|Subject:||openSUSE-SU-2011:0004-1 (important): kernel: security and bugfix update.|
|Date:||Mon, 3 Jan 2011 14:08:18 +0100 (CET)|
openSUSE Security Update: kernel: security and bugfix update. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0004-1 Rating: important References: #547887 #584028 #628591 #629901 #629908 #641811 #641983 #642043 #642302 #642311 #642312 #642313 #642484 #642486 #645659 #649187 #650128 #651218 #651626 #652563 #652939 #652940 #652945 #653258 #653260 #653930 #654581 #655215 #655839 #657350 #659076 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable "custom_debug" file, allowing local privilege escalation. CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lead to privilege escalation together with other issues. CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc could lead to memory corruption in the GDTH driver. CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel did not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. CVE-2010-4164: A remote (or local) attacker communicating over X.25 could cause a kernel panic by attempting to negotiate malformed facilities. CVE-2010-4175: A local attacker could cause memory overruns in the RDS protocol stack, potentially crashing the kernel. So far it is considered not to be exploitable. CVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the Linux kernel allwed local users to cause a denial of service via vectors involving an mprotect system call. CVE-2010-3874: A minor heap overflow in the CAN network module was fixed. Due to nature of the memory allocator it is likely not exploitable. CVE-2010-4158: A memory information leak in berkely packet filter rules allowed local attackers to read uninitialized memory of the kernel stack. CVE-2010-4162: A local denial of service in the blockdevice layer was fixed. CVE-2010-4163: By submitting certain I/O requests with 0 length, a local user could have caused a kernel panic. CVE-2010-0435: The Hypervisor in KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel did not initialize a certain block of heap memory, which allowed local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value. CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel allowed local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. CVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed. CVE-2010-4078: The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. CVE-2010-4082: The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. CVE-2010-4073: The ipc subsystem in the Linux kernel did not initialize certain structures, which allowed local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. CVE-2010-3432: The sctp_packet_config function in net/sctp/output.c in the Linux kernel performed extraneous initializations of packet data structures, which allowed remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. CVE-2010-3067: Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. CVE-2010-3865: A iovec integer overflow in RDS sockets was fixed which could lead to local attackers gaining kernel privileges. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch kernel-3709 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 18.104.22.168]: kernel-debug-22.214.171.124-0.7.1 kernel-debug-base-126.96.36.199-0.7.1 kernel-debug-devel-188.8.131.52-0.7.1 kernel-default-184.108.40.206-0.7.1 kernel-default-base-220.127.116.11-0.7.1 kernel-default-devel-18.104.22.168-0.7.1 kernel-desktop-22.214.171.124-0.7.1 kernel-desktop-base-126.96.36.199-0.7.1 kernel-desktop-devel-188.8.131.52-0.7.1 kernel-ec2-184.108.40.206-0.7.1 kernel-ec2-base-220.127.116.11-0.7.1 kernel-ec2-devel-18.104.22.168-0.7.1 kernel-ec2-extra-22.214.171.124-0.7.1 kernel-syms-126.96.36.199-0.7.1 kernel-trace-188.8.131.52-0.7.1 kernel-trace-base-184.108.40.206-0.7.1 kernel-trace-devel-220.127.116.11-0.7.1 kernel-vanilla-18.104.22.168-0.7.1 kernel-vanilla-base-22.214.171.124-0.7.1 kernel-vanilla-devel-126.96.36.199-0.7.1 kernel-xen-188.8.131.52-0.7.1 kernel-xen-base-184.108.40.206-0.7.1 kernel-xen-devel-220.127.116.11-0.7.1 preload-kmp-default-1.1_k18.104.22.168_0.7-19.1.11 preload-kmp-desktop-1.1_k22.214.171.124_0.7-19.1.11 - openSUSE 11.3 (noarch) [New Version: 126.96.36.199]: kernel-devel-188.8.131.52-0.7.1 kernel-source-184.108.40.206-0.7.1 kernel-source-vanilla-220.127.116.11-0.7.1 - openSUSE 11.3 (i586) [New Version: 18.104.22.168]: kernel-pae-22.214.171.124-0.7.1 kernel-pae-base-126.96.36.199-0.7.1 kernel-pae-devel-188.8.131.52-0.7.1 kernel-vmi-184.108.40.206-0.7.1 kernel-vmi-base-220.127.116.11-0.7.1 kernel-vmi-devel-18.104.22.168-0.7.1 References: https://bugzilla.novell.com/547887 https://bugzilla.novell.com/584028 https://bugzilla.novell.com/628591 https://bugzilla.novell.com/629901 https://bugzilla.novell.com/629908 https://bugzilla.novell.com/641811 https://bugzilla.novell.com/641983 https://bugzilla.novell.com/642043 https://bugzilla.novell.com/642302 https://bugzilla.novell.com/642311 https://bugzilla.novell.com/642312 https://bugzilla.novell.com/642313 https://bugzilla.novell.com/642484 https://bugzilla.novell.com/642486 https://bugzilla.novell.com/645659 https://bugzilla.novell.com/649187 https://bugzilla.novell.com/650128 https://bugzilla.novell.com/651218 https://bugzilla.novell.com/651626 https://bugzilla.novell.com/652563 https://bugzilla.novell.com/652939 https://bugzilla.novell.com/652940 https://bugzilla.novell.com/652945 https://bugzilla.novell.com/653258 https://bugzilla.novell.com/653260 https://bugzilla.novell.com/653930 https://bugzilla.novell.com/654581 https://bugzilla.novell.com/655215 https://bugzilla.novell.com/655839 https://bugzilla.novell.com/657350 https://bugzilla.novell.com/659076
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds