openSUSE Security Update : kernel (openSUSE-SU-2011:1221-1)

critical Nessus Plugin ID 75556
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.3 kernel was updated to fix various bugs and security issues.

Following security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks.

CVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes.

CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer.

CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system.

CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host.

CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

Following non security bugs were fixed :

- drm/radeon/kms: Fix I2C mask definitions (bnc#712023).

- ext4: Fix max file size and logical block counting of extent format file (bnc#706374).

- TTY: pty, fix pty counting (bnc#711203).

- Update Xen patches to 2.6.34.10.

- xen/blkfront: fix data size for xenbus_gather in connect().

- xen/xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end().

- xen/blkback: don't fail empty barrier requests.

- xen/blktap: fix locking (bnc#685276).

- xen/xenbus: don't BUG() on user mode induced conditions (bnc#696107).

- xen/blkfront: avoid NULL de-reference in CDROM ioctl handling (bnc#701355).

- intr-remap: allow disabling source id checking (bnc#710352).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=685276

https://bugzilla.novell.com/show_bug.cgi?id=692784

https://bugzilla.novell.com/show_bug.cgi?id=696107

https://bugzilla.novell.com/show_bug.cgi?id=701355

https://bugzilla.novell.com/show_bug.cgi?id=706374

https://bugzilla.novell.com/show_bug.cgi?id=710352

https://bugzilla.novell.com/show_bug.cgi?id=711203

https://bugzilla.novell.com/show_bug.cgi?id=711539

https://bugzilla.novell.com/show_bug.cgi?id=712023

https://bugzilla.novell.com/show_bug.cgi?id=712366

https://bugzilla.novell.com/show_bug.cgi?id=714001

https://bugzilla.novell.com/show_bug.cgi?id=716901

https://bugzilla.novell.com/show_bug.cgi?id=718028

https://bugzilla.novell.com/show_bug.cgi?id=719117

https://lists.opensuse.org/opensuse-updates/2011-11/msg00006.html

Plugin Details

Severity: Critical

ID: 75556

File Name: suse_11_3_kernel-111026.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 10/26/2011

Reference Information

CVE: CVE-2011-1577, CVE-2011-1776, CVE-2011-1833, CVE-2011-2918, CVE-2011-3191, CVE-2011-3353, CVE-2011-3363