.com/649548
https://bugzilla.novell.com/650067
https://bugzilla.novell.com/650185
https://bugzilla.novell.com/650487
https://bugzilla.novell.com/650748
https://bugzilla.novell.com/651066
https://bugzilla.novell.com/651218
https://bugzilla.novell.com/651596
https://bugzilla.novell.com/652024
https://bugzilla.novell.com/652293
https://bugzilla.novell.com/652563
https://bugzilla.novell.com/652603
https://bugzilla.novell.com/652842
https://bugzilla.novell.com/652939
https://bugzilla.novell.com/652940
https://bugzilla.novell.com/652945
https://bugzilla.novell.com/653148
https://bugzilla.novell.com/653258
https://bugzilla.novell.com/653260
https://bugzilla.novell.com/653266
https://bugzilla.novell.com/653800
https://bugzilla.novell.com/653930
https://bugzilla.novell.com/654150
https://bugzilla.novell.com/654530
https://bugzilla.novell.com/654581
https://bugzilla.novell.com/654701
https://bugzilla.novell.com/654837
https://bugzilla.novell.com/654967
https://bugzilla.novell.com/655027
https://bugzilla.novell.com/655278
https://bugzilla.novell.com/656471
https://bugzilla.novell.com/657324
https://bugzilla.novell.com/657350
https://bugzilla.novell.com/657412
https://bugzilla.novell.com/657415
https://bugzilla.novell.com/657976
https://bugzilla.novell.com/658464
https://bugzilla.novell.com/658829
https://bugzilla.novell.com/659144


< Previous Next >
This Thread
  • No further messages