SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0899-1
Rating:             important
References:         #644541 #645084 #655973 #657017 #657029 #658035 
                    #668483 #670465 #677676 #678422 #682251 #683101 
                    #683282 #683886 #684297 #685276 #685402 #687812 
                    #688432 #689797 #690869 #692601 #693043 #693149 
                    #693796 #696107 #697932 #698221 #700254 #701254 
                    #701542 #702013 #702285 #703013 #703153 #705463 
                    
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
                    CVE-2011-1593 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-2022 CVE-2011-2182 CVE-2011-2484
                    CVE-2011-2491 CVE-2011-2496
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 22 fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP4
   kernel fixes  several security issues and bugs.

   The following security issues were fixed:

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-2484: The add_del_listener function in
   kernel/taskstats.c in the Linux kernel did not prevent
   multiple registrations of exit handlers, which allowed
   local users to cause a denial of service (memory and CPU
   consumption), and bypass the OOM Killer, via a crafted
   application.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017, CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1593: Multiple integer overflows in the
   next_pidmap function in kernel/pid.c in the Linux kernel
   allowed local users to cause a denial of service (system
   crash) via a crafted (1) getdents or (2) readdir system
   call.

   *

   CVE-2011-1494: Integer overflow in the
   _ctl_do_mpt_command function in
   drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
   might have allowed local users to gain privileges or cause
   a denial of service (memory corruption) via an ioctl call
   specifying a crafted value that triggers a heap-based
   buffer overflow.

   *

   CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
   the Linux kernel did not validate (1) length and (2) offset
   values before performing memory copy operations, which
   might have allowed local users to gain privileges, cause a
   denial of service (memory corruption), or obtain sensitive
   information from kernel memory via a crafted ioctl call,
   related to the _ctl_do_mpt_command and
   _ctl_diag_read_buffer functions.

   Security Issue references:

   * CVE-2011-1093
   
   * CVE-2011-2484
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-2022
   
   * CVE-2011-1745
   
   * CVE-2011-1585
   
   * CVE-2011-0726
   
   * CVE-2011-2496
   
   * CVE-2011-2491
   
   * CVE-2011-1017
   
   * CVE-2011-2182
   
   * CVE-2011-1593
   
   * CVE-2011-1494
   
   * CVE-2011-1495
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-kdumppae-2.6.16.60-0.89.1
      kernel-vmi-2.6.16.60-0.89.1
      kernel-vmipae-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.89.1
      kernel-ppc64-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-smp-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.89.1


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1494.html
   https://www.suse.com/security/cve/CVE-2011-1495.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1593.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2484.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://bugzilla.novell.com/644541
   https://bugzilla.novell.com/645084
   https://bugzilla.novell.com/655973
   https://bugzilla.novell.com/657017
   https://bugzilla.novell.com/657029
   https://bugzilla.novell.com/658035
   https://bugzilla.novell.com/668483
   https://bugzilla.novell.com/670465
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/678422
   https://bugzilla.novell.com/682251
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/683282
   https://bugzilla.novell.com/683886
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/685276
   https://bugzilla.novell.com/685402
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/688432
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/690869
   https://bugzilla.novell.com/692601
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/693149
   https://bugzilla.novell.com/693796
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/697932
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/700254
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701542
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/703013
   https://bugzilla.novell.com/703153
   https://bugzilla.novell.com/705463
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/app/login

SuSE: 2011:0899-1: important: Linux kernel

August 12, 2011
An update that solves 14 vulnerabilities and has 22 fixes An update that solves 14 vulnerabilities and has 22 fixes An update that solves 14 vulnerabilities and has 22 fixes is now...

Summary

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0899-1
Rating:             important
References:         #644541 #645084 #655973 #657017 #657029 #658035 
                    #668483 #670465 #677676 #678422 #682251 #683101 
                    #683282 #683886 #684297 #685276 #685402 #687812 
                    #688432 #689797 #690869 #692601 #693043 #693149 
                    #693796 #696107 #697932 #698221 #700254 #701254 
                    #701542 #702013 #702285 #703013 #703153 #705463 
                    
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
                    CVE-2011-1593 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-2022 CVE-2011-2182 CVE-2011-2484
                    CVE-2011-2491 CVE-2011-2496
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 22 fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP4
   kernel fixes  several security issues and bugs.

   The following security issues were fixed:

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-2484: The add_del_listener function in
   kernel/taskstats.c in the Linux kernel did not prevent
   multiple registrations of exit handlers, which allowed
   local users to cause a denial of service (memory and CPU
   consumption), and bypass the OOM Killer, via a crafted
   application.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017, CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1593: Multiple integer overflows in the
   next_pidmap function in kernel/pid.c in the Linux kernel
   allowed local users to cause a denial of service (system
   crash) via a crafted (1) getdents or (2) readdir system
   call.

   *

   CVE-2011-1494: Integer overflow in the
   _ctl_do_mpt_command function in
   drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
   might have allowed local users to gain privileges or cause
   a denial of service (memory corruption) via an ioctl call
   specifying a crafted value that triggers a heap-based
   buffer overflow.

   *

   CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
   the Linux kernel did not validate (1) length and (2) offset
   values before performing memory copy operations, which
   might have allowed local users to gain privileges, cause a
   denial of service (memory corruption), or obtain sensitive
   information from kernel memory via a crafted ioctl call,
   related to the _ctl_do_mpt_command and
   _ctl_diag_read_buffer functions.

   Security Issue references:

   * CVE-2011-1093
   
   * CVE-2011-2484
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-2022
   
   * CVE-2011-1745
   
   * CVE-2011-1585
   
   * CVE-2011-0726
   
   * CVE-2011-2496
   
   * CVE-2011-2491
   
   * CVE-2011-1017
   
   * CVE-2011-2182
   
   * CVE-2011-1593
   
   * CVE-2011-1494
   
   * CVE-2011-1495
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-kdumppae-2.6.16.60-0.89.1
      kernel-vmi-2.6.16.60-0.89.1
      kernel-vmipae-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.89.1
      kernel-ppc64-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-smp-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.89.1


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1494.html
   https://www.suse.com/security/cve/CVE-2011-1495.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1593.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2484.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://bugzilla.novell.com/644541
   https://bugzilla.novell.com/645084
   https://bugzilla.novell.com/655973
   https://bugzilla.novell.com/657017
   https://bugzilla.novell.com/657029
   https://bugzilla.novell.com/658035
   https://bugzilla.novell.com/668483
   https://bugzilla.novell.com/670465
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/678422
   https://bugzilla.novell.com/682251
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/683282
   https://bugzilla.novell.com/683886
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/685276
   https://bugzilla.novell.com/685402
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/688432
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/690869
   https://bugzilla.novell.com/692601
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/693149
   https://bugzilla.novell.com/693796
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/697932
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/700254
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701542
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/703013
   https://bugzilla.novell.com/703153
   https://bugzilla.novell.com/705463
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/app/login

References

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved