This kernel update for the SUSE Linux Enterprise 10 SP4
kernel fixes several security issues and bugs.
The following security issues were fixed:
CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control
Protocol (DCCP) implementation in the Linux kernel did not
properly handle packets for a CLOSED endpoint, which
allowed remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by sending a DCCP-Close
packet followed by a DCCP-Reset packet.
CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.
CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.
CVE-2011-1746: Multiple integer overflows in the (1)
agp_allocate_memory and (2) agp_create_user_memory
functions in drivers/char/agp/generic.c in the Linux kernel
allowed local users to trigger buffer overflows, and
consequently cause a denial of service (system crash) or
possibly have unspecified other impact, via vectors related
to calls that specify a large number of memory pages.
CVE-2011-2022: The agp_generic_remove_memory function
in drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.
CVE-2011-1585: When using a setuid root mount.cifs,
local users could hijack password protected mounted CIFS
shares of other local users.
CVE-2011-0726: The do_task_stat function in
fs/proc/array.c in the Linux kernel did not perform an
expected uid check, which made it easier for local users to
defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file
for a process executing a PIE binary.
CVE-2011-2496: The normal mmap paths all avoid
creating a mapping where the pgoff inside the mapping could
wrap around due to overflow. However, an expanding mremap()
can take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.
CVE-2011-2491: A local unprivileged user able to
access a NFS filesystem could use file locking to deadlock
parts of an nfs server under some circumstance.
CVE-2011-1017, CVE-2011-2182: The code for evaluating
LDM partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.
CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.
CVE-2011-1494: Integer overflow in the
_ctl_do_mpt_command function in
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
might have allowed local users to gain privileges or cause
a denial of service (memory corruption) via an ioctl call
specifying a crafted value that triggers a heap-based
buffer overflow.
CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
the Linux kernel did not validate (1) length and (2) offset
values before performing memory copy operations, which
might have allowed local users to gain privileges, cause a
denial of service (memory corruption), or obtain sensitive
information from kernel memory via a crafted ioctl call,
related to the _ctl_do_mpt_command and
_ctl_diag_read_buffer functions.
download.novell.com/patch/finder/?keywords=0e9208ee65c884d152a545b8766938bc
download.novell.com/patch/finder/?keywords=2284bd78d78b00accc68729a9634d92d
download.novell.com/patch/finder/?keywords=3b9cb9db7d375a34d07fb460aad8137b
download.novell.com/patch/finder/?keywords=5f3e206eac108e161bdd1b3928ce7c3e
download.novell.com/patch/finder/?keywords=75c70ba80807aed777189444e17910e5
bugzilla.novell.com/644541
bugzilla.novell.com/645084
bugzilla.novell.com/655973
bugzilla.novell.com/657017
bugzilla.novell.com/657029
bugzilla.novell.com/658035
bugzilla.novell.com/668483
bugzilla.novell.com/670465
bugzilla.novell.com/677676
bugzilla.novell.com/678422
bugzilla.novell.com/682251
bugzilla.novell.com/683101
bugzilla.novell.com/683282
bugzilla.novell.com/683886
bugzilla.novell.com/684297
bugzilla.novell.com/685276
bugzilla.novell.com/685402
bugzilla.novell.com/687812
bugzilla.novell.com/688432
bugzilla.novell.com/689797
bugzilla.novell.com/690869
bugzilla.novell.com/692601
bugzilla.novell.com/693043
bugzilla.novell.com/693149
bugzilla.novell.com/693796
bugzilla.novell.com/696107
bugzilla.novell.com/697932
bugzilla.novell.com/698221
bugzilla.novell.com/700254
bugzilla.novell.com/701254
bugzilla.novell.com/701542
bugzilla.novell.com/702013
bugzilla.novell.com/702285
bugzilla.novell.com/703013
bugzilla.novell.com/703153
bugzilla.novell.com/705463