| From the openSUSE advisory:
CVE-2011-1012: The code for evaluating LDM partitions (in
fs/partitions/ldm.c) contained a bug that could crash the
kernel for certain corrupted LDM partitions.
CVE-2011-1082: The epoll subsystem in Linux did not prevent
users from creating circular epoll file structures,
potentially leading to a denial of service (kernel
deadlock).
CVE-2011-1163: The code for evaluating OSF partitions (in
fs/partitions/osf.c) contained a bug that leaks data from
kernel heap memory to userspace for certain corrupted OSF
partitions.
CVE-2011-1182: Local attackers could send signals to their
programs that looked like coming from the kernel,
potentially gaining privileges in the context of setuid
programs.
CVE-2011-1476: Specially crafted requests may be written to
/dev/sequencer resulting in an underflow when calculating a
size for a copy_from_user() operation in the driver for
MIDI interfaces. On x86, this just returns an error, but it
could have caused memory corruption on other architectures.
Other malformed requests could have resulted in the use of
uninitialized variables.
CVE-2011-1477: Due to a failure to validate user-supplied
indexes in the driver for Yamaha YM3812 and OPL-3 chips, a
specially crafted ioctl request could have been sent to
/dev/sequencer, resulting in reading and writing beyond the
bounds of heap buffers, and potentially allowing privilege
escalation.
CVE-2011-1493: In the
rose networking stack, when parsing the FAC_NATIONAL_DIGIS
facilities field, it was possible for a remote host to
provide more digipeaters than expected, resulting in heap
corruption. Check against ROSE_MAX_DIGIS to prevent
overflows, and abort facilities parsing on failure.
| 