openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs
and security issues.

Following security issues have been fixed: CVE-2011-2495: The
/proc/PID/io interface could be used by local attackers to gain
information on other processes like number of password characters
typed or similar.

CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in
the Linux kernel did not prevent multiple registrations of exit
handlers, which allowed local users to cause a denial of service
(memory and CPU consumption), and bypass the OOM Killer, via a crafted
application.

CVE-2011-2022: The agp_generic_remove_memory function in
drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not
validate a certain start parameter, which allowed local users to gain
privileges or cause a denial of service (system crash) via a crafted
AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.

CVE-2011-1745: Integer overflow in the agp_generic_insert_memory
function in drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service (system
crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

CVE-2011-2493: A denial of service on mounting invalid ext4
filesystems was fixed.

CVE-2011-2491: A local unprivileged user able to access a NFS
filesystem could use file locking to deadlock parts of an nfs server
under some circumstance.

CVE-2011-2498: Also account PTE pages when calculating OOM scoring,
which could have lead to a denial of service.

CVE-2011-2496: The normal mmap paths all avoid creating a mapping
where the pgoff inside the mapping could wrap around due to overflow.
However, an expanding mremap() can take such a non-wrapping mapping
and make it bigger and cause a wrapping condition.

CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions
(in fs/partitions/ldm.c) contained bugs that could crash the kernel
for certain corrupted LDM partitions.

CVE-2011-1479: A regression in inotify fix for a memory leak could
lead to a double free corruption which could crash the system.

CVE-2011-1927: A missing route validation issue in ip_expire() could
be used by remote attackers to trigger a NULL ptr dereference,
crashing parts of the kernel.

CVE-2011-1593: Multiple integer overflows in the next_pidmap function
in kernel/pid.c in the Linux kernel allowed local users to cause a
denial of service (system crash) via a crafted (1) getdents or (2)
readdir system call.

CVE-2011-1020: The proc filesystem implementation in the Linux kernel
did not restrict access to the /proc directory tree of a process after
this process performs an exec of a setuid program, which allowed local
users to obtain sensitive information or cause a denial of service via
open, lseek, read, and write system calls.

See also :

http://lists.opensuse.org/opensuse-updates/2011-08/msg00002.html
https://bugzilla.novell.com/show_bug.cgi?id=584493
https://bugzilla.novell.com/show_bug.cgi?id=595586
https://bugzilla.novell.com/show_bug.cgi?id=655693
https://bugzilla.novell.com/show_bug.cgi?id=661979
https://bugzilla.novell.com/show_bug.cgi?id=666423
https://bugzilla.novell.com/show_bug.cgi?id=669889
https://bugzilla.novell.com/show_bug.cgi?id=672008
https://bugzilla.novell.com/show_bug.cgi?id=674648
https://bugzilla.novell.com/show_bug.cgi?id=674982
https://bugzilla.novell.com/show_bug.cgi?id=677827
https://bugzilla.novell.com/show_bug.cgi?id=679545
https://bugzilla.novell.com/show_bug.cgi?id=681826
https://bugzilla.novell.com/show_bug.cgi?id=681840
https://bugzilla.novell.com/show_bug.cgi?id=687368
https://bugzilla.novell.com/show_bug.cgi?id=688432
https://bugzilla.novell.com/show_bug.cgi?id=689583
https://bugzilla.novell.com/show_bug.cgi?id=689797
https://bugzilla.novell.com/show_bug.cgi?id=692497
https://bugzilla.novell.com/show_bug.cgi?id=692502
https://bugzilla.novell.com/show_bug.cgi?id=693013
https://bugzilla.novell.com/show_bug.cgi?id=693043
https://bugzilla.novell.com/show_bug.cgi?id=693374
https://bugzilla.novell.com/show_bug.cgi?id=693382
https://bugzilla.novell.com/show_bug.cgi?id=694498
https://bugzilla.novell.com/show_bug.cgi?id=697859
https://bugzilla.novell.com/show_bug.cgi?id=698221
https://bugzilla.novell.com/show_bug.cgi?id=698247
https://bugzilla.novell.com/show_bug.cgi?id=699123
https://bugzilla.novell.com/show_bug.cgi?id=701998
https://bugzilla.novell.com/show_bug.cgi?id=702013
https://bugzilla.novell.com/show_bug.cgi?id=702285
https://bugzilla.novell.com/show_bug.cgi?id=702579
https://bugzilla.novell.com/show_bug.cgi?id=703155
https://bugzilla.novell.com/show_bug.cgi?id=704788

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now