openSUSE-SU-2011:1221-1: moderate: kernel: security and bugfix update.

openSUSE Security Update: kernel: security and bugfix update. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1221-1 Rating: moderate References: #685276 #692784 #696107 #701355 #706374 #710352 #711203 #711539 #712023 #712366 #714001 #716901 #718028 #719117 Cross-References: CVE-2011-1776 CVE-2011-1833 CVE-2011-2918 CVE-2011-3191 CVE-2011-3353 CVE-2011-3363 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 8 fixes is now available. It includes one version update. Description: The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. CVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer. CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. Following non security bugs were fixed: - drm/radeon/kms: Fix I2C mask definitions (bnc#712023). - ext4: Fix max file size and logical block counting of extent format file (bnc#706374). - TTY: pty, fix pty counting (bnc#711203). - Update Xen patches to 2.6.34.10. - xen/blkfront: fix data size for xenbus_gather in connect(). - xen/xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end(). - xen/blkback: don't fail empty barrier requests. - xen/blktap: fix locking (bnc#685276). - xen/xenbus: don't BUG() on user mode induced conditions (bnc#696107). - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling (bnc#701355). - intr-remap: allow disabling source id checking (bnc#710352). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch kernel-5360 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 2.6.34.10]: kernel-debug-2.6.34.10-0.4.1 kernel-debug-base-2.6.34.10-0.4.1 kernel-debug-devel-2.6.34.10-0.4.1 kernel-default-2.6.34.10-0.4.1 kernel-default-base-2.6.34.10-0.4.1 kernel-default-devel-2.6.34.10-0.4.1 kernel-desktop-2.6.34.10-0.4.1 kernel-desktop-base-2.6.34.10-0.4.1 kernel-desktop-devel-2.6.34.10-0.4.1 kernel-ec2-2.6.34.10-0.4.1 kernel-ec2-base-2.6.34.10-0.4.1 kernel-ec2-devel-2.6.34.10-0.4.1 kernel-ec2-extra-2.6.34.10-0.4.1 kernel-syms-2.6.34.10-0.4.1 kernel-trace-2.6.34.10-0.4.1 kernel-trace-base-2.6.34.10-0.4.1 kernel-trace-devel-2.6.34.10-0.4.1 kernel-vanilla-2.6.34.10-0.4.1 kernel-vanilla-base-2.6.34.10-0.4.1 kernel-vanilla-devel-2.6.34.10-0.4.1 kernel-xen-2.6.34.10-0.4.1 kernel-xen-base-2.6.34.10-0.4.1 kernel-xen-devel-2.6.34.10-0.4.1 preload-kmp-default-1.1_k2.6.34.10_0.4-19.1.30 preload-kmp-desktop-1.1_k2.6.34.10_0.4-19.1.30 - openSUSE 11.3 (noarch) [New Version: 2.6.34.10]: kernel-devel-2.6.34.10-0.4.1 kernel-source-2.6.34.10-0.4.1 kernel-source-vanilla-2.6.34.10-0.4.1 - openSUSE 11.3 (i586) [New Version: 2.6.34.10]: kernel-pae-2.6.34.10-0.4.1 kernel-pae-base-2.6.34.10-0.4.1 kernel-pae-devel-2.6.34.10-0.4.1 kernel-vmi-2.6.34.10-0.4.1 kernel-vmi-base-2.6.34.10-0.4.1 kernel-vmi-devel-2.6.34.10-0.4.1 References: http://support.novell.com/security/cve/CVE-2011-1776.html http://support.novell.com/security/cve/CVE-2011-1833.html http://support.novell.com/security/cve/CVE-2011-2918.html http://support.novell.com/security/cve/CVE-2011-3191.html http://support.novell.com/security/cve/CVE-2011-3353.html http://support.novell.com/security/cve/CVE-2011-3363.html https://bugzilla.novell.com/685276 https://bugzilla.novell.com/692784 https://bugzilla.novell.com/696107 https://bugzilla.novell.com/701355 https://bugzilla.novell.com/706374 https://bugzilla.novell.com/710352 https://bugzilla.novell.com/711203 https://bugzilla.novell.com/711539 https://bugzilla.novell.com/712023 https://bugzilla.novell.com/712366 https://bugzilla.novell.com/714001 https://bugzilla.novell.com/716901 https://bugzilla.novell.com/718028 https://bugzilla.novell.com/719117