SUSE Security Update: Security update for the Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1058-1
Rating:             important
References:         #635880 #665543 #677676 #684297 #687812 #689797 
                    #692784 #693043 #696107 #698221 #701254 #701355 
                    #702013 #702285 #705463 #714001 
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1585 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-1776 CVE-2011-2022 CVE-2011-2182
                    CVE-2011-2491 CVE-2011-2496 CVE-2011-3191
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has four fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP3
   kernel fixes  several security issues and bugs.

   The following security issues have been fixed:

   *

   CVE-2011-3191: A signedness issue in CIFS could
   possibly have lead to to memory corruption, if a malicious
   server could send crafted replies to the host.

   *

   CVE-2011-1776: Timo Warns reported an issue in the
   Linux implementation for GUID partitions. Users with
   physical access could gain access to sensitive kernel
   memory by adding a storage device with a specially crafted
   corrupted invalid partition table.

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017,CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   Also following non-security bugs were fixed:

   *
   patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
   -check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
   to read_from_oldmem() to check for non-ram pages
   (bnc#684297).
   * patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix
   memory leak on release.
   * patches.xen/1074-xenbus_conn-type.patch: xenbus: fix
   type inconsistency with xenbus_conn().
   * patches.xen/1080-blkfront-xenbus-gather-format.patch:
   blkfront: fix data size for xenbus_gather in connect().
   *
   patches.xen/1081-blkback-resize-transaction-end.patch:
   xenbus: fix xenbus_transaction_start() hang caused by
   double xenbus_transaction_end().
   * patches.xen/1089-blkback-barrier-check.patch:
   blkback: dont fail empty barrier requests.
   * patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus:
   dont BUG() on user mode induced conditions (bnc#696107).
   * patches.xen/1098-blkfront-cdrom-ioctl-check.patch:
   blkfront: avoid NULL de-reference in CDROM ioctl handling
   (bnc#701355).
   * patches.xen/1102-x86-max-contig-order.patch: x86: use
   dynamically adjusted upper bound for contiguous regions
   (bnc#635880).
   *
   patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
   ues.patch: x86: sanitize user specified e820 memmap values
   (bnc#665543).
   *
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress: Fix typo, which was uncovered in debug mode.
   * patches.fixes/pacct-fix-sighand-siglock-usage.patch:
   Fix sighand->siglock usage in kernel/acct.c (bnc#705463).

   Security Issue references:

   * CVE-2011-0726
   
   * CVE-2011-1017
   
   * CVE-2011-1093
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-1776
   
   * CVE-2011-2022
   
   * CVE-2011-2182
   
   * CVE-2011-2491
   
   * CVE-2011-2496
   
   * CVE-2011-3191
   
   * CVE-2011-1585
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.83.2
      kernel-source-2.6.16.60-0.83.2
      kernel-syms-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

      kernel-smp-2.6.16.60-0.83.2
      kernel-xen-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586):

      kernel-bigsmp-2.6.16.60-0.83.2
      kernel-kdumppae-2.6.16.60-0.83.2
      kernel-vmi-2.6.16.60-0.83.2
      kernel-vmipae-2.6.16.60-0.83.2
      kernel-xenpae-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (ppc):

      kernel-iseries64-2.6.16.60-0.83.2
      kernel-ppc64-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 x86_64):

      kernel-xen-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586):

      kernel-xenpae-2.6.16.60-0.83.2


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/665543
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/705463
   https://bugzilla.novell.com/714001
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2011:1058-1: important: the Linux kernel

September 21, 2011
An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes ...

Summary

   SUSE Security Update: Security update for the Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1058-1
Rating:             important
References:         #635880 #665543 #677676 #684297 #687812 #689797 
                    #692784 #693043 #696107 #698221 #701254 #701355 
                    #702013 #702285 #705463 #714001 
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1585 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-1776 CVE-2011-2022 CVE-2011-2182
                    CVE-2011-2491 CVE-2011-2496 CVE-2011-3191
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has four fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP3
   kernel fixes  several security issues and bugs.

   The following security issues have been fixed:

   *

   CVE-2011-3191: A signedness issue in CIFS could
   possibly have lead to to memory corruption, if a malicious
   server could send crafted replies to the host.

   *

   CVE-2011-1776: Timo Warns reported an issue in the
   Linux implementation for GUID partitions. Users with
   physical access could gain access to sensitive kernel
   memory by adding a storage device with a specially crafted
   corrupted invalid partition table.

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017,CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   Also following non-security bugs were fixed:

   *
   patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
   -check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
   to read_from_oldmem() to check for non-ram pages
   (bnc#684297).
   * patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix
   memory leak on release.
   * patches.xen/1074-xenbus_conn-type.patch: xenbus: fix
   type inconsistency with xenbus_conn().
   * patches.xen/1080-blkfront-xenbus-gather-format.patch:
   blkfront: fix data size for xenbus_gather in connect().
   *
   patches.xen/1081-blkback-resize-transaction-end.patch:
   xenbus: fix xenbus_transaction_start() hang caused by
   double xenbus_transaction_end().
   * patches.xen/1089-blkback-barrier-check.patch:
   blkback: dont fail empty barrier requests.
   * patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus:
   dont BUG() on user mode induced conditions (bnc#696107).
   * patches.xen/1098-blkfront-cdrom-ioctl-check.patch:
   blkfront: avoid NULL de-reference in CDROM ioctl handling
   (bnc#701355).
   * patches.xen/1102-x86-max-contig-order.patch: x86: use
   dynamically adjusted upper bound for contiguous regions
   (bnc#635880).
   *
   patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
   ues.patch: x86: sanitize user specified e820 memmap values
   (bnc#665543).
   *
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress: Fix typo, which was uncovered in debug mode.
   * patches.fixes/pacct-fix-sighand-siglock-usage.patch:
   Fix sighand->siglock usage in kernel/acct.c (bnc#705463).

   Security Issue references:

   * CVE-2011-0726
   
   * CVE-2011-1017
   
   * CVE-2011-1093
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-1776
   
   * CVE-2011-2022
   
   * CVE-2011-2182
   
   * CVE-2011-2491
   
   * CVE-2011-2496
   
   * CVE-2011-3191
   
   * CVE-2011-1585
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.83.2
      kernel-source-2.6.16.60-0.83.2
      kernel-syms-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

      kernel-smp-2.6.16.60-0.83.2
      kernel-xen-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586):

      kernel-bigsmp-2.6.16.60-0.83.2
      kernel-kdumppae-2.6.16.60-0.83.2
      kernel-vmi-2.6.16.60-0.83.2
      kernel-vmipae-2.6.16.60-0.83.2
      kernel-xenpae-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (ppc):

      kernel-iseries64-2.6.16.60-0.83.2
      kernel-ppc64-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 x86_64):

      kernel-xen-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586):

      kernel-xenpae-2.6.16.60-0.83.2


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/665543
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/705463
   https://bugzilla.novell.com/714001
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

References

Severity

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved