openSUSE-SU-2011:1222-1: moderate: kernel: security and bugfix update.

8 Nov 2011

      openSUSE Security Update: kernel: security and bugfix update.
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:1222-1
Rating:             moderate
References:         #626119 #638985 #642896 #649625 #669378 #672008 
                    #678097 #682204 #686412 #692784 #697901 #706374 
                    #711203 #711539 #712023 #712366 #713229 #714001 
                    #716901 #718028 #719450 #719710 
Cross-References:   CVE-2011-1776 CVE-2011-1833 CVE-2011-2183
                    CVE-2011-2695 CVE-2011-2918 CVE-2011-3191
                    CVE-2011-3353 CVE-2011-3363
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 14 fixes is
   now available. It includes one version update.

Description:

   The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing
   lots of bugs and security issues.

   Following security issues have been fixed: CVE-2011-1833:
   Added a kernel option to ensure ecryptfs is mounting only
   on paths belonging to the current ui, which would have
   allowed local attackers to potentially gain privileges via
   symlink attacks.

   CVE-2011-2695: Multiple off-by-one errors in the ext4
   subsystem in the Linux kernel allowed local users to cause
   a denial of service (BUG_ON and system crash) by accessing
   a sparse file in extent format with a write operation
   involving a block number corresponding to the largest
   possible 32-bit unsigned integer.

   CVE-2011-3363: Always check the path in CIFS mounts to
   avoid interesting filesystem path interaction issues and
   potential crashes.

   CVE-2011-2918: In the perf framework software event
   overflows could deadlock or delete an uninitialized timer.

   CVE-2011-3353: In the fuse filesystem,
   FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
   write so the message processing could overrun and result in
   a BUG_ON() in fuse_copy_fill(). This flaw could be used by
   local users able to mount FUSE filesystems to crash the
   system.

   CVE-2011-2183: Fixed a race between ksmd and other memory
   management code, which could result in a NULL ptr
   dereference and kernel crash.

   CVE-2011-3191: A signedness issue in CIFS could possibly
   have lead to to memory corruption, if a malicious server
   could send crafted replies to the host.

   CVE-2011-1776: The is_gpt_valid function in
   fs/partitions/efi.c in the Linux kernel did not check the
   size of an Extensible Firmware Interface (EFI) GUID
   Partition Table (GPT) entry, which allowed physically
   proximate attackers to cause a denial of service
   (heap-based buffer overflow and OOPS) or obtain sensitive
   information from kernel heap memory by connecting a crafted
   GPT storage device, a different vulnerability than
   CVE-2011-1577.

   Following non-security bugs were fixed:
   - novfs: Unable to change password in the Novell Client for
   Linux (bnc#713229).
   - novfs: last modification time not reliable (bnc#642896).
   - novfs: unlink directory after unmap (bnc#649625).
   - fs: novfs: Fix exit handlers on local_unlink (bnc#649625).
   - novfs: "Unable to save Login Script" appears when trying
   to save a user login script (bnc#638985).
   - fs: novfs: Limit check for datacopy between user and
   kernel space.
   - novfs: Fix checking of login id (bnc#626119).
   - novfs: Set the sticky bit for the novfs mountpoint
   (bnc#686412).

   - ACPICA: Fix issues/fault with automatic "serialized"
   method support (bnc#678097).

   - drm/radeon/kms: Fix I2C mask definitions (bnc#712023).

   - ext4: Fix max file size and logical block counting of
   extent format file (bnc#706374).

   - novfs: fix off-by-one allocation error (bnc#669378
   bnc#719710).
   - novfs: fix some kmalloc/kfree issues (bnc#669378
   bnc#719710).
   - novfs: fix some DirCache locking issues (bnc#669378
   bnc#719710).

   - memsw: remove noswapaccount kernel parameter (bnc#719450).

   - Provide memory controller swap extension. Keep the
   feature disabled by default. Use swapaccount=1 kernel
   boot parameter for enabling it.

   - Config cleanups: CONFIG_OLPC should be enabled only for
   i386 non PAE

   - TTY: pty, fix pty counting (bnc#711203).

   - USB: OHCI: fix another regression for NVIDIA controllers
   (bnc#682204).

   - xen/blkfront: avoid NULL de-reference in CDROM ioctl
   handling.

   - x86, mtrr: lock stop machine during MTRR rendezvous
   sequence (bnc#672008).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch kernel-5359

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 11.4 (i586 x86_64) [New Version: 2.6.37.6]:

      kernel-debug-2.6.37.6-0.9.1
      kernel-debug-base-2.6.37.6-0.9.1
      kernel-debug-devel-2.6.37.6-0.9.1
      kernel-default-2.6.37.6-0.9.1
      kernel-default-base-2.6.37.6-0.9.1
      kernel-default-devel-2.6.37.6-0.9.1
      kernel-desktop-2.6.37.6-0.9.1
      kernel-desktop-base-2.6.37.6-0.9.1
      kernel-desktop-devel-2.6.37.6-0.9.1
      kernel-ec2-2.6.37.6-0.9.1
      kernel-ec2-base-2.6.37.6-0.9.1
      kernel-ec2-devel-2.6.37.6-0.9.1
      kernel-ec2-extra-2.6.37.6-0.9.1
      kernel-syms-2.6.37.6-0.9.1
      kernel-trace-2.6.37.6-0.9.1
      kernel-trace-base-2.6.37.6-0.9.1
      kernel-trace-devel-2.6.37.6-0.9.1
      kernel-vanilla-2.6.37.6-0.9.1
      kernel-vanilla-base-2.6.37.6-0.9.1
      kernel-vanilla-devel-2.6.37.6-0.9.1
      kernel-xen-2.6.37.6-0.9.1
      kernel-xen-base-2.6.37.6-0.9.1
      kernel-xen-devel-2.6.37.6-0.9.1
      preload-kmp-default-1.2_k2.6.37.6_0.9-6.7.20
      preload-kmp-desktop-1.2_k2.6.37.6_0.9-6.7.20

   - openSUSE 11.4 (noarch) [New Version: 2.6.37.6]:

      kernel-devel-2.6.37.6-0.9.1
      kernel-docs-2.6.37.6-0.9.1
      kernel-source-2.6.37.6-0.9.1
      kernel-source-vanilla-2.6.37.6-0.9.1

   - openSUSE 11.4 (i586) [New Version: 2.6.37.6]:

      kernel-pae-2.6.37.6-0.9.1
      kernel-pae-base-2.6.37.6-0.9.1
      kernel-pae-devel-2.6.37.6-0.9.1
      kernel-vmi-2.6.37.6-0.9.1
      kernel-vmi-base-2.6.37.6-0.9.1
      kernel-vmi-devel-2.6.37.6-0.9.1

References:

   http://support.novell.com/security/cve/CVE-2011-1776.html
   http://support.novell.com/security/cve/CVE-2011-1833.html
   http://support.novell.com/security/cve/CVE-2011-2183.html
   http://support.novell.com/security/cve/CVE-2011-2695.html
   http://support.novell.com/security/cve/CVE-2011-2918.html
   http://support.novell.com/security/cve/CVE-2011-3191.html
   http://support.novell.com/security/cve/CVE-2011-3353.html
   http://support.novell.com/security/cve/CVE-2011-3363.html
   https://bugzilla.novell.com/626119
   https://bugzilla.novell.com/638985
   https://bugzilla.novell.com/642896
   https://bugzilla.novell.com/649625
   https://bugzilla.novell.com/669378
   https://bugzilla.novell.com/672008
   https://bugzilla.novell.com/678097
   https://bugzilla.novell.com/682204
   https://bugzilla.novell.com/686412
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/697901
   https://bugzilla.novell.com/706374
   https://bugzilla.novell.com/711203
   https://bugzilla.novell.com/711539
   https://bugzilla.novell.com/712023
   https://bugzilla.novell.com/712366
   https://bugzilla.novell.com/713229
   https://bugzilla.novell.com/714001
   https://bugzilla.novell.com/716901
   https://bugzilla.novell.com/718028
   https://bugzilla.novell.com/719450
   https://bugzilla.novell.com/719710

openSUSE-SU-2011:1222-1: moderate: kernel: security and bugfix update.

opensuse-security＠opensuse.org