openSUSE Security Update : kernel (openSUSE-SU-2011:1222-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.4 kernel was updated to fixing lots of bugs
and security issues.

Following security issues have been fixed: CVE-2011-1833: Added a
kernel option to ensure ecryptfs is mounting only on paths belonging
to the current ui, which would have allowed local attackers to
potentially gain privileges via symlink attacks.

CVE-2011-2695: Multiple off-by-one errors in the ext4 subsystem in the
Linux kernel allowed local users to cause a denial of service (BUG_ON
and system crash) by accessing a sparse file in extent format with a
write operation involving a block number corresponding to the largest
possible 32-bit unsigned integer.

CVE-2011-3363: Always check the path in CIFS mounts to avoid
interesting filesystem path interaction issues and potential crashes.

CVE-2011-2918: In the perf framework software event overflows could
deadlock or delete an uninitialized timer.

CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not
check the length of the write so the message processing could overrun
and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used
by local users able to mount FUSE filesystems to crash the system.

CVE-2011-2183: Fixed a race between ksmd and other memory management
code, which could result in a NULL ptr dereference and kernel crash.

CVE-2011-3191: A signedness issue in CIFS could possibly have lead to
to memory corruption, if a malicious server could send crafted replies
to the host.

CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the
Linux kernel did not check the size of an Extensible Firmware
Interface (EFI) GUID Partition Table (GPT) entry, which allowed
physically proximate attackers to cause a denial of service
(heap-based buffer overflow and OOPS) or obtain sensitive information
from kernel heap memory by connecting a crafted GPT storage device, a
different vulnerability than CVE-2011-1577.

Following non-security bugs were fixed :

- novfs: Unable to change password in the Novell Client
for Linux (bnc#713229).

- novfs: last modification time not reliable (bnc#642896).

- novfs: unlink directory after unmap (bnc#649625).

- fs: novfs: Fix exit handlers on local_unlink

- novfs: 'Unable to save Login Script' appears when trying
to save a user login script (bnc#638985).

- fs: novfs: Limit check for datacopy between user and
kernel space.

- novfs: Fix checking of login id (bnc#626119).

- novfs: Set the sticky bit for the novfs mountpoint

- ACPICA: Fix issues/fault with automatic 'serialized'
method support (bnc#678097).

- drm/radeon/kms: Fix I2C mask definitions (bnc#712023).

- ext4: Fix max file size and logical block counting of
extent format file (bnc#706374).

- novfs: fix off-by-one allocation error (bnc#669378

- novfs: fix some kmalloc/kfree issues (bnc#669378

- novfs: fix some DirCache locking issues (bnc#669378

- memsw: remove noswapaccount kernel parameter

- Provide memory controller swap extension. Keep the
feature disabled by default. Use swapaccount=1 kernel
boot parameter for enabling it.

- Config cleanups: CONFIG_OLPC should be enabled only for
i386 non PAE

- TTY: pty, fix pty counting (bnc#711203).

- USB: OHCI: fix another regression for NVIDIA controllers

- xen/blkfront: avoid NULL de-reference in CDROM ioctl

- x86, mtrr: lock stop machine during MTRR rendezvous
sequence (bnc#672008).

See also :

Solution :

Update the affected kernel packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 75881 ()

Bugtraq ID:

CVE ID: CVE-2011-1577

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now