User: Password:
Subscribe / Log in / New account

openSUSE alert openSUSE-SU-2012:0236-1 (kernel)

Subject:  openSUSE-SU-2012:0236-1: important: kernel: security and bugfix update.
Date:  Thu, 9 Feb 2012 19:10:55 +0100 (CET)
Message-ID:  <>
Archive-link:  Article, Thread

openSUSE Security Update: kernel: security and bugfix update. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0236-1 Rating: important References: #676602 #679059 #681180 #681181 #681184 #681185 #691052 #692498 #699709 #700879 #702037 #707288 #709561 #709764 #710235 #713933 #723999 #726788 #736149 Cross-References: CVE-2011-1080 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1770 CVE-2011-2203 CVE-2011-2213 CVE-2011-2534 CVE-2011-2699 CVE-2011-2723 CVE-2011-2898 CVE-2011-4081 CVE-2011-4087 CVE-2011-4604 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has four fixes is now available. It includes one version update. Description: The openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. CVE-2011-1173: A kernel information leak via ip6_tables was fixed. CVE-2011-1172: A kernel information leak via ip6_tables netfilter was fixed. CVE-2011-1171: A kernel information leak via ip_tables was fixed. CVE-2011-1170: A kernel information leak via arp_tables was fixed. CVE-2011-1080: A kernel information leak via netfilter was fixed. CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. CVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read. CVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic. CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory. CVE-2011-4087: A local denial of service when using bridged networking via a flood ping was fixed. CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. CVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch kernel-5606 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version:]: kernel-debug- kernel-debug-base- kernel-debug-devel- kernel-default- kernel-default-base- kernel-default-devel- kernel-desktop- kernel-desktop-base- kernel-desktop-devel- kernel-ec2- kernel-ec2-base- kernel-ec2-devel- kernel-ec2-extra- kernel-syms- kernel-trace- kernel-trace-base- kernel-trace-devel- kernel-vanilla- kernel-vanilla-base- kernel-vanilla-devel- kernel-xen- kernel-xen-base- kernel-xen-devel- preload-kmp-default-1.2_k2.6.37.6_0.11-6.7.28 preload-kmp-desktop-1.2_k2.6.37.6_0.11-6.7.28 - openSUSE 11.4 (noarch) [New Version:]: kernel-devel- kernel-docs- kernel-source- kernel-source-vanilla- - openSUSE 11.4 (i586) [New Version:]: kernel-pae- kernel-pae-base- kernel-pae-devel- kernel-vmi- kernel-vmi-base- kernel-vmi-devel- References:

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds