SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0832-1
Rating:             important
References:         #466279 #584493 #626119 #638985 #649000 #650545 
                    #653850 #654501 #655973 #662432 #663513 #666423 
                    #667226 #668483 #668927 #669889 #670465 #670816 
                    #670868 #674648 #674982 #676601 #676602 #677443 
                    #677563 #678728 #680040 #680845 #681180 #681181 
                    #681182 #681185 #681186 #681639 #682076 #682251 
                    #682319 #682482 #682567 #683107 #683282 #684297 
                    #684472 #684852 #684927 #685226 #685276 #686325 
                    #686404 #686412 #686921 #686980 #687113 #687478 
                    #687759 #687760 #687789 #688326 #688432 #688685 
                    #689041 #689290 #689596 #689746 #689797 #690683 
                    #691216 #691269 #691408 #691536 #691538 #691632 
                    #691633 #691693 #691829 #692343 #692454 #692459 
                    #692460 #692502 #693013 #693149 #693374 #693382 
                    #693636 #696107 #696586 #697181 #697901 #698221 
                    #698247 #698604 #699946 #700401 #700879 #701170 
                    #701622 #701977 #702013 #702285 #703013 #703410 
                    #703490 #703786 
Cross-References:   CVE-2011-1012 CVE-2011-1017 CVE-2011-1020
                    CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
                    CVE-2011-1160 CVE-2011-1170 CVE-2011-1171
                    CVE-2011-1172 CVE-2011-1173 CVE-2011-1577
                    CVE-2011-1585 CVE-2011-1593 CVE-2011-1598
                    CVE-2011-1745 CVE-2011-1746 CVE-2011-1748
                    CVE-2011-2182 CVE-2011-2183 CVE-2011-2213
                    CVE-2011-2491 CVE-2011-2496 CVE-2011-2517
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise High Availability Extension 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP1
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 24 vulnerabilities and has 80 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 1 kernel was
   updated to 2.6.32.43  and fixes various bugs and security
   issues.

   The following security issues were fixed:

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-2183: Fixed a race between ksmd and other
   memory management code, which could result in a NULL ptr
   dereference and kernel crash.

   *

   CVE-2011-2517: In both trigger_scan and sched_scan
   operations, we were checking for the SSID length before
   assigning the value correctly. Since the memory was just
   kzalloced, the check was always failing and SSID with over
   32 characters were allowed to go through. This required
   CAP_NET_ADMIN privileges to be exploited.

   *

   CVE-2011-2213: A malicious user or buggy application
   could inject diagnosing byte code and trigger an infinite
   loop in inet_diag_bc_audit().

   *

   CVE-2011-1017,CVE-2011-1012,CVE-2011-2182: The code
   for evaluating LDM partitions (in fs/partitions/ldm.c)
   contained bugs that could crash the kernel for certain
   corrupted LDM partitions.

   *

   CVE-2011-1593: Multiple integer overflows in the
   next_pidmap function in kernel/pid.c in the Linux kernel
   allowed local users to cause a denial of service (system
   crash) via a crafted (1) getdents or (2) readdir system
   call.

   *

   CVE-2011-1020: The proc filesystem implementation in
   the Linux kernel did not restrict access to the /proc
   directory tree of a process after this process performs an
   exec of a setuid program, which allowed local users to
   obtain sensitive information or cause a denial of service
   via open, lseek, read, and write system calls.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   *

   CVE-2011-1160: Kernel information via the TPM devices
   could by used by local attackers to read kernel memory.

   *

   CVE-2011-1577: The Linux kernel automatically
   evaluated partition tables of storage devices. The code for
   evaluating EFI GUID partitions (in fs/partitions/efi.c)
   contained a bug that causes a kernel oops on certain
   corrupted GUID partition tables, which might be used by
   local attackers to crash the kernel or potentially execute
   code.

   *

   CVE-2011-1078: In a bluetooth ioctl, struct
   sco_conninfo has one padding byte in the end. Local
   variable cinfo of type sco_conninfo was copied to userspace
   with this uninizialized one byte, leading to an old stack
   contents leak.

   *

   CVE-2011-1079: In a bluetooth ioctl, struct ca is
   copied from userspace. It was not checked whether the
   "device" field was NULL terminated. This potentially leads
   to BUG() inside of alloc_netdev_mqs() and/or information
   leak by creating a device with a name made of contents of
   kernel stack.

   *

   CVE-2011-1080: In ebtables rule loading, struct tmp
   is copied from userspace. It was not checked whether the
   "name" field is NULL terminated. This may have lead to
   buffer overflow and passing contents of kernel stack as a
   module name to try_then_request_module() and, consequently,
   to modprobe commandline. It would be seen by all userspace
   processes.

   *

   CVE-2011-1173: The econet_sendmsg function in
   net/econet/af_econet.c in the Linux kernel on the x86_64
   platform allowed remote attackers to obtain potentially
   sensitive information from kernel stack memory by reading
   uninitialized data in the ah field of an Acorn Universal
   Networking (AUN) packet.

   *

   CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the
   IPv4 implementation in the Linux kernel did not place the
   expected '0' character at the end of string data in the
   values of certain structure members, which allowed local
   users to obtain potentially sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability to
   issue a crafted request, and then reading the argument to
   the resulting modprobe process.

   *

   CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the
   IPv4 implementation in the Linux kernel did not place the
   expected '0' character at the end of string data in the
   values of certain structure members, which allowed local
   users to obtain potentially sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability to
   issue a crafted request, and then reading the argument to
   the resulting modprobe process.

   *

   CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the
   IPv6 implementation in the Linux kernel did not place the
   expected '0' character at the end of string data in the
   values of certain structure members, which allowed local
   users to obtain potentially sensitive information from
   kernel memory by leveraging the CAP_NET_ADMIN capability to
   issue a crafted request, and then reading the argument to
   the resulting modprobe process.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   before allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1598: The bcm_release function in
   net/can/bcm.c in the Linux kernel did not properly validate
   a socket data structure, which allowed local users to cause
   a denial of service (NULL pointer dereference) or possibly
   have unspecified other impact via a crafted release
   operation.

   *

   CVE-2011-1748: The raw_release function in
   net/can/raw.c in the Linux kernel did not properly validate
   a socket data structure, which allows local users to cause
   a denial of service (NULL pointer dereference) or possibly
   have unspecified other impact via a crafted release
   operation.

   Security Issue references:

   * CVE-2011-1012
   
   * CVE-2011-1017
   
   * CVE-2011-1020
   
   * CVE-2011-1078
   
   * CVE-2011-1079
   
   * CVE-2011-1080
   
   * CVE-2011-1160
   
   * CVE-2011-1170
   
   * CVE-2011-1171
   
   * CVE-2011-1172
   
   * CVE-2011-1173
   
   * CVE-2011-1577
   
   * CVE-2011-1585
   
   * CVE-2011-1593
   
   * CVE-2011-1598
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-1748
   
   * CVE-2011-2182
   
   * CVE-2011-2496
   
   * CVE-2011-2491
   
   * CVE-2011-2183
   
   * CVE-2011-2517
   
   * CVE-2011-2213
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-kernel-4884 slessp1-kernel-4889

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-kernel-4884 slessp1-kernel-4885 slessp1-kernel-4887 slessp1-kernel-4888 slessp1-kernel-4889

   - SUSE Linux Enterprise High Availability Extension 11 SP1:

      zypper in -t patch sleshasp1-kernel-4884 sleshasp1-kernel-4885 sleshasp1-kernel-4887 sleshasp1-kernel-4888 sleshasp1-kernel-4889

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-kernel-4884 sledsp1-kernel-4889

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.32.43]:

      btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50
      ext4dev-kmp-default-0_2.6.32.43_0.4-7.9.17
      hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8
      kernel-default-2.6.32.43-0.4.1
      kernel-default-base-2.6.32.43-0.4.1
      kernel-default-devel-2.6.32.43-0.4.1
      kernel-source-2.6.32.43-0.4.1
      kernel-syms-2.6.32.43-0.4.1
      kernel-trace-2.6.32.43-0.4.1
      kernel-trace-base-2.6.32.43-0.4.1
      kernel-trace-devel-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.43]:

      btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50
      ext4dev-kmp-pae-0_2.6.32.43_0.4-7.9.17
      hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8
      kernel-pae-2.6.32.43-0.4.1
      kernel-pae-base-2.6.32.43-0.4.1
      kernel-pae-devel-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.32.43]:

      btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50
      ext4dev-kmp-default-0_2.6.32.43_0.4-7.9.17
      kernel-default-2.6.32.43-0.4.1
      kernel-default-base-2.6.32.43-0.4.1
      kernel-default-devel-2.6.32.43-0.4.1
      kernel-source-2.6.32.43-0.4.1
      kernel-syms-2.6.32.43-0.4.1
      kernel-trace-2.6.32.43-0.4.1
      kernel-trace-base-2.6.32.43-0.4.1
      kernel-trace-devel-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.43]:

      btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50
      ext4dev-kmp-xen-0_2.6.32.43_0.4-7.9.17
      hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8
      kernel-ec2-2.6.32.43-0.4.1
      kernel-ec2-base-2.6.32.43-0.4.1
      kernel-xen-2.6.32.43-0.4.1
      kernel-xen-base-2.6.32.43-0.4.1
      kernel-xen-devel-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.43]:

      kernel-default-man-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.43]:

      ext4dev-kmp-ppc64-0_2.6.32.43_0.4-7.9.17
      kernel-ppc64-2.6.32.43-0.4.1
      kernel-ppc64-base-2.6.32.43-0.4.1
      kernel-ppc64-devel-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.43]:

      btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50
      ext4dev-kmp-pae-0_2.6.32.43_0.4-7.9.17
      hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8
      kernel-pae-2.6.32.43-0.4.1
      kernel-pae-base-2.6.32.43-0.4.1
      kernel-pae-devel-2.6.32.43-0.4.1

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_2.6.32.43_0.4-2.5.1
      gfs2-kmp-default-2_2.6.32.43_0.4-0.2.49

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64):

      cluster-network-kmp-xen-1.4_2.6.32.43_0.4-2.5.1
      gfs2-kmp-xen-2_2.6.32.43_0.4-0.2.49

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64):

      cluster-network-kmp-ppc64-1.4_2.6.32.43_0.4-2.5.1
      gfs2-kmp-ppc64-2_2.6.32.43_0.4-0.2.49

   - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586):

      cluster-network-kmp-pae-1.4_2.6.32.43_0.4-2.5.1
      gfs2-kmp-pae-2_2.6.32.43_0.4-0.2.49

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.32.43]:

      btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50
      btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50
      hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8
      kernel-default-2.6.32.43-0.4.1
      kernel-default-base-2.6.32.43-0.4.1
      kernel-default-devel-2.6.32.43-0.4.1
      kernel-default-extra-2.6.32.43-0.4.1
      kernel-desktop-devel-2.6.32.43-0.4.1
      kernel-source-2.6.32.43-0.4.1
      kernel-syms-2.6.32.43-0.4.1
      kernel-xen-2.6.32.43-0.4.1
      kernel-xen-base-2.6.32.43-0.4.1
      kernel-xen-devel-2.6.32.43-0.4.1
      kernel-xen-extra-2.6.32.43-0.4.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.43]:

      btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50
      hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8
      kernel-pae-2.6.32.43-0.4.1
      kernel-pae-base-2.6.32.43-0.4.1
      kernel-pae-devel-2.6.32.43-0.4.1
      kernel-pae-extra-2.6.32.43-0.4.1

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-2.6.32.43-0.4.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-2.6.32.43-0.4.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-2.6.32.43-0.4.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-2.6.32.43-0.4.1


References:

   https://www.suse.com/security/cve/CVE-2011-1012.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   http://support.novell.com/security/cve/CVE-2011-1020.html
   https://www.suse.com/security/cve/CVE-2011-1078.html
   http://support.novell.com/security/cve/CVE-2011-1079.html
   http://support.novell.com/security/cve/CVE-2011-1080.html
   http://support.novell.com/security/cve/CVE-2011-1160.html
   https://www.suse.com/security/cve/CVE-2011-1170.html
   https://www.suse.com/security/cve/CVE-2011-1171.html
   https://www.suse.com/security/cve/CVE-2011-1172.html
   https://www.suse.com/security/cve/CVE-2011-1173.html
   http://support.novell.com/security/cve/CVE-2011-1577.html
   http://support.novell.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1593.html
   https://www.suse.com/security/cve/CVE-2011-1598.html
   http://support.novell.com/security/cve/CVE-2011-1745.html
   http://support.novell.com/security/cve/CVE-2011-1746.html
   http://support.novell.com/security/cve/CVE-2011-1748.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   http://support.novell.com/security/cve/CVE-2011-2183.html
   https://www.suse.com/security/cve/CVE-2011-2213.html
   http://support.novell.com/security/cve/CVE-2011-2491.html
   http://support.novell.com/security/cve/CVE-2011-2496.html
   https://www.suse.com/security/cve/CVE-2011-2517.html
   https://bugzilla.novell.com/466279
   https://bugzilla.novell.com/584493
   https://bugzilla.novell.com/626119
   https://bugzilla.novell.com/638985
   https://bugzilla.novell.com/649000
   https://bugzilla.novell.com/650545
   https://bugzilla.novell.com/653850
   https://bugzilla.novell.com/654501
   https://bugzilla.novell.com/655973
   https://bugzilla.novell.com/662432
   https://bugzilla.novell.com/663513
   https://bugzilla.novell.com/666423
   https://bugzilla.novell.com/667226
   https://bugzilla.novell.com/668483
   https://bugzilla.novell.com/668927
   https://bugzilla.novell.com/669889
   https://bugzilla.novell.com/670465
   https://bugzilla.novell.com/670816
   https://bugzilla.novell.com/670868
   https://bugzilla.novell.com/674648
   https://bugzilla.novell.com/674982
   https://bugzilla.novell.com/676601
   https://bugzilla.novell.com/676602
   https://bugzilla.novell.com/677443
   https://bugzilla.novell.com/677563
   https://bugzilla.novell.com/678728
   https://bugzilla.novell.com/680040
   https://bugzilla.novell.com/680845
   https://bugzilla.novell.com/681180
   https://bugzilla.novell.com/681181
   https://bugzilla.novell.com/681182
   https://bugzilla.novell.com/681185
   https://bugzilla.novell.com/681186
   https://bugzilla.novell.com/681639
   https://bugzilla.novell.com/682076
   https://bugzilla.novell.com/682251
   https://bugzilla.novell.com/682319
   https://bugzilla.novell.com/682482
   https://bugzilla.novell.com/682567
   https://bugzilla.novell.com/683107
   https://bugzilla.novell.com/683282
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/684472
   https://bugzilla.novell.com/684852
   https://bugzilla.novell.com/684927
   https://bugzilla.novell.com/685226
   https://bugzilla.novell.com/685276
   https://bugzilla.novell.com/686325
   https://bugzilla.novell.com/686404
   https://bugzilla.novell.com/686412
   https://bugzilla.novell.com/686921
   https://bugzilla.novell.com/686980
   https://bugzilla.novell.com/687113
   https://bugzilla.novell.com/687478
   https://bugzilla.novell.com/687759
   https://bugzilla.novell.com/687760
   https://bugzilla.novell.com/687789
   https://bugzilla.novell.com/688326
   https://bugzilla.novell.com/688432
   https://bugzilla.novell.com/688685
   https://bugzilla.novell.com/689041
   https://bugzilla.novell.com/689290
   https://bugzilla.novell.com/689596
   https://bugzilla.novell.com/689746
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/690683
   https://bugzilla.novell.com/691216
   https://bugzilla.novell.com/691269
   https://bugzilla.novell.com/691408
   https://bugzilla.novell.com/691536
   https://bugzilla.novell.com/691538
   https://bugzilla.novell.com/691632
   https://bugzilla.novell.com/691633
   https://bugzilla.novell.com/691693
   https://bugzilla.novell.com/691829
   https://bugzilla.novell.com/692343
   https://bugzilla.novell.com/692454
   https://bugzilla.novell.com/692459
   https://bugzilla.novell.com/692460
   https://bugzilla.novell.com/692502
   https://bugzilla.novell.com/693013
   https://bugzilla.novell.com/693149
   https://bugzilla.novell.com/693374
   https://bugzilla.novell.com/693382
   https://bugzilla.novell.com/693636
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/696586
   https://bugzilla.novell.com/697181
   https://bugzilla.novell.com/697901
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/698247
   https://bugzilla.novell.com/698604
   https://bugzilla.novell.com/699946
   https://bugzilla.novell.com/700401
   https://bugzilla.novell.com/700879
   https://bugzilla.novell.com/701170
   https://bugzilla.novell.com/701622
   https://bugzilla.novell.com/701977
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/703013
   https://bugzilla.novell.com/703410
   https://bugzilla.novell.com/703490
   https://bugzilla.novell.com/703786
   http://download.novell.com/patch/finder/?keywords=318b8dd82438317a3b490cab811b1fe6
   http://download.novell.com/patch/finder/?keywords=5d2bd31a57aa1e800811d0c0a4050e35
   http://download.novell.com/patch/finder/?keywords=5d69352e58309ed0c7848b758f17d637
   http://download.novell.com/patch/finder/?keywords=78c869c41b21cba62d748dc435e95d14
   http://download.novell.com/patch/finder/?keywords=919ffb2c0ec1b104bf85557484c3a0b0
   http://download.novell.com/patch/finder/?keywords=9ebb4a91c4cec4344e6dec84220c9fdc
   http://download.novell.com/patch/finder/?keywords=a6c7e8b67f942c75a3f7e6e76641ff63
   http://download.novell.com/patch/finder/?keywords=ab6bc73efff4bb12a70b6df584f7073f
   http://download.novell.com/patch/finder/?keywords=ac5c14d292b933a3acdcbe129e18bfc3
   http://download.novell.com/patch/finder/?keywords=fa5f3b489f8749e53517f2679345ee47