This kernel update for the SUSE Linux Enterprise 10 SP3
kernel fixes several security issues and bugs.
The following security issues have been fixed:
CVE-2011-3191: A signedness issue in CIFS could
possibly have lead to to memory corruption, if a malicious
server could send crafted replies to the host.
CVE-2011-1776: Timo Warns reported an issue in the
Linux implementation for GUID partitions. Users with
physical access could gain access to sensitive kernel
memory by adding a storage device with a specially crafted
corrupted invalid partition table.
CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control
Protocol (DCCP) implementation in the Linux kernel did not
properly handle packets for a CLOSED endpoint, which
allowed remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by sending a DCCP-Close
packet followed by a DCCP-Reset packet.
CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.
CVE-2011-1746: Multiple integer overflows in the (1)
agp_allocate_memory and (2) agp_create_user_memory
functions in drivers/char/agp/generic.c in the Linux kernel
allowed local users to trigger buffer overflows, and
consequently cause a denial of service (system crash) or
possibly have unspecified other impact, via vectors related
to calls that specify a large number of memory pages.
CVE-2011-2022: The agp_generic_remove_memory function
in drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.
CVE-2011-0726: The do_task_stat function in
fs/proc/array.c in the Linux kernel did not perform an
expected uid check, which made it easier for local users to
defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file
for a process executing a PIE binary.
CVE-2011-2496: The normal mmap paths all avoid
creating a mapping where the pgoff inside the mapping could
wrap around due to overflow. However, an expanding mremap()
can take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.
CVE-2011-2491: A local unprivileged user able to
access a NFS filesystem could use file locking to deadlock
parts of an nfs server under some circumstance.
CVE-2011-1017,CVE-2011-2182: The code for evaluating
LDM partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.
CVE-2011-1585: When using a setuid root mount.cifs,
local users could hijack password protected mounted CIFS
shares of other local users.
Also following non-security bugs were fixed:
patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldmem-to
-check-for-non-ram-pages.patch: fs/proc/vmcore.c: add hook
to read_from_oldmem() to check for non-ram pages
(bnc#684297).
patches.xen/1081-blkback-resize-transaction-end.patch:
xenbus: fix xenbus_transaction_start() hang caused by
double xenbus_transaction_end().
patches.xen/xen3-x86-sanitize-user-specified-e820-memmap-val
ues.patch: x86: sanitize user specified e820 memmap values
(bnc#665543).
*
patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is-mak
ing-progress: Fix typo, which was uncovered in debug mode.
download.novell.com/patch/finder/?keywords=14f999b2da14400252037984b14f317a
download.novell.com/patch/finder/?keywords=4f2403980de031813f91f813b6171179
download.novell.com/patch/finder/?keywords=8c7d79d86d626d9e405009e6174cabd5
download.novell.com/patch/finder/?keywords=a2be52185ebaeba245a1c8aff0c659e2
download.novell.com/patch/finder/?keywords=a70d925c5736ccbb5c46bf7c01dfdfb6
bugzilla.novell.com/635880
bugzilla.novell.com/665543
bugzilla.novell.com/677676
bugzilla.novell.com/684297
bugzilla.novell.com/687812
bugzilla.novell.com/689797
bugzilla.novell.com/692784
bugzilla.novell.com/693043
bugzilla.novell.com/696107
bugzilla.novell.com/698221
bugzilla.novell.com/701254
bugzilla.novell.com/701355
bugzilla.novell.com/702013
bugzilla.novell.com/702285
bugzilla.novell.com/705463
bugzilla.novell.com/714001