Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise High Availability Extension 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________
An update that solves 6 vulnerabilities and has 23 fixes is now available. It includes one version update.
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 220.127.116.11 and fixes various bugs and security issues.
The following security issues have been fixed:
CVE-2011-1776: Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table.
CVE-2010-3881: The second part of this fix was not yet applied to our kernel: arch/x86/kvm/x86.c in the Linux kernel before 18.104.22.168 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.
CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar.
CVE-2011-2700: A small buffer overflow in the radio driver si4713-i2c was fixed that could potentially used by local attackers to crash the kernel or potentially execute code.
CVE-2011-2909: A kernel information leak in the comedi driver from kernel to userspace was fixed.
CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer.