Adsons

    SuSE: 2010-047: openSUSE 11.3 kernel Security Update

    Date23 Sep 2010
    CategoryopenSUSE
    29
    Posted ByLinuxSecurity Advisories
    This update of the openSUSE 11.3 kernel fixes two local root exploits, This update of the openSUSE 11.3 kernel fixes two local root exploits, various other security issues and some bugs. various other security issues and some bugs. Following security issues are fixed by this update: CVE-2010-3301: Mismatch between 32bit and 64bit register usage in the system call entry path could be used by local [More...]
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    ______________________________________________________________________________
    
                            SUSE Security Announcement
    
            Package:                kernel
            Announcement ID:        SUSE-SA:2010:047
            5ate:                   Thu, 23 Sep 2010 16:00:00 +0000
            Affected Products:      openSUSE 11.3
            Vulnerability Type:     local privilege escalation
            CVSS v2 Base Score:     7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
            SUSE Default Package:   yes
            Cross-References:       CVE-2010-2955, CVE-2010-2959, CVE-2010-2960
                                    CVE-2010-3079, CVE-2010-3080, CVE-2010-3081
                                    CVE-2010-3084, CVE-2010-3296, CVE-2010-3297
                                    CVE-2010-3298, CVE-2010-3301
    
        Content of This Advisory:
            1) Security Vulnerability Resolved:
                 Linux kernel security update
               Problem Description
            2) Solution or Work-Around
            3) Special Instructions and Notes
            4) Package Location and Checksums
            5) Pending Vulnerabilities, Solutions, and Work-Arounds:
                See SUSE Security Summary Report
            6) Authenticity Verification and Additional Information
    
    ______________________________________________________________________________
    
    1) Problem Description and Brief Discussion
    
       This update of the openSUSE 11.3 kernel fixes two local root exploits,
       various other security issues and some bugs.
       
       Following security issues are fixed by this update:
       CVE-2010-3301: Mismatch between 32bit and 64bit register usage in the
       system call entry path could be used by local attackers to gain root
       privileges. This problem only affects x86_64 kernels.
       
       CVE-2010-3081: Incorrect buffer handling in the biarch-compat buffer
       handling could be used by local attackers to gain root privileges. This
       problem affects foremost x86_64, or potentially other biarch platforms,
       like PowerPC and S390x.
       
       CVE-2010-3084: A buffer overflow in the ETHTOOL_GRXCLSRLALL code could
       be used to crash the kernel or potentially execute code.
       
       CVE-2010-2955: A kernel information leak via the WEXT ioctl was fixed.
       
       CVE-2010-2960: The keyctl_session_to_parent function in
       security/keys/keyctl.c in the Linux kernel expects that a certain parent
       session keyring exists, which allows local users to cause a denial of
       service (NULL pointer dereference and system crash) or possibly have
       unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the
       keyctl function.
       
       CVE-2010-3080: A double free in an alsa error path was fixed, which could
       lead to kernel crashes.
       
       CVE-2010-3079: Fixed a ftrace NULL pointer dereference problem which
       could lead to kernel crashes.
       
       CVE-2010-3298: Fixed a kernel information leak in the net/usb/hso driver.
       
       CVE-2010-3296: Fixed a kernel information leak in the cxgb3 driver.
       
       CVE-2010-3297: Fixed a kernel information leak in the net/eql driver.
    
    2) Solution or Work-Around
    
       There is no known workaround, please install the update packages.
    
    3) Special Instructions and Notes
    
       Please reboot the machine after installing the update.
    
    4) Package Location and Checksums
    
       The preferred method for installing security updates is to use the YaST
       Online Update (YOU) tool. YOU detects which updates are required and
       automatically performs the necessary steps to verify and install them.
       Alternatively, download the update packages for your distribution manually
       and verify their integrity by the methods listed in Section 6 of this
       announcement. Then install the packages using the command
    
         rpm -Fhv 
    
       to apply the update, replacing  with the filename of the
       downloaded RPM package.
    
       
       x86 Platform:
       
       openSUSE 11.3:
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-debug-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-debug-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-debug-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-default-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-default-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-default-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-desktop-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-desktop-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-desktop-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-extra-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-pae-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-pae-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-pae-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-syms-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-trace-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-trace-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-trace-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-vanilla-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-vanilla-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-vanilla-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-vmi-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-vmi-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-vmi-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-xen-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-xen-base-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/kernel-xen-devel-2.6.34.7-0.3.1.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/preload-kmp-default-1.1_k2.6.34.7_0.3-19.1.3.i586.rpm
       http://download.opensuse.org/update/11.3/rpm/i586/preload-kmp-desktop-1.1_k2.6.34.7_0.3-19.1.3.i586.rpm
       
       Platform Independent:
       
       openSUSE 11.3:
       http://download.opensuse.org/update/11.3/rpm/noarch/kernel-devel-2.6.34.7-0.3.1.noarch.rpm
       http://download.opensuse.org/update/11.3/rpm/noarch/kernel-source-2.6.34.7-0.3.1.noarch.rpm
       http://download.opensuse.org/update/11.3/rpm/noarch/kernel-source-vanilla-2.6.34.7-0.3.1.noarch.rpm
       
       x86-64 Platform:
       
       openSUSE 11.3:
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-debug-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-debug-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-debug-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-default-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-default-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-default-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-desktop-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-desktop-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-desktop-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-extra-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-syms-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-trace-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-trace-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-trace-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-vanilla-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-vanilla-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-vanilla-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-xen-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-xen-base-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-xen-devel-2.6.34.7-0.3.1.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/preload-kmp-default-1.1_k2.6.34.7_0.3-19.1.3.x86_64.rpm
       http://download.opensuse.org/update/11.3/rpm/x86_64/preload-kmp-desktop-1.1_k2.6.34.7_0.3-19.1.3.x86_64.rpm
       
       Sources:
       
       openSUSE 11.3:
       http://download.opensuse.org/update/11.3/rpm/src/kernel-debug-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-default-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-desktop-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-ec2-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-pae-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-source-2.6.34.7-0.3.1.src.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-syms-2.6.34.7-0.3.1.src.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-trace-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-vanilla-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-vmi-2.6.34.7-0.3.1.nosrc.rpm
       http://download.opensuse.org/update/11.3/rpm/src/kernel-xen-2.6.34.7-0.3.1.nosrc.rpm
    
    ______________________________________________________________________________
    
    5) Pending Vulnerabilities, Solutions, and Work-Arounds:
    
       See SUSE Security Summary Report.
    ______________________________________________________________________________
    
    6) Authenticity Verification and Additional Information
    
      - Announcement authenticity verification:
    
        SUSE security announcements are published via mailing lists and on Web
        sites. The authenticity and integrity of a SUSE security announcement is
        guaranteed by a cryptographic signature in each announcement. All SUSE
        security announcements are published with a valid signature.
    
        To verify the signature of the announcement, save it as text into a file
        and run the command
    
          gpg --verify 
    
        replacing  with the name of the file where you saved the
        announcement. The output for a valid signature looks like:
    
          gpg: Signature made  using RSA key ID 3D25D3D9
          gpg: Good signature from "SuSE Security Team "
    
        where  is replaced by the date the document was signed.
    
        If the security team's key is not contained in your key ring, you can
        import it from the first installation CD. To import the key, use the
        command
    
          gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
    
      - Package authenticity verification:
    
        SUSE update packages are available on many mirror FTP servers all over the
        world. While this service is considered valuable and important to the free
        and open source software community, the authenticity and the integrity of
        a package needs to be verified to ensure that it has not been tampered
        with.
    
        The internal rpm package signatures provide an easy way to verify the
        authenticity of an RPM package. Use the command
    
         rpm -v --checksig 
    
        to verify the signature of the package, replacing  with the
        filename of the RPM package downloaded. The package is unmodified if it
        contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA.
    
        This key is automatically imported into the RPM database (on
        RPMv4-based distributions) and the gpg key ring of 'root' during
        installation. You can also find it on the first installation CD and at
        the end of this announcement.
    
      - SUSE runs two security mailing lists to which any interested party may
        subscribe:
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   General Linux and SUSE security discussion.
                All SUSE security announcements are sent to this list.
                To subscribe, send an e-mail to
                    .
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   SUSE's announce-only mailing list.
                Only SUSE's security announcements are sent to this list.
                To subscribe, send an e-mail to
                    .
    
        =====================================================================
        SUSE's security contact is  or .
        The  public key is listed below.
        =====================================================================
    

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories