openSUSE Security Update : kernel (openSUSE-SU-2011:1221-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.3 kernel was updated to fix various bugs and security
issues.

Following security issues have been fixed: CVE-2011-1833: Added a
kernel option to ensure ecryptfs is mounting only on paths belonging
to the current ui, which would have allowed local attackers to
potentially gain privileges via symlink attacks.

CVE-2011-3363: Always check the path in CIFS mounts to avoid
interesting filesystem path interaction issues and potential crashes.

CVE-2011-2918: In the perf framework software event overflows could
deadlock or delete an uninitialized timer.

CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not
check the length of the write so the message processing could overrun
and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used
by local users able to mount FUSE filesystems to crash the system.

CVE-2011-3191: A signedness issue in CIFS could possibly have lead to
to memory corruption, if a malicious server could send crafted replies
to the host.

CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the
Linux kernel did not check the size of an Extensible Firmware
Interface (EFI) GUID Partition Table (GPT) entry, which allowed
physically proximate attackers to cause a denial of service
(heap-based buffer overflow and OOPS) or obtain sensitive information
from kernel heap memory by connecting a crafted GPT storage device, a
different vulnerability than CVE-2011-1577.

Following non security bugs were fixed :

- drm/radeon/kms: Fix I2C mask definitions (bnc#712023).

- ext4: Fix max file size and logical block counting of
extent format file (bnc#706374).

- TTY: pty, fix pty counting (bnc#711203).

- Update Xen patches to 2.6.34.10.

- xen/blkfront: fix data size for xenbus_gather in
connect().

- xen/xenbus: fix xenbus_transaction_start() hang caused
by double xenbus_transaction_end().

- xen/blkback: don't fail empty barrier requests.

- xen/blktap: fix locking (bnc#685276).

- xen/xenbus: don't BUG() on user mode induced conditions
(bnc#696107).

- xen/blkfront: avoid NULL de-reference in CDROM ioctl
handling (bnc#701355).

- intr-remap: allow disabling source id checking
(bnc#710352).

See also :

http://lists.opensuse.org/opensuse-updates/2011-11/msg00006.html
https://bugzilla.novell.com/show_bug.cgi?id=685276
https://bugzilla.novell.com/show_bug.cgi?id=692784
https://bugzilla.novell.com/show_bug.cgi?id=696107
https://bugzilla.novell.com/show_bug.cgi?id=701355
https://bugzilla.novell.com/show_bug.cgi?id=706374
https://bugzilla.novell.com/show_bug.cgi?id=710352
https://bugzilla.novell.com/show_bug.cgi?id=711203
https://bugzilla.novell.com/show_bug.cgi?id=711539
https://bugzilla.novell.com/show_bug.cgi?id=712023
https://bugzilla.novell.com/show_bug.cgi?id=712366
https://bugzilla.novell.com/show_bug.cgi?id=714001
https://bugzilla.novell.com/show_bug.cgi?id=716901
https://bugzilla.novell.com/show_bug.cgi?id=718028
https://bugzilla.novell.com/show_bug.cgi?id=719117

Solution :

Update the affected kernel packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75556 ()

Bugtraq ID:

CVE ID: CVE-2011-1577
CVE-2011-1776
CVE-2011-1833
CVE-2011-2918
CVE-2011-3191
CVE-2011-3353
CVE-2011-3363

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now