openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs
and security issues.

Following security issues have been fixed: CVE-2011-2495: The
/proc/PID/io interface could be used by local attackers to gain
information on other processes like number of password characters
typed or similar.

CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in
the Linux kernel did not prevent multiple registrations of exit
handlers, which allowed local users to cause a denial of service
(memory and CPU consumption), and bypass the OOM Killer, via a crafted
application.

CVE-2011-2491: A local unprivileged user able to access a NFS
filesystem could use file locking to deadlock parts of an nfs server
under some circumstance.

CVE-2011-2496: The normal mmap paths all avoid creating a mapping
where the pgoff inside the mapping could wrap around due to overflow.
However, an expanding mremap() can take such a non-wrapping mapping
and make it bigger and cause a wrapping condition.

CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions
(in fs/partitions/ldm.c) contained bugs that could crash the kernel
for certain corrupted LDM partitions.

CVE-2011-1479: A regression in inotify fix for a memory leak could
lead to a double free corruption which could crash the system.

CVE-2011-1593: Multiple integer overflows in the next_pidmap function
in kernel/pid.c in the Linux kernel allowed local users to cause a
denial of service (system crash) via a crafted (1) getdents or (2)
readdir system call.

CVE-2011-1020: The proc filesystem implementation in the Linux kernel
did not restrict access to the /proc directory tree of a process after
this process performs an exec of a setuid program, which allowed local
users to obtain sensitive information or cause a denial of service via
open, lseek, read, and write system calls.

CVE-2011-1585: When using a setuid root mount.cifs, local users could
hijack password protected mounted CIFS shares of other local users.

CVE-2011-1160: Kernel information via the TPM devices could by used by
local attackers to read kernel memory.

CVE-2011-1577: The Linux kernel automatically evaluated partition
tables of storage devices. The code for evaluating EFI GUID partitions
(in fs/partitions/efi.c) contained a bug that causes a kernel oops on
certain corrupted GUID partition tables, which might be used by local
attackers to crash the kernel or potentially execute code.

CVE-2011-1180: In the IrDA module, length fields provided by a peer
for names and attributes may be longer than the destination array
sizes and were not checked, this allowed local attackers (close to the
irda port) to potentially corrupt memory.

CVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not
properly validate data related to the AA resolve registers, which
allowed local users to write to arbitrary memory locations associated
with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table
(GTT) via crafted values.

CVE-2011-1013: A signedness issue in the drm ioctl handling could be
used by local attackers to potentially overflow kernel buffers and
execute code.

See also :

http://lists.opensuse.org/opensuse-updates/2011-08/msg00003.html
https://bugzilla.novell.com/show_bug.cgi?id=584493
https://bugzilla.novell.com/show_bug.cgi?id=595586
https://bugzilla.novell.com/show_bug.cgi?id=642142
https://bugzilla.novell.com/show_bug.cgi?id=655693
https://bugzilla.novell.com/show_bug.cgi?id=669889
https://bugzilla.novell.com/show_bug.cgi?id=669937
https://bugzilla.novell.com/show_bug.cgi?id=670860
https://bugzilla.novell.com/show_bug.cgi?id=670868
https://bugzilla.novell.com/show_bug.cgi?id=673934
https://bugzilla.novell.com/show_bug.cgi?id=674648
https://bugzilla.novell.com/show_bug.cgi?id=674691
https://bugzilla.novell.com/show_bug.cgi?id=674693
https://bugzilla.novell.com/show_bug.cgi?id=674982
https://bugzilla.novell.com/show_bug.cgi?id=676419
https://bugzilla.novell.com/show_bug.cgi?id=677827
https://bugzilla.novell.com/show_bug.cgi?id=679898
https://bugzilla.novell.com/show_bug.cgi?id=680040
https://bugzilla.novell.com/show_bug.cgi?id=681497
https://bugzilla.novell.com/show_bug.cgi?id=683282
https://bugzilla.novell.com/show_bug.cgi?id=687113
https://bugzilla.novell.com/show_bug.cgi?id=688432
https://bugzilla.novell.com/show_bug.cgi?id=689414
https://bugzilla.novell.com/show_bug.cgi?id=692459
https://bugzilla.novell.com/show_bug.cgi?id=692502
https://bugzilla.novell.com/show_bug.cgi?id=693374
https://bugzilla.novell.com/show_bug.cgi?id=693382
https://bugzilla.novell.com/show_bug.cgi?id=698221
https://bugzilla.novell.com/show_bug.cgi?id=698247
https://bugzilla.novell.com/show_bug.cgi?id=702013
https://bugzilla.novell.com/show_bug.cgi?id=702285
https://bugzilla.novell.com/show_bug.cgi?id=703153
https://bugzilla.novell.com/show_bug.cgi?id=703155

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now