kernel: multiple vulnerabilities

Package(s):

kernel

CVE #(s):

CVE-2011-0726 CVE-2011-1019 CVE-2011-1080

Created:

May 11, 2011

Updated:

August 19, 2011

Description:

From the Red Hat advisory:

* The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)

* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from "/lib/modules/", instead of only netdev modules. (CVE-2011-1019, Low)

* A missing validation of a null-terminated string data structure element in do_replace() could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)

Alerts:

Oracle	ELSA-2013-1645	kernel	2013-11-26
openSUSE	openSUSE-SU-2012:0236-1	kernel	2012-02-09
Ubuntu	USN-1256-1	linux-lts-backport-natty	2011-11-09
SUSE	SUSE-SU-2011:1058-1	kernel	2011-09-21
Ubuntu	USN-1212-1	linux-ti-omap4	2011-09-21
SUSE	SUSE-SA:2011:040	kernel	2011-09-20
Ubuntu	USN-1204-1	linux-fsl-imx51	2011-09-13
Ubuntu	USN-1202-1	linux-ti-omap4	2011-09-13
Ubuntu	USN-1189-1	kernel	2011-08-19
SUSE	SUSE-SU-2011:0899-1	kernel	2011-08-12
SUSE	SUSE-SA:2011:034	kernel	2011-08-12
Ubuntu	USN-1187-1	kernel	2011-08-09
SUSE	SUSE-SU-2011:0832-1	kernel	2011-07-25
SUSE	SUSE-SA:2011:031	kernel	2011-07-25
Ubuntu	USN-1170-1	linux	2011-07-15
Ubuntu	USN-1167-1	linux	2011-07-13
Ubuntu	USN-1159-1	linux-mvl-dove	2011-07-13
Ubuntu	USN-1162-1	linux-mvl-dove	2011-06-29
Ubuntu	USN-1160-1	kernel	2011-06-28
Debian	DSA-2264-1	linux-2.6	2011-06-18
CentOS	CESA-2011:0833	kernel	2011-05-31
Ubuntu	USN-1141-1	linux, linux-ec2	2011-05-31
Red Hat	RHSA-2011:0833-01	kernel	2011-05-31
Debian	DSA-2240-1	linux-2.6	2011-05-24
Red Hat	RHSA-2011:0500-01	kernel-rt	2011-05-10
Red Hat	RHSA-2011:0498-01	kernel	2011-05-10