SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0899-1
Rating:             important
References:         #644541 #645084 #655973 #657017 #657029 #658035 
                    #668483 #670465 #677676 #678422 #682251 #683101 
                    #683282 #683886 #684297 #685276 #685402 #687812 
                    #688432 #689797 #690869 #692601 #693043 #693149 
                    #693796 #696107 #697932 #698221 #700254 #701254 
                    #701542 #702013 #702285 #703013 #703153 #705463 
                    
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
                    CVE-2011-1593 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-2022 CVE-2011-2182 CVE-2011-2484
                    CVE-2011-2491 CVE-2011-2496
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 22 fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP4
   kernel fixes  several security issues and bugs.

   The following security issues were fixed:

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-2484: The add_del_listener function in
   kernel/taskstats.c in the Linux kernel did not prevent
   multiple registrations of exit handlers, which allowed
   local users to cause a denial of service (memory and CPU
   consumption), and bypass the OOM Killer, via a crafted
   application.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017, CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1593: Multiple integer overflows in the
   next_pidmap function in kernel/pid.c in the Linux kernel
   allowed local users to cause a denial of service (system
   crash) via a crafted (1) getdents or (2) readdir system
   call.

   *

   CVE-2011-1494: Integer overflow in the
   _ctl_do_mpt_command function in
   drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
   might have allowed local users to gain privileges or cause
   a denial of service (memory corruption) via an ioctl call
   specifying a crafted value that triggers a heap-based
   buffer overflow.

   *

   CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
   the Linux kernel did not validate (1) length and (2) offset
   values before performing memory copy operations, which
   might have allowed local users to gain privileges, cause a
   denial of service (memory corruption), or obtain sensitive
   information from kernel memory via a crafted ioctl call,
   related to the _ctl_do_mpt_command and
   _ctl_diag_read_buffer functions.

   Security Issue references:

   * CVE-2011-1093
   
   * CVE-2011-2484
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-2022
   
   * CVE-2011-1745
   
   * CVE-2011-1585
   
   * CVE-2011-0726
   
   * CVE-2011-2496
   
   * CVE-2011-2491
   
   * CVE-2011-1017
   
   * CVE-2011-2182
   
   * CVE-2011-1593
   
   * CVE-2011-1494
   
   * CVE-2011-1495
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-kdumppae-2.6.16.60-0.89.1
      kernel-vmi-2.6.16.60-0.89.1
      kernel-vmipae-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.89.1
      kernel-ppc64-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-smp-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.89.1


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1494.html
   https://www.suse.com/security/cve/CVE-2011-1495.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1593.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2484.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://bugzilla.novell.com/644541
   https://bugzilla.novell.com/645084
   https://bugzilla.novell.com/655973
   https://bugzilla.novell.com/657017
   https://bugzilla.novell.com/657029
   https://bugzilla.novell.com/658035
   https://bugzilla.novell.com/668483
   https://bugzilla.novell.com/670465
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/678422
   https://bugzilla.novell.com/682251
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/683282
   https://bugzilla.novell.com/683886
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/685276
   https://bugzilla.novell.com/685402
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/688432
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/690869
   https://bugzilla.novell.com/692601
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/693149
   https://bugzilla.novell.com/693796
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/697932
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/700254
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701542
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/703013
   https://bugzilla.novell.com/703153
   https://bugzilla.novell.com/705463
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/app/login

SuSE: 2011:0899-1: important: Linux kernel

August 12, 2011
An update that solves 14 vulnerabilities and has 22 fixes An update that solves 14 vulnerabilities and has 22 fixes An update that solves 14 vulnerabilities and has 22 fixes is now...

Summary

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0899-1
Rating:             important
References:         #644541 #645084 #655973 #657017 #657029 #658035 
                    #668483 #670465 #677676 #678422 #682251 #683101 
                    #683282 #683886 #684297 #685276 #685402 #687812 
                    #688432 #689797 #690869 #692601 #693043 #693149 
                    #693796 #696107 #697932 #698221 #700254 #701254 
                    #701542 #702013 #702285 #703013 #703153 #705463 
                    
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
                    CVE-2011-1593 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-2022 CVE-2011-2182 CVE-2011-2484
                    CVE-2011-2491 CVE-2011-2496
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 22 fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP4
   kernel fixes  several security issues and bugs.

   The following security issues were fixed:

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-2484: The add_del_listener function in
   kernel/taskstats.c in the Linux kernel did not prevent
   multiple registrations of exit handlers, which allowed
   local users to cause a denial of service (memory and CPU
   consumption), and bypass the OOM Killer, via a crafted
   application.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017, CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1593: Multiple integer overflows in the
   next_pidmap function in kernel/pid.c in the Linux kernel
   allowed local users to cause a denial of service (system
   crash) via a crafted (1) getdents or (2) readdir system
   call.

   *

   CVE-2011-1494: Integer overflow in the
   _ctl_do_mpt_command function in
   drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
   might have allowed local users to gain privileges or cause
   a denial of service (memory corruption) via an ioctl call
   specifying a crafted value that triggers a heap-based
   buffer overflow.

   *

   CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
   the Linux kernel did not validate (1) length and (2) offset
   values before performing memory copy operations, which
   might have allowed local users to gain privileges, cause a
   denial of service (memory corruption), or obtain sensitive
   information from kernel memory via a crafted ioctl call,
   related to the _ctl_do_mpt_command and
   _ctl_diag_read_buffer functions.

   Security Issue references:

   * CVE-2011-1093
   
   * CVE-2011-2484
   
   * CVE-2011-1745
   
   * CVE-2011-1746
   
   * CVE-2011-2022
   
   * CVE-2011-1745
   
   * CVE-2011-1585
   
   * CVE-2011-0726
   
   * CVE-2011-2496
   
   * CVE-2011-2491
   
   * CVE-2011-1017
   
   * CVE-2011-2182
   
   * CVE-2011-1593
   
   * CVE-2011-1494
   
   * CVE-2011-1495
   

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      kernel-smp-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-kdumppae-2.6.16.60-0.89.1
      kernel-vmi-2.6.16.60-0.89.1
      kernel-vmipae-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      kernel-iseries64-2.6.16.60-0.89.1
      kernel-ppc64-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      kernel-default-2.6.16.60-0.89.1
      kernel-smp-2.6.16.60-0.89.1
      kernel-source-2.6.16.60-0.89.1
      kernel-syms-2.6.16.60-0.89.1
      kernel-xen-2.6.16.60-0.89.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      kernel-bigsmp-2.6.16.60-0.89.1
      kernel-xenpae-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586 x86_64):

      kernel-xen-2.6.16.60-0.89.1

   - SLE SDK 10 SP4 (i586):

      kernel-xenpae-2.6.16.60-0.89.1


References:

   https://www.suse.com/security/cve/CVE-2011-0726.html
   https://www.suse.com/security/cve/CVE-2011-1017.html
   https://www.suse.com/security/cve/CVE-2011-1093.html
   https://www.suse.com/security/cve/CVE-2011-1494.html
   https://www.suse.com/security/cve/CVE-2011-1495.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-1593.html
   https://www.suse.com/security/cve/CVE-2011-1745.html
   https://www.suse.com/security/cve/CVE-2011-1746.html
   https://www.suse.com/security/cve/CVE-2011-2022.html
   https://www.suse.com/security/cve/CVE-2011-2182.html
   https://www.suse.com/security/cve/CVE-2011-2484.html
   https://www.suse.com/security/cve/CVE-2011-2491.html
   https://www.suse.com/security/cve/CVE-2011-2496.html
   https://bugzilla.novell.com/644541
   https://bugzilla.novell.com/645084
   https://bugzilla.novell.com/655973
   https://bugzilla.novell.com/657017
   https://bugzilla.novell.com/657029
   https://bugzilla.novell.com/658035
   https://bugzilla.novell.com/668483
   https://bugzilla.novell.com/670465
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/678422
   https://bugzilla.novell.com/682251
   https://bugzilla.novell.com/683101
   https://bugzilla.novell.com/683282
   https://bugzilla.novell.com/683886
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/685276
   https://bugzilla.novell.com/685402
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/688432
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/690869
   https://bugzilla.novell.com/692601
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/693149
   https://bugzilla.novell.com/693796
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/697932
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/700254
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701542
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/703013
   https://bugzilla.novell.com/703153
   https://bugzilla.novell.com/705463
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/idff/sso
   https://login.microfocus.com/nidp/app/login

References

Severity

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved