-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                kernel
        Announcement ID:        SUSE-SA:2010:001
        Date:                   Thu, 07 Jan 2010 18:00:00 +0000
        Affected Products:      openSUSE 11.2
        Vulnerability Type:     remote denial of service
        CVSS v2 Base Score:     7.8
        SUSE Default Package:   yes
        Cross-References:       CVE-2009-1298, CVE-2009-3080, CVE-2009-3547
                                CVE-2009-3621, CVE-2009-3624, CVE-2009-3939
                                CVE-2009-4005, CVE-2009-4021, CVE-2009-4026
                                CVE-2009-4027, CVE-2009-4131, CVE-2009-4138
                                CVE-2009-4306, CVE-2009-4307, CVE-2009-4308

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             Linux kernel security update
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 fixing lots of
   bugs and several security issues.

   Following security issues were fixed:
   CVE-2009-4131: A file overwrite issue on the ext4 filesystem could
   be used by local attackers that have write access to a filesystem to
   change/overwrite files of other users, including root.
   CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)


   CVE-2009-1298: A remote denial of service by sending overly long packets
   could be used by remote attackers to crash a machine.
   CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)


   CVE-2009-4026: The mac80211 subsystem in the Linux kernel allows remote
   attackers to cause a denial of service (panic) via a crafted Delete Block
   ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."
   CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)


   CVE-2009-4027: Race condition in the mac80211 subsystem in the Linux
   kernel allows remote attackers to cause a denial of service (system crash)
   via a Delete Block ACK (aka DELBA) packet that triggers a certain state
   change in the absence of an aggregation session.
   CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)


   CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the
   Linux kernel has world-writable permissions, which allows local users   to change the I/O mode of the driver by modifying this file.
   CVSS v2 Base Score: 6.6 (AV:L/AC:L/Au:N/C:N/I:C/A:C)


   CVE-2009-4005: The collect_rx_frame function in
   drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to
   have an unspecified impact via a crafted HDLC packet that arrives over
   ISDN and triggers a buffer under-read. This requires the attacker
   to access the machine on ISDN protocol level.
   CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)


   CVE-2009-3080: Array index error in the gdth_read_event function in
   drivers/scsi/gdth.c in the Linux kernel allows local users to cause a
   denial of service or possibly gain privileges via a negative event index
   in an IOCTL request.
   CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)


   CVE-2009-3624: The get_instantiation_keyring function in
   security/keys/keyctl.c in the KEYS subsystem in the Linux kernel does not
   properly maintain the reference count of a keyring, which allows local
   users to gain privileges or cause a denial of service (OOPS) via vectors   involving calls to this function without specifying a keyring by ID,
   as demonstrated by a series of keyctl request2 and keyctl list commands.
   CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)


   CVE-2009-4021: The fuse_direct_io function in fs/fuse/file.c in the fuse
   subsystem in the Linux kernel might allow attackers to cause a denial
   of service (invalid pointer dereference and OOPS) via vectors possibly
   related to a memory-consumption attack.
   CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)


   CVE-2009-3547: Multiple race conditions in fs/pipe.c in the Linux kernel
   allow local users to cause a denial of service (NULL pointer dereference
   and system crash) or gain privileges by attempting to open an anonymous
   pipe via a /proc/*/fd/ pathname. As openSUSE 11.2 by default sets mmap_min_addr
   protection, this issue will just Oops the kernel and not be able
   to execute code.
   CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)


   CVE-2009-3621: net/unix/af_unix.c in the Linux kernel allows local
   users to cause a denial of service (system hang) by creating an
   abstract-namespace AF_UNIX listening socket, performing a shutdown
   operation on this socket, and then performing a series of connect
   operations to this socket.
   CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)


   CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel when
   packet-per-buffer mode is used, allows local users to cause a denial
   of service (NULL pointer dereference and system crash) or possibly have
   unknown other impact via an unspecified ioctl associated with receiving
   an ISO packet that contains zero in the payload-length field.
   CVSS v2 Base Score: 4.7 (AV:L/AC:M/Au:N/C:N/I:N/A:C)


   CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the
   ext4 filesystem in the Linux kernel allows user-assisted remote attackers   to cause a denial of service (NULL pointer dereference), and possibly
   have unspecified other impact, via a crafted read-only filesystem that
   lacks a journal.
   CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)


   CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c
   in the Linux kernel allows user-assisted remote attackers to cause a
   denial of service (divide-by-zero error and panic) via a malformed ext4
   filesystem containing a super block with a large FLEX_BG group size
   (aka s_log_groups_per_flex value).
   CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)


   CVE-2009-4306: Unspecified vulnerability in the EXT4_IOC_MOVE_EXT
   (aka move extents) ioctl implementation in the ext4 filesystem in
   the Linux kernel allows local users to cause a denial of service
   (filesystem corruption) via unknown vectors, a different vulnerability
   than CVE-2009-4131.
   CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)


   CVE-2009-4131: The EXT4_IOC_MOVE_EXT (aka move extents) ioctl
   implementation in the ext4 filesystem in the Linux kernel allows local
   users to overwrite arbitrary files via a crafted request, related to
   insufficient checks for file permissions. This can lead to privilege
   escalations.
   CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

   Also, the rt2870 and rt2860 drivers were refreshed to the level they
   are in the Linux 2.6.32 kernel, bringing new device support and new
   functionality.

2) Solution or Work-Around

   There is no known workaround, please install the update packages.

3) Special Instructions and Notes

   Please reboot the machine after installing the update.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv 

   to apply the update, replacing  with the filename of the
   downloaded RPM package.


   x86 Platform:

   openSUSE 11.2:
                                                                                                                                       
   Platform Independent:

   openSUSE 11.2:
      
   x86-64 Platform:

   openSUSE 11.2:
                                                                                                                     
   Sources:

   openSUSE 11.2:
                           
______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify 

    replacing  with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made  using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team "

    where  is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    The internal rpm package signatures provide an easy way to verify the
    authenticity of an RPM package. Use the command

     rpm -v --checksig 

    to verify the signature of the package, replacing  with the
    filename of the RPM package downloaded. The package is unmodified if it
    contains a valid signature from build@suse.de with the key ID 9C800ACA.

    This key is automatically imported into the RPM database (on
    RPMv4-based distributions) and the gpg key ring of 'root' during
    installation. You can also find it on the first installation CD and at
    the end of this announcement.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    opensuse-security@opensuse.org
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    opensuse-security-announce@opensuse.org
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    ====================================================================    SUSE's security contact is  or .
    The  public key is listed below.
    ====================================================================