Lucene search

K
suseSuseSUSE-SU-2011:0899-1
HistoryAug 12, 2011 - 6:08 p.m.

Security update for Linux kernel (important)

2011-08-1218:08:21
lists.opensuse.org
13

0.027 Low

EPSS

Percentile

89.4%

This kernel update for the SUSE Linux Enterprise 10 SP4
kernel fixes several security issues and bugs.

The following security issues were fixed:

CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control
Protocol (DCCP) implementation in the Linux kernel did not
properly handle packets for a CLOSED endpoint, which
allowed remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by sending a DCCP-Close
packet followed by a DCCP-Reset packet.

CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.

CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.

CVE-2011-1746: Multiple integer overflows in the (1)
agp_allocate_memory and (2) agp_create_user_memory
functions in drivers/char/agp/generic.c in the Linux kernel
allowed local users to trigger buffer overflows, and
consequently cause a denial of service (system crash) or
possibly have unspecified other impact, via vectors related
to calls that specify a large number of memory pages.

CVE-2011-2022: The agp_generic_remove_memory function
in drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.

CVE-2011-1585: When using a setuid root mount.cifs,
local users could hijack password protected mounted CIFS
shares of other local users.

CVE-2011-0726: The do_task_stat function in
fs/proc/array.c in the Linux kernel did not perform an
expected uid check, which made it easier for local users to
defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file
for a process executing a PIE binary.

CVE-2011-2496: The normal mmap paths all avoid
creating a mapping where the pgoff inside the mapping could
wrap around due to overflow. However, an expanding mremap()
can take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.

CVE-2011-2491: A local unprivileged user able to
access a NFS filesystem could use file locking to deadlock
parts of an nfs server under some circumstance.

CVE-2011-1017, CVE-2011-2182: The code for evaluating
LDM partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.

CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.

CVE-2011-1494: Integer overflow in the
_ctl_do_mpt_command function in
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
might have allowed local users to gain privileges or cause
a denial of service (memory corruption) via an ioctl call
specifying a crafted value that triggers a heap-based
buffer overflow.

CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
the Linux kernel did not validate (1) length and (2) offset
values before performing memory copy operations, which
might have allowed local users to gain privileges, cause a
denial of service (memory corruption), or obtain sensitive
information from kernel memory via a crafted ioctl call,
related to the _ctl_do_mpt_command and
_ctl_diag_read_buffer functions.

References

0.027 Low

EPSS

Percentile

89.4%

Related for SUSE-SU-2011:0899-1