Lucene search

K
suseSuseSUSE-SU-2011:0984-3
HistorySep 02, 2011 - 2:08 p.m.

kernel update for SLE11 SP1 (important)

2011-09-0214:08:13
lists.opensuse.org
30

EPSS

0.004

Percentile

72.1%

The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.45 and fixes various bugs and security
issues.

Following security issues were fixed: CVE-2011-1776: Timo
Warns reported an issue in the Linux implementation for
GUID partitions. Users with physical access could gain
access to sensitive kernel memory by adding a storage
device with a specially crafted corrupted invalid partition
table.

CVE-2010-3881: The second part of this fix was not yet
applied to our kernel: arch/x86/kvm/x86.c in the Linux
kernel before 2.6.36.2 does not initialize certain
structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory
via read operations on the /dev/kvm device.

CVE-2011-2495: The /proc/PID/io interface could be used by
local attackers to gain information on other processes like
number of password characters typed or similar.

CVE-2011-2700: A small buffer overflow in the radio driver
si4713-i2c was fixed that could potentially used by local
attackers to crash the kernel or potentially execute code.

CVE-2011-2909: A kernel information leak in the comedi
driver from kernel to userspace was fixed.

CVE-2011-2918: In the perf framework software event
overflows could deadlock or delete an uninitialized timer.

References