SUSE Security Update: Security update for the Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1058-1
Rating:             important
References:         #635880 #665543 #677676 #684297 #687812 #689797 
                    #692784 #693043 #696107 #698221 #701254 #701355 
                    #702013 #702285 #705463 #714001 
Cross-References:   CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
                    CVE-2011-1585 CVE-2011-1745 CVE-2011-1746
                    CVE-2011-1776 CVE-2011-2022 CVE-2011-2182
                    CVE-2011-2491 CVE-2011-2496 CVE-2011-3191
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has four fixes
   is now available.

Description:


   This kernel update for the SUSE Linux Enterprise 10 SP3
   kernel fixes  several security issues and bugs.

   The following security issues have been fixed:

   *

   CVE-2011-3191: A signedness issue in CIFS could
   possibly have lead to to memory corruption, if a malicious
   server could send crafted replies to the host.

   *

   CVE-2011-1776: Timo Warns reported an issue in the
   Linux implementation for GUID partitions. Users with
   physical access could gain access to sensitive kernel
   memory by adding a storage device with a specially crafted
   corrupted invalid partition table.

   *

   CVE-2011-1093: The dccp_rcv_state_process function in
   net/dccp/input.c in the Datagram Congestion Control
   Protocol (DCCP) implementation in the Linux kernel did not
   properly handle packets for a CLOSED endpoint, which
   allowed remote attackers to cause a denial of service (NULL
   pointer dereference and OOPS) by sending a DCCP-Close
   packet followed by a DCCP-Reset packet.

   *

   CVE-2011-1745: Integer overflow in the
   agp_generic_insert_memory function in
   drivers/char/agp/generic.c in the Linux kernel allowed
   local users to gain privileges or cause a denial of service
   (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
   call.

   *

   CVE-2011-1746: Multiple integer overflows in the (1)
   agp_allocate_memory and (2) agp_create_user_memory
   functions in drivers/char/agp/generic.c in the Linux kernel
   allowed local users to trigger buffer overflows, and
   consequently cause a denial of service (system crash) or
   possibly have unspecified other impact, via vectors related
   to calls that specify a large number of memory pages.

   *

   CVE-2011-2022: The agp_generic_remove_memory function
   in drivers/char/agp/generic.c in the Linux kernel before
   2.6.38.5 did not validate a certain start parameter, which
   allowed local users to gain privileges or cause a denial of
   service (system crash) via a crafted AGPIOC_UNBIND
   agp_ioctl ioctl call, a different vulnerability than
   CVE-2011-1745.

   *

   CVE-2011-0726: The do_task_stat function in
   fs/proc/array.c in the Linux kernel did not perform an
   expected uid check, which made it easier for local users to
   defeat the ASLR protection mechanism by reading the
   start_code and end_code fields in the /proc/#####/stat file
   for a process executing a PIE binary.

   *

   CVE-2011-2496: The normal mmap paths all avoid
   creating a mapping where the pgoff inside the mapping could
   wrap around due to overflow. However, an expanding mremap()
   can take such a non-wrapping mapping and make it bigger and
   cause a wrapping condition.

   *

   CVE-2011-2491: A local unprivileged user able to
   access a NFS filesystem could use file locking to deadlock
   parts of an nfs server under some circumstance.

   *

   CVE-2011-1017,CVE-2011-2182: The code for evaluating
   LDM partitions (in fs/partitions/ldm.c) contained bugs that
   could crash the kernel for certain corrupted LDM partitions.

   *

   CVE-2011-1585: When using a setuid root mount.cifs,
   local users could hijack password protected mounted CIFS
   shares of other local users.

   Also following non-security bugs were fixed:

   *
   patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
   -check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
   to read_from_oldmem() to check for non-ram pages
   (bnc#684297).
   * patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix
   memory leak on release.
   * patches.xen/1074-xenbus_conn-type.patch: xenbus: fix
   type inconsistency with xenbus_conn().
   * patches.xen/1080-blkfront-xenbus-gather-format.patch:
   blkfront: fix data size for xenbus_gather in connect().
   *
   patches.xen/1081-blkback-resize-transaction-end.patch:
   xenbus: fix xenbus_transaction_start() hang caused by
   double xenbus_transaction_end().
   * patches.xen/1089-blkback-barrier-check.patch:
   blkback: dont fail empty barrier requests.
   * patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus:
   dont BUG() on user mode induced conditions (bnc#696107).
   * patches.xen/1098-blkfront-cdrom-ioctl-check.patch:
   blkfront: avoid NULL de-reference in CDROM ioctl handling
   (bnc#701355).
   * patches.xen/1102-x86-max-contig-order.patch: x86: use
   dynamically adjusted upper bound for contiguous regions
   (bnc#635880).
   *
   patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
   ues.patch: x86: sanitize user specified e820 memmap values
   (bnc#665543).
   *
   patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
   ing-progress: Fix typo, which was uncovered in debug mode.
   * patches.fixes/pacct-fix-sighand-siglock-usage.patch:
   Fix sighand->siglock usage in kernel/acct.c (bnc#705463).

   Security Issue references:

   * CVE-2011-0726
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
   >
   * CVE-2011-1017
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017
   >
   * CVE-2011-1093
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
   >
   * CVE-2011-1745
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
   >
   * CVE-2011-1746
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
   >
   * CVE-2011-1776
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
   >
   * CVE-2011-2022
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
   >
   * CVE-2011-2182
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
   >
   * CVE-2011-2491
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
   >
   * CVE-2011-2496
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496
   >
   * CVE-2011-3191
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
   >
   * CVE-2011-1585
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585
   >

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

      kernel-default-2.6.16.60-0.83.2
      kernel-source-2.6.16.60-0.83.2
      kernel-syms-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

      kernel-smp-2.6.16.60-0.83.2
      kernel-xen-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (i586):

      kernel-bigsmp-2.6.16.60-0.83.2
      kernel-kdumppae-2.6.16.60-0.83.2
      kernel-vmi-2.6.16.60-0.83.2
      kernel-vmipae-2.6.16.60-0.83.2
      kernel-xenpae-2.6.16.60-0.83.2

   - SUSE Linux Enterprise Server 10 SP3 (ppc):

      kernel-iseries64-2.6.16.60-0.83.2
      kernel-ppc64-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ia64 x86_64):

      kernel-debug-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 ppc x86_64):

      kernel-kdump-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586 x86_64):

      kernel-xen-2.6.16.60-0.83.2

   - SLE SDK 10 SP3 (i586):

      kernel-xenpae-2.6.16.60-0.83.2


References:

   http://support.novell.com/security/cve/CVE-2011-0726.html
   http://support.novell.com/security/cve/CVE-2011-1017.html
   http://support.novell.com/security/cve/CVE-2011-1093.html
   http://support.novell.com/security/cve/CVE-2011-1585.html
   http://support.novell.com/security/cve/CVE-2011-1745.html
   http://support.novell.com/security/cve/CVE-2011-1746.html
   http://support.novell.com/security/cve/CVE-2011-1776.html
   http://support.novell.com/security/cve/CVE-2011-2022.html
   http://support.novell.com/security/cve/CVE-2011-2182.html
   http://support.novell.com/security/cve/CVE-2011-2491.html
   http://support.novell.com/security/cve/CVE-2011-2496.html
   http://support.novell.com/security/cve/CVE-2011-3191.html
   https://bugzilla.novell.com/635880
   https://bugzilla.novell.com/665543
   https://bugzilla.novell.com/677676
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/687812
   https://bugzilla.novell.com/689797
   https://bugzilla.novell.com/692784
   https://bugzilla.novell.com/693043
   https://bugzilla.novell.com/696107
   https://bugzilla.novell.com/698221
   https://bugzilla.novell.com/701254
   https://bugzilla.novell.com/701355
   https://bugzilla.novell.com/702013
   https://bugzilla.novell.com/702285
   https://bugzilla.novell.com/705463
   https://bugzilla.novell.com/714001
   ?keywords=14f999b2da14400252037984b14f317a
   ?keywords=4f2403980de031813f91f813b6171179
   ?keywords=8c7d79d86d626d9e405009e6174cabd5
   ?keywords=a2be52185ebaeba245a1c8aff0c659e2
   ?keywords=a70d925c5736ccbb5c46bf7c01dfdfb6

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org