openSUSE Security Update : kernel (openSUSE-SU-2011:1221-1)

Critical Nessus Plugin ID 75556

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.3 kernel was updated to fix various bugs and security issues.

Following security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks.

CVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes.

CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer.

CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system.

CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host.

CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

Following non security bugs were fixed :

 - drm/radeon/kms: Fix I2C mask definitions (bnc#712023).

 - ext4: Fix max file size and logical block counting of extent format file (bnc#706374).

 - TTY: pty, fix pty counting (bnc#711203).

 - Update Xen patches to 2.6.34.10.

 - xen/blkfront: fix data size for xenbus_gather in connect().

 - xen/xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end().

 - xen/blkback: don't fail empty barrier requests.

 - xen/blktap: fix locking (bnc#685276).

 - xen/xenbus: don't BUG() on user mode induced conditions (bnc#696107).

 - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling (bnc#701355).

 - intr-remap: allow disabling source id checking (bnc#710352).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=685276

https://bugzilla.novell.com/show_bug.cgi?id=692784

https://bugzilla.novell.com/show_bug.cgi?id=696107

https://bugzilla.novell.com/show_bug.cgi?id=701355

https://bugzilla.novell.com/show_bug.cgi?id=706374

https://bugzilla.novell.com/show_bug.cgi?id=710352

https://bugzilla.novell.com/show_bug.cgi?id=711203

https://bugzilla.novell.com/show_bug.cgi?id=711539

https://bugzilla.novell.com/show_bug.cgi?id=712023

https://bugzilla.novell.com/show_bug.cgi?id=712366

https://bugzilla.novell.com/show_bug.cgi?id=714001

https://bugzilla.novell.com/show_bug.cgi?id=716901

https://bugzilla.novell.com/show_bug.cgi?id=718028

https://bugzilla.novell.com/show_bug.cgi?id=719117

https://lists.opensuse.org/opensuse-updates/2011-11/msg00006.html

Plugin Details

Severity: Critical

ID: 75556

File Name: suse_11_3_kernel-111026.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2011/10/26

Reference Information

CVE: CVE-2011-1577, CVE-2011-1776, CVE-2011-1833, CVE-2011-2918, CVE-2011-3191, CVE-2011-3353, CVE-2011-3363