Mailinglist Archive: opensuse-updates (50 mails)

< Previous Next >
openSUSE-SU-2011:0861-1: moderate: kernel: security and bugfix update.
openSUSE Security Update: kernel: security and bugfix update.
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:0861-1
Rating: moderate
References: #584493 #595586 #642142 #655693 #669889 #669937
#670860 #670868 #673934 #674648 #674691 #674693
#674982 #676419 #677827 #679898 #680040 #681497
#683282 #687113 #688432 #689414 #692459 #692502
#693374 #693382 #698221 #698247 #702013 #702285
#703153 #703155
Cross-References: CVE-2011-1013 CVE-2011-1016 CVE-2011-1017
CVE-2011-1020 CVE-2011-1160 CVE-2011-1180
CVE-2011-1479 CVE-2011-1577 CVE-2011-1585
CVE-2011-1593 CVE-2011-2182 CVE-2011-2484
CVE-2011-2491 CVE-2011-2495 CVE-2011-2496

Affected Products:
openSUSE 11.3
______________________________________________________________________________

An update that solves 15 vulnerabilities and has 17 fixes
is now available. It includes one version update.

Description:

The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix
various bugs and security issues.

Following security issues have been fixed: CVE-2011-2495:
The /proc/PID/io interface could be used by local attackers
to gain information on other processes like number of
password characters typed or similar.

CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.

CVE-2011-2491: A local unprivileged user able to access a
NFS filesystem could use file locking to deadlock parts of
an nfs server under some circumstance.

CVE-2011-2496: The normal mmap paths all avoid creating a
mapping where the pgoff inside the mapping could wrap
around due to overflow. However, an expanding mremap() can
take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.

CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM
partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.

CVE-2011-1479: A regression in inotify fix for a memory
leak could lead to a double free corruption which could
crash the system.

CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.

CVE-2011-1020: The proc filesystem implementation in the
Linux kernel did not restrict access to the /proc directory
tree of a process after this process performs an exec of a
setuid program, which allowed local users to obtain
sensitive information or cause a denial of service via
open, lseek, read, and write system calls.

CVE-2011-1585: When using a setuid root mount.cifs, local
users could hijack password protected mounted CIFS shares
of other local users.

CVE-2011-1160: Kernel information via the TPM devices could
by used by local attackers to read kernel memory.

CVE-2011-1577: The Linux kernel automatically evaluated
partition tables of storage devices. The code for
evaluating EFI GUID partitions (in fs/partitions/efi.c)
contained a bug that causes a kernel oops on certain
corrupted GUID partition tables, which might be used by
local attackers to crash the kernel or potentially execute
code.

CVE-2011-1180: In the IrDA module, length fields provided
by a peer for names and attributes may be longer than the
destination array sizes and were not checked, this allowed
local attackers (close to the irda port) to potentially
corrupt memory.

CVE-2011-1016: The Radeon GPU drivers in the Linux kernel
did not properly validate data related to the AA resolve
registers, which allowed local users to write to arbitrary
memory locations associated with (1) Video RAM (aka VRAM)
or (2) the Graphics Translation Table (GTT) via crafted
values.

CVE-2011-1013: A signedness issue in the drm ioctl handling
could be used by local attackers to potentially overflow
kernel buffers and execute code.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch kernel-4931

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64) [New Version: 2.6.34.10]:

kernel-debug-2.6.34.10-0.2.1
kernel-debug-base-2.6.34.10-0.2.1
kernel-debug-devel-2.6.34.10-0.2.1
kernel-default-2.6.34.10-0.2.1
kernel-default-base-2.6.34.10-0.2.1
kernel-default-devel-2.6.34.10-0.2.1
kernel-desktop-2.6.34.10-0.2.1
kernel-desktop-base-2.6.34.10-0.2.1
kernel-desktop-devel-2.6.34.10-0.2.1
kernel-ec2-2.6.34.10-0.2.1
kernel-ec2-base-2.6.34.10-0.2.1
kernel-ec2-devel-2.6.34.10-0.2.1
kernel-ec2-extra-2.6.34.10-0.2.1
kernel-syms-2.6.34.10-0.2.1
kernel-trace-2.6.34.10-0.2.1
kernel-trace-base-2.6.34.10-0.2.1
kernel-trace-devel-2.6.34.10-0.2.1
kernel-vanilla-2.6.34.10-0.2.1
kernel-vanilla-base-2.6.34.10-0.2.1
kernel-vanilla-devel-2.6.34.10-0.2.1
kernel-xen-2.6.34.10-0.2.1
kernel-xen-base-2.6.34.10-0.2.1
kernel-xen-devel-2.6.34.10-0.2.1
preload-kmp-default-1.1_k2.6.34.10_0.2-19.1.24
preload-kmp-desktop-1.1_k2.6.34.10_0.2-19.1.24

- openSUSE 11.3 (noarch) [New Version: 2.6.34.10]:

kernel-devel-2.6.34.10-0.2.1
kernel-source-2.6.34.10-0.2.1
kernel-source-vanilla-2.6.34.10-0.2.1

- openSUSE 11.3 (i586) [New Version: 2.6.34.10]:

kernel-pae-2.6.34.10-0.2.1
kernel-pae-base-2.6.34.10-0.2.1
kernel-pae-devel-2.6.34.10-0.2.1
kernel-vmi-2.6.34.10-0.2.1
kernel-vmi-base-2.6.34.10-0.2.1
kernel-vmi-devel-2.6.34.10-0.2.1


References:

http://support.novell.com/security/cve/CVE-2011-1013.html
http://support.novell.com/security/cve/CVE-2011-1016.html
http://support.novell.com/security/cve/CVE-2011-1017.html
http://support.novell.com/security/cve/CVE-2011-1020.html
http://support.novell.com/security/cve/CVE-2011-1160.html
http://support.novell.com/security/cve/CVE-2011-1180.html
http://support.novell.com/security/cve/CVE-2011-1479.html
http://support.novell.com/security/cve/CVE-2011-1577.html
http://support.novell.com/security/cve/CVE-2011-1585.html
http://support.novell.com/security/cve/CVE-2011-1593.html
http://support.novell.com/security/cve/CVE-2011-2182.html
http://support.novell.com/security/cve/CVE-2011-2484.html
http://support.novell.com/security/cve/CVE-2011-2491.html
http://support.novell.com/security/cve/CVE-2011-2495.html
http://support.novell.com/security/cve/CVE-2011-2496.html
https://bugzilla.novell.com/584493
https://bugzilla.novell.com/595586
https://bugzilla.novell.com/642142
https://bugzilla.novell.com/655693
https://bugzilla.novell.com/669889
https://bugzilla.novell.com/669937
https://bugzilla.novell.com/670860
https://bugzilla.novell.com/670868
https://bugzilla.novell.com/673934
https://bugzilla.novell.com/674648
https://bugzilla.novell.com/674691
https://bugzilla.novell.com/674693
https://bugzilla.novell.com/674982
https://bugzilla.novell.com/676419
https://bugzilla.novell.com/677827
https://bugzilla.novell.com/679898
https://bugzilla.novell.com/680040
https://bugzilla.novell.com/681497
https://bugzilla.novell.com/683282
https://bugzilla.novell.com/687113
https://bugzilla.novell.com/688432
https://bugzilla.novell.com/689414
https://bugzilla.novell.com/692459
https://bugzilla.novell.com/692502
https://bugzilla.novell.com/693374
https://bugzilla.novell.com/693382
https://bugzilla.novell.com/698221
https://bugzilla.novell.com/698247
https://bugzilla.novell.com/702013
https://bugzilla.novell.com/702285
https://bugzilla.novell.com/703153
https://bugzilla.novell.com/703155


< Previous Next >
This Thread
  • No further messages