openSUSE Security Update: kernel: security and bugfix update. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0861-1 Rating: moderate References: #584493 #595586 #642142 #655693 #669889 #669937 #670860 #670868 #673934 #674648 #674691 #674693 #674982 #676419 #677827 #679898 #680040 #681497 #683282 #687113 #688432 #689414 #692459 #692502 #693374 #693382 #698221 #698247 #702013 #702285 #703153 #703155 Cross-References: CVE-2011-1013 CVE-2011-1016 CVE-2011-1017 CVE-2011-1020 CVE-2011-1160 CVE-2011-1180 CVE-2011-1479 CVE-2011-1577 CVE-2011-1585 CVE-2011-1593 CVE-2011-2182 CVE-2011-2484 CVE-2011-2491 CVE-2011-2495 CVE-2011-2496 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 17 fixes is now available. It includes one version update. Description: The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory. CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. CVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. CVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. CVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch kernel-4931 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 2.6.34.10]: kernel-debug-2.6.34.10-0.2.1 kernel-debug-base-2.6.34.10-0.2.1 kernel-debug-devel-2.6.34.10-0.2.1 kernel-default-2.6.34.10-0.2.1 kernel-default-base-2.6.34.10-0.2.1 kernel-default-devel-2.6.34.10-0.2.1 kernel-desktop-2.6.34.10-0.2.1 kernel-desktop-base-2.6.34.10-0.2.1 kernel-desktop-devel-2.6.34.10-0.2.1 kernel-ec2-2.6.34.10-0.2.1 kernel-ec2-base-2.6.34.10-0.2.1 kernel-ec2-devel-2.6.34.10-0.2.1 kernel-ec2-extra-2.6.34.10-0.2.1 kernel-syms-2.6.34.10-0.2.1 kernel-trace-2.6.34.10-0.2.1 kernel-trace-base-2.6.34.10-0.2.1 kernel-trace-devel-2.6.34.10-0.2.1 kernel-vanilla-2.6.34.10-0.2.1 kernel-vanilla-base-2.6.34.10-0.2.1 kernel-vanilla-devel-2.6.34.10-0.2.1 kernel-xen-2.6.34.10-0.2.1 kernel-xen-base-2.6.34.10-0.2.1 kernel-xen-devel-2.6.34.10-0.2.1 preload-kmp-default-1.1_k2.6.34.10_0.2-19.1.24 preload-kmp-desktop-1.1_k2.6.34.10_0.2-19.1.24 - openSUSE 11.3 (noarch) [New Version: 2.6.34.10]: kernel-devel-2.6.34.10-0.2.1 kernel-source-2.6.34.10-0.2.1 kernel-source-vanilla-2.6.34.10-0.2.1 - openSUSE 11.3 (i586) [New Version: 2.6.34.10]: kernel-pae-2.6.34.10-0.2.1 kernel-pae-base-2.6.34.10-0.2.1 kernel-pae-devel-2.6.34.10-0.2.1 kernel-vmi-2.6.34.10-0.2.1 kernel-vmi-base-2.6.34.10-0.2.1 kernel-vmi-devel-2.6.34.10-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-1013.html http://support.novell.com/security/cve/CVE-2011-1016.html http://support.novell.com/security/cve/CVE-2011-1017.html http://support.novell.com/security/cve/CVE-2011-1020.html http://support.novell.com/security/cve/CVE-2011-1160.html http://support.novell.com/security/cve/CVE-2011-1180.html http://support.novell.com/security/cve/CVE-2011-1479.html http://support.novell.com/security/cve/CVE-2011-1577.html http://support.novell.com/security/cve/CVE-2011-1585.html http://support.novell.com/security/cve/CVE-2011-1593.html http://support.novell.com/security/cve/CVE-2011-2182.html http://support.novell.com/security/cve/CVE-2011-2484.html http://support.novell.com/security/cve/CVE-2011-2491.html http://support.novell.com/security/cve/CVE-2011-2495.html http://support.novell.com/security/cve/CVE-2011-2496.html https://bugzilla.novell.com/584493 https://bugzilla.novell.com/595586 https://bugzilla.novell.com/642142 https://bugzilla.novell.com/655693 https://bugzilla.novell.com/669889 https://bugzilla.novell.com/669937 https://bugzilla.novell.com/670860 https://bugzilla.novell.com/670868 https://bugzilla.novell.com/673934 https://bugzilla.novell.com/674648 https://bugzilla.novell.com/674691 https://bugzilla.novell.com/674693 https://bugzilla.novell.com/674982 https://bugzilla.novell.com/676419 https://bugzilla.novell.com/677827 https://bugzilla.novell.com/679898 https://bugzilla.novell.com/680040 https://bugzilla.novell.com/681497 https://bugzilla.novell.com/683282 https://bugzilla.novell.com/687113 https://bugzilla.novell.com/688432 https://bugzilla.novell.com/689414 https://bugzilla.novell.com/692459 https://bugzilla.novell.com/692502 https://bugzilla.novell.com/693374 https://bugzilla.novell.com/693382 https://bugzilla.novell.com/698221 https://bugzilla.novell.com/698247 https://bugzilla.novell.com/702013 https://bugzilla.novell.com/702285 https://bugzilla.novell.com/703153 https://bugzilla.novell.com/703155