SUSE Security Update: Security update for the Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1058-1
Rating:             important
References:         #635880 #665543 #677676 #684297 #687812 #689797 
                    #692784 #693043 #696107 #698221 #701254 #701355 
                    #702013 #702285 #705463 #714001 
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1585 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-1776 CVE-2011-2022 CVE-2011-2182
                    CVE-2011-2491 CVE-2011-2496 CVE-2011-3191
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has four fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP3
   kernel fixes  several security issues and bugs.

   The following security issues have been fixed:

   *

   CVE-2011-3191: A signedness issue in CIFS could
   possibly have lead to to memory corruption, if a malicious
   server could send crafted replies to the host.

   *

   CVE-2011-1776: Timo Warns reported an issue in the
   Linux implementation for GUID partitions. Users with
   physical access could gain access to sensitive kernel
   memory by adding a storage device with a specially crafted
   corrupted invalid partition table.

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017,CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   Also following non-security bugs were fixed:

   *
   patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
   -check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
   to read_from_oldmem() to check for non-ram pages
   (bnc#684297).
   * patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix
   memory leak on release.
   * patches.xen/1074-xenbus_conn-type.patch: xenbus: fix
   type inconsistency with xenbus_conn().
   * patches.xen/1080-blkfront-xenbus-gather-format.patch:
   blkfront: fix data size for xenbus_gather in connect().
   *
   patches.xen/1081-blkback-resize-transaction-end.patch:
   xenbus: fix xenbus_transaction_start() hang caused by
   double xenbus_transaction_end().
   * patches.xen/1089-blkback-barrier-check.patch:
   blkback: dont fail empty barrier requests.
   * patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus:
   dont BUG() on user mode induced conditions (bnc#696107).
   * patches.xen/1098-blkfront-cdrom-ioctl-check.patch:
   blkfront: avoid NULL de-reference in CDROM ioctl handling
   (bnc#701355).
   * patches.xen/1102-x86-max-contig-order.patch: x86: use
   dynamically adjusted upper bound for contiguous regions
   (bnc#635880).
   *
   patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
   ues.patch: x86: sanitize user specified e820 memmap values
   (bnc#665543).
   *
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress: Fix typo, which was uncovered in debug mode.
   * patches.fixes/pacct-fix-sighand-siglock-usage.patch:
   Fix sighand->siglock usage in kernel/acct.c (bnc#705463).

   Security Issue references:

   * CVE-2011-0726
   
   * CVE-2011-1017
   
   * CVE-2011-1093
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-1776
   
   * CVE-2011-2022
   
   * CVE-2011-2182
   
   * CVE-2011-2491
   
   * CVE-2011-2496
   
   * CVE-2011-3191
   
   * CVE-2011-1585
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.83.2
      kernel-source-2.6.16.60-0.83.2
      kernel-syms-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

      kernel-smp-2.6.16.60-0.83.2
      kernel-xen-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586):

      kernel-bigsmp-2.6.16.60-0.83.2
      kernel-kdumppae-2.6.16.60-0.83.2
      kernel-vmi-2.6.16.60-0.83.2
      kernel-vmipae-2.6.16.60-0.83.2
      kernel-xenpae-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (ppc):

      kernel-iseries64-2.6.16.60-0.83.2
      kernel-ppc64-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 x86_64):

      kernel-xen-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586):

      kernel-xenpae-2.6.16.60-0.83.2


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/665543
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/705463
   https://bugzilla.novell.com/714001
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2011:1058-1: important: the Linux kernel

September 21, 2011
An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes ...

Summary

   SUSE Security Update: Security update for the Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1058-1
Rating:             important
References:         #635880 #665543 #677676 #684297 #687812 #689797 
                    #692784 #693043 #696107 #698221 #701254 #701355 
                    #702013 #702285 #705463 #714001 
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1585 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-1776 CVE-2011-2022 CVE-2011-2182
                    CVE-2011-2491 CVE-2011-2496 CVE-2011-3191
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has four fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP3
   kernel fixes  several security issues and bugs.

   The following security issues have been fixed:

   *

   CVE-2011-3191: A signedness issue in CIFS could
   possibly have lead to to memory corruption, if a malicious
   server could send crafted replies to the host.

   *

   CVE-2011-1776: Timo Warns reported an issue in the
   Linux implementation for GUID partitions. Users with
   physical access could gain access to sensitive kernel
   memory by adding a storage device with a specially crafted
   corrupted invalid partition table.

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017,CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   Also following non-security bugs were fixed:

   *
   patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
   -check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
   to read_from_oldmem() to check for non-ram pages
   (bnc#684297).
   * patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix
   memory leak on release.
   * patches.xen/1074-xenbus_conn-type.patch: xenbus: fix
   type inconsistency with xenbus_conn().
   * patches.xen/1080-blkfront-xenbus-gather-format.patch:
   blkfront: fix data size for xenbus_gather in connect().
   *
   patches.xen/1081-blkback-resize-transaction-end.patch:
   xenbus: fix xenbus_transaction_start() hang caused by
   double xenbus_transaction_end().
   * patches.xen/1089-blkback-barrier-check.patch:
   blkback: dont fail empty barrier requests.
   * patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus:
   dont BUG() on user mode induced conditions (bnc#696107).
   * patches.xen/1098-blkfront-cdrom-ioctl-check.patch:
   blkfront: avoid NULL de-reference in CDROM ioctl handling
   (bnc#701355).
   * patches.xen/1102-x86-max-contig-order.patch: x86: use
   dynamically adjusted upper bound for contiguous regions
   (bnc#635880).
   *
   patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
   ues.patch: x86: sanitize user specified e820 memmap values
   (bnc#665543).
   *
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress: Fix typo, which was uncovered in debug mode.
   * patches.fixes/pacct-fix-sighand-siglock-usage.patch:
   Fix sighand->siglock usage in kernel/acct.c (bnc#705463).

   Security Issue references:

   * CVE-2011-0726
   
   * CVE-2011-1017
   
   * CVE-2011-1093
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-1776
   
   * CVE-2011-2022
   
   * CVE-2011-2182
   
   * CVE-2011-2491
   
   * CVE-2011-2496
   
   * CVE-2011-3191
   
   * CVE-2011-1585
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.83.2
      kernel-source-2.6.16.60-0.83.2
      kernel-syms-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

      kernel-smp-2.6.16.60-0.83.2
      kernel-xen-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586):

      kernel-bigsmp-2.6.16.60-0.83.2
      kernel-kdumppae-2.6.16.60-0.83.2
      kernel-vmi-2.6.16.60-0.83.2
      kernel-vmipae-2.6.16.60-0.83.2
      kernel-xenpae-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (ppc):

      kernel-iseries64-2.6.16.60-0.83.2
      kernel-ppc64-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 x86_64):

      kernel-xen-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586):

      kernel-xenpae-2.6.16.60-0.83.2


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-1776.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://www.suse.com/security/cve/CVE-2011-3191.html
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/665543
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/705463
   https://bugzilla.novell.com/714001
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

References

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved