SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5056)
Medium Nessus Plugin ID 57110
The remote SuSE 11 host is missing one or more security updates.
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 22.214.171.124 and fixes various bugs and security issues. The following security issues have been fixed : - Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. (CVE-2011-1776) - The second part of this fix was not yet applied to our kernel: arch/x86/kvm/x86.c in the Linux kernel before 126.96.36.199 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. (CVE-2010-3881) - The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. (CVE-2011-2495) - A small buffer overflow in the radio driver si4713-i2c was fixed that could potentially used by local attackers to crash the kernel or potentially execute code. (CVE-2011-2700) - A kernel information leak in the comedi driver from kernel to userspace was fixed. (CVE-2011-2909) - In the perf framework software event overflows could deadlock or delete an uninitialized timer. (CVE-2011-2918)