Mailinglist Archive: opensuse-updates (42 mails)

< Previous Next >
openSUSE-SU-2011:0159-1 (important): SLE11 SP1
openSUSE Security Update: SLE11 SP1
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:0159-1
Rating: important
References: #466279 #552250 #564423 #602969 #620929 #622868
#623393 #625965 #629170 #630970 #632317 #633026
#636435 #638258 #640850 #642309 #643266 #643513
#648647 #648701 #648916 #649473 #650067 #650366
#650748 #651152 #652391 #655220 #655278 #655964
#657248 #657763 #658037 #658254 #658337 #658353
#658461 #658551 #658720 #659101 #659394 #659419
#660546 #661605 #661945 #662031 #662192 #662202
#662212 #662335 #662340 #662360 #662673 #662722
#662800 #662931 #662945 #663537 #663582 #663706
#664149 #664463 #665480 #665499 #665524 #665663
#666012 #666893 #668545 #668633 #668929 #670129
#670577 #670864 #671256 #671274 #671483 #672292
#672492 #672499 #672524 #674735
Cross-References: CVE-2010-2943 CVE-2010-3699 CVE-2010-3705
CVE-2010-3858 CVE-2010-3875 CVE-2010-3876
CVE-2010-3877 CVE-2010-4075 CVE-2010-4076
CVE-2010-4077 CVE-2010-4163 CVE-2010-4243
CVE-2010-4342 CVE-2010-4346 CVE-2010-4526
CVE-2010-4527 CVE-2010-4529 CVE-2010-4650
CVE-2010-4668 CVE-2011-0006 CVE-2011-0710
CVE-2011-0711 CVE-2011-0712
Affected Products:
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

An update that solves 23 vulnerabilities and has 59 fixes
is now available.

Description:

The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.29 and fixes various bugs and security
issues.

CVE-2010-3875: The ax25_getname function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain structure, which allowed local users to obtain
potentially sensitive information from kernel stack memory
by reading a copy of this structure.

CVE-2010-3876: net/packet/af_packet.c in the Linux kernel
did not properly initialize certain structure members,
which allowed local users to obtain potentially sensitive
information from kernel stack memory by leveraging the
CAP_NET_RAW capability to read copies of the applicable
structures.

CVE-2010-3877: The get_name function in net/tipc/socket.c
in the Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially sensitive
information from kernel stack memory by reading a copy of
this structure.

CVE-2010-3705: The sctp_auth_asoc_get_hmac function in
net/sctp/auth.c in the Linux kernel did not properly
validate the hmac_ids array of an SCTP peer, which allowed
remote attackers to cause a denial of service (memory
corruption and panic) via a crafted value in the last
element of this array.

CVE-2011-0711: A stack memory information leak in the xfs
FSGEOMETRY_V1 ioctl was fixed.

CVE-2011-0712: Multiple buffer overflows in the caiaq
Native Instruments USB audio functionality in the Linux
kernel might have allowed attackers to cause a denial of
service or possibly have unspecified other impact via a
long USB device name, related to (1) the
snd_usb_caiaq_audio_init function in
sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init
function in sound/usb/caiaq/midi.c.

CVE-2011-0710: The task_show_regs function in
arch/s390/kernel/traps.c in the Linux kernel on the s390
platform allowed local users to obtain the values of the
registers of an arbitrary process by reading a status file
under /proc/.

CVE-2010-2943: The xfs implementation in the Linux kernel
did not look up inode allocation btrees before reading
inode buffers, which allowed remote authenticated users to
read unlinked files, or read or overwrite disk blocks that
are currently assigned to an active file but were
previously assigned to an unlinked file, by accessing a
stale NFS filehandle.

CVE-2010-4075: The uart_get_count function in
drivers/serial/serial_core.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via a TIOCGICOUNT
ioctl call.

CVE-2010-4076: The rs_ioctl function in
drivers/char/amiserial.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via a TIOCGICOUNT
ioctl call.

CVE-2010-4077: The ntty_ioctl_tiocgicount function in
drivers/char/nozomi.c in the Linux kernel did not properly
initialize a certain structure member, which allowed local
users to obtain potentially sensitive information from
kernel stack memory via a TIOCGICOUNT ioctl call.

CVE-2010-4243: fs/exec.c in the Linux kernel did not enable
the OOM Killer to assess use of stack memory by arrays
representing the (1) arguments and (2) environment, which
allows local users to cause a denial of service (memory
consumption) via a crafted exec system call, aka an OOM
dodging issue, a related issue to CVE-2010-3858.

CVE-2010-4668: The blk_rq_map_user_iov function in
block/blk-map.c in the Linux kernel allowed local users to
cause a denial of service (panic) via a zero-length I/O
request in a device ioctl to a SCSI device, related to an
unaligned map. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2010-4163.

CVE-2010-4529: Integer underflow in the irda_getsockopt
function in net/irda/af_irda.c in the Linux kernel on
platforms other than x86 allowed local users to obtain
potentially sensitive information from kernel heap memory
via an IRLMP_ENUMDEVICES getsockopt call.

CVE-2010-4342: The aun_incoming function in
net/econet/af_econet.c in the Linux kernel, when Econet is
enabled, allows remote attackers to cause a denial of
service (NULL pointer dereference and OOPS) by sending an
Acorn Universal Networking (AUN) packet over UDP.

CVE-2010-3699: The backend driver in Xen 3.x allowed guest
OS users to cause a denial of service via a kernel thread
leak, which prevented the device and guest OS from being
shut down or create a zombie domain, causing a hang in
zenwatch, or preventing unspecified xm commands from
working properly, related to (1) netback, (2) blkback, or
(3) blktap.

CVE-2010-4346: The install_special_mapping function in
mm/mmap.c in the Linux kernel did not make an expected
security_file_mmap function call, which allows local users
to bypass intended mmap_min_addr restrictions and possibly
conduct NULL pointer dereference attacks via a crafted
assembly-language application.

CVE-2010-4650: Fixed a verify_ioctl overflow in "cuse" in
the fuse filesystem. The code should only be called by root
users though.

CVE-2010-4526: Race condition in the
sctp_icmp_proto_unreachable function in net/sctp/input.c in
the Linux kernel allowed remote attackers to cause a denial
of service (panic) via an ICMP unreachable message to a
socket that is already locked by a user, which causes the
socket to be freed and triggers list corruption, related to
the sctp_wait_for_connect function.

CVE-2010-4527: The load_mixer_volumes function in
sound/oss/soundcard.c in the OSS sound subsystem in the
Linux kernel incorrectly expected that a certain name field
ends with a '0' character, which allowed local users to
conduct buffer overflow attacks and gain privileges, or
possibly obtain sensitive information from kernel memory,
via a SOUND_MIXER_SETLEVELS ioctl call.

CVE-2011-0006: Fixed a LSM bug in IMA (Integrity Measuring
Architecture). IMA is not enabled in SUSE kernels, so we
were not affected.


Special Instructions and Notes:

Please reboot the system after installing this update.


Package List:

- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-2.6.32.29-0.3.1

- SLE 11 SERVER Unsupported Extras (i586 x86_64):

kernel-xen-extra-2.6.32.29-0.3.1

- SLE 11 SERVER Unsupported Extras (ppc64):

kernel-ppc64-extra-2.6.32.29-0.3.1

- SLE 11 SERVER Unsupported Extras (i586):

kernel-pae-extra-2.6.32.29-0.3.1


References:

http://support.novell.com/security/cve/CVE-2010-2943.html
http://support.novell.com/security/cve/CVE-2010-3699.html
http://support.novell.com/security/cve/CVE-2010-3705.html
http://support.novell.com/security/cve/CVE-2010-3858.html
http://support.novell.com/security/cve/CVE-2010-3875.html
http://support.novell.com/security/cve/CVE-2010-3876.html
http://support.novell.com/security/cve/CVE-2010-3877.html
http://support.novell.com/security/cve/CVE-2010-4075.html
http://support.novell.com/security/cve/CVE-2010-4076.html
http://support.novell.com/security/cve/CVE-2010-4077.html
http://support.novell.com/security/cve/CVE-2010-4163.html
http://support.novell.com/security/cve/CVE-2010-4243.html
http://support.novell.com/security/cve/CVE-2010-4342.html
http://support.novell.com/security/cve/CVE-2010-4346.html
http://support.novell.com/security/cve/CVE-2010-4526.html
http://support.novell.com/security/cve/CVE-2010-4527.html
http://support.novell.com/security/cve/CVE-2010-4529.html
http://support.novell.com/security/cve/CVE-2010-4650.html
http://support.novell.com/security/cve/CVE-2010-4668.html
http://support.novell.com/security/cve/CVE-2011-0006.html
http://support.novell.com/security/cve/CVE-2011-0710.html
http://support.novell.com/security/cve/CVE-2011-0711.html
http://support.novell.com/security/cve/CVE-2011-0712.html
https://bugzilla.novell.com/466279
https://bugzilla.novell.com/552250
https://bugzilla.novell.com/564423
https://bugzilla.novell.com/602969
https://bugzilla.novell.com/620929
https://bugzilla.novell.com/622868
https://bugzilla.novell.com/623393
https://bugzilla.novell.com/625965
https://bugzilla.novell.com/629170
https://bugzilla.novell.com/630970
https://bugzilla.novell.com/632317
https://bugzilla.novell.com/633026
https://bugzilla.novell.com/636435
https://bugzilla.novell.com/638258
https://bugzilla.novell.com/640850
https://bugzilla.novell.com/642309
https://bugzilla.novell.com/643266
https://bugzilla.novell.com/643513
https://bugzilla.novell.com/648647
https://bugzilla.novell.com/648701
https://bugzilla.novell.com/648916
https://bugzilla.novell.com/649473
https://bugzilla.novell.com/650067
https://bugzilla.novell.com/650366
https://bugzilla.novell.com/650748
https://bugzilla.novell.com/651152
https://bugzilla.novell.com/652391
https://bugzilla.novell.com/655220
https://bugzilla.novell.com/655278
https://bugzilla.novell.com/655964
https://bugzilla.novell.com/657248
https://bugzilla.novell.com/657763
https://bugzilla.novell.com/658037
https://bugzilla.novell.com/658254
https://bugzilla.novell.com/658337
https://bugzilla.novell.com/658353
https://bugzilla.novell.com/658461
https://bugzilla.novell.com/658551
https://bugzilla.novell.com/658720
https://bugzilla.novell.com/659101
https://bugzilla.novell.com/659394
https://bugzilla.novell.com/659419
https://bugzilla.novell.com/660546
https://bugzilla.novell.com/661605
https://bugzilla.novell.com/661945
https://bugzilla.novell.com/662031
https://bugzilla.novell.com/662192
https://bugzilla.novell.com/662202
https://bugzilla.novell.com/662212
https://bugzilla.novell.com/662335
https://bugzilla.novell.com/662340
https://bugzilla.novell.com/662360
https://bugzilla.novell.com/662673
https://bugzilla.novell.com/662722
https://bugzilla.novell.com/662800
https://bugzilla.novell.com/662931
https://bugzilla.novell.com/662945
https://bugzilla.novell.com/663537
https://bugzilla.novell.com/663582
https://bugzilla.novell.com/663706
https://bugzilla.novell.com/664149
https://bugzilla.novell.com/664463
https://bugzilla.novell.com/665480
https://bugzilla.novell.com/665499
https://bugzilla.novell.com/665524
https://bugzilla.novell.com/665663
https://bugzilla.novell.com/666012
https://bugzilla.novell.com/666893
https://bugzilla.novell.com/668545
https://bugzilla.novell.com/668633
https://bugzilla.novell.com/668929
https://bugzilla.novell.com/670129
https://bugzilla.novell.com/670577
https://bugzilla.novell.com/670864
https://bugzilla.novell.com/671256
https://bugzilla.novell.com/671274
https://bugzilla.novell.com/671483
https://bugzilla.novell.com/672292
https://bugzilla.novell.com/672492
https://bugzilla.novell.com/672499
https://bugzilla.novell.com/672524
https://bugzilla.novell.com/674735


< Previous Next >
This Thread
  • No further messages