Verfasst: 02.08.2011, 22:42
Linux Kernel: Security/Bugfix update to 2.6.37.6
The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing
lots of bugs and security issues.
Following security issues have been fixed: CVE-2011-2495:
The /proc/PID/io interface could be used by local attackers
to gain information on other processes like number of
password characters typed or similar.
CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.
CVE-2011-2022: The agp_generic_remove_memory function in
drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.
CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.
CVE-2011-2493: A denial of service on mounting invalid ext4
filesystems was fixed.
CVE-2011-2491: A local unprivileged user able to access a
NFS filesystem could use file locking to deadlock parts of
an nfs server under some circumstance.
CVE-2011-2498: Also account PTE pages when calculating OOM
scoring, which could have lead to a denial of service.
CVE-2011-2496: The normal mmap paths all avoid creating a
mapping where the pgoff inside the mapping could wrap
around due to overflow. However, an expanding mremap() can
take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.
CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM
partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.
CVE-2011-1479: A regression in inotify fix for a memory
leak could lead to a double free corruption which could
crash the system.
CVE-2011-1927: A missing route validation issue in
ip_expire() could be used by remote attackers to trigger a
NULL ptr dereference, crashing parts of the kernel.
CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.
CVE-2011-1020: The proc filesystem implementation in the
Linux kernel did not restrict access to the /proc directory
tree of a process after this process performs an exec of a
setuid program, which allowed local users to obtain
sensitive information or cause a denial of service via
open, lseek, read, and write system calls.
Weitere Informationen zu den Fehlerbereinigungen dieser Aktualisierung sind auf diesen Webseiten verfügbar:
https://bugzilla.novell.com/show_bug.cgi?id=704788
https://bugzilla.novell.com/show_bug.cgi?id=703155
https://bugzilla.novell.com/show_bug.cgi?id=693043
https://bugzilla.novell.com/show_bug.cgi?id=689797
https://bugzilla.novell.com/show_bug.cgi?id=693043
https://bugzilla.novell.com/show_bug.cgi?id=704788
https://bugzilla.novell.com/show_bug.cgi?id=701998
https://bugzilla.novell.com/show_bug.cgi?id=702013
https://bugzilla.novell.com/show_bug.cgi?id=584493
https://bugzilla.novell.com/show_bug.cgi?id=681840
https://bugzilla.novell.com/show_bug.cgi?id=698247
https://bugzilla.novell.com/show_bug.cgi?id=693374
https://bugzilla.novell.com/show_bug.cgi?id=702579
https://bugzilla.novell.com/show_bug.cgi?id=702285
https://bugzilla.novell.com/show_bug.cgi?id=687368
https://bugzilla.novell.com/show_bug.cgi?id=698221
https://bugzilla.novell.com/show_bug.cgi?id=699123
https://bugzilla.novell.com/show_bug.cgi?id=697859
https://bugzilla.novell.com/show_bug.cgi?id=655693
https://bugzilla.novell.com/show_bug.cgi?id=672008
https://bugzilla.novell.com/show_bug.cgi?id=661979
https://bugzilla.novell.com/show_bug.cgi?id=677827
https://bugzilla.novell.com/show_bug.cgi?id=693013
https://bugzilla.novell.com/show_bug.cgi?id=666423
https://bugzilla.novell.com/show_bug.cgi?id=694498
https://bugzilla.novell.com/show_bug.cgi?id=688432
https://bugzilla.novell.com/show_bug.cgi?id=693382
https://bugzilla.novell.com/show_bug.cgi?id=595586
https://bugzilla.novell.com/show_bug.cgi?id=669889
https://bugzilla.novell.com/show_bug.cgi?id=692502
https://bugzilla.novell.com/show_bug.cgi?id=692497
https://bugzilla.novell.com/show_bug.cgi?id=674982
https://bugzilla.novell.com/show_bug.cgi?id=681826
https://bugzilla.novell.com/show_bug.cgi?id=674648
https://bugzilla.novell.com/show_bug.cgi?id=679545
https://bugzilla.novell.com/show_bug.cgi?id=689583
Weitere Informationen zu dieser Sicherheitsaktualisierung sind auf diesen Webseiten verfügbar:
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-1017
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-1020
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-1479
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-1593
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-1745
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-1927
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2022
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2182
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2484
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2491
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2493
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2495
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2496
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2011-2498
•
Ein Neustart des Rechners wird für die Übernahme der Änderungen der Aktualisierung erforderlich.
Veraltete Pakete:
• kernel-desktop - 2.6.37.6-0.7.1
/• kernel-desktop - 2.6.37.6-0.5.1
/• kernel-desktop - 2.6.37.6-0.7.1
/• kernel-desktop - 2.6.37.6-0.5.1
/• kernel-desktop - 2.6.37.1-1.2.2
/• kernel-desktop - 2.6.37.1-1.2.2
/• kernel-desktop - 2.6.37.6-0.5.1