SUSE: 2011:0899-1 Important: Linux Kernel DoS Threats And Fixes
suse
August 12, 2011
An update that solves 14 vulnerabilities and has 22 fixes An update that solves 14 vulnerabilities and has 22 fixes An update that solves 14 vulnerabilities and has 22 fixes is now...
Summary
Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3820519_1edcd913e2b52798c5b9126b8927230e on line 19
SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:0899-1
Rating: important
References: #644541 #645084 #655973 #657017 #657029 #658035
#668483 #670465 #677676 #678422 #682251 #683101
#683282 #683886 #684297 #685276 #685402 #687812
#688432 #689797 #690869 #692601 #693043 #693149
#693796 #696107 #697932 #698221 #700254 #701254
#701542 #702013 #702285 #703013 #703153 #705463
Cross-References: CVE-2011-0726 CVE-2011-1017 CVE-2011-1093
CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
CVE-2011-1593 CVE-2011-1745 CVE-2011-1746
CVE-2011-2022 CVE-2011-2182 CVE-2011-2484
CVE-2011-2491 CVE-2011-2496
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that solves 14 vulnerabilities and has 22 fixes
is now available.
Description:
This kernel update for the SUSE Linux Enterprise 10 SP4
kernel fixes several security issues and bugs.
The following security issues were fixed:
*
CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control
Protocol (DCCP) implementation in the Linux kernel did not
properly handle packets for a CLOSED endpoint, which
allowed remote attackers to cause a denial of service (NULL
pointer dereference and OOPS) by sending a DCCP-Close
packet followed by a DCCP-Reset packet.
*
CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.
*
CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.
*
CVE-2011-1746: Multiple integer overflows in the (1)
agp_allocate_memory and (2) agp_create_user_memory
functions in drivers/char/agp/generic.c in the Linux kernel
allowed local users to trigger buffer overflows, and
consequently cause a denial of service (system crash) or
possibly have unspecified other impact, via vectors related
to calls that specify a large number of memory pages.
*
CVE-2011-2022: The agp_generic_remove_memory function
in drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.
*
CVE-2011-1585: When using a setuid root mount.cifs,
local users could hijack password protected mounted CIFS
shares of other local users.
*
CVE-2011-0726: The do_task_stat function in
fs/proc/array.c in the Linux kernel did not perform an
expected uid check, which made it easier for local users to
defeat the ASLR protection mechanism by reading the
start_code and end_code fields in the /proc/#####/stat file
for a process executing a PIE binary.
*
CVE-2011-2496: The normal mmap paths all avoid
creating a mapping where the pgoff inside the mapping could
wrap around due to overflow. However, an expanding mremap()
can take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.
*
CVE-2011-2491: A local unprivileged user able to
access a NFS filesystem could use file locking to deadlock
parts of an nfs server under some circumstance.
*
CVE-2011-1017, CVE-2011-2182: The code for evaluating
LDM partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.
*
CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.
*
CVE-2011-1494: Integer overflow in the
_ctl_do_mpt_command function in
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
might have allowed local users to gain privileges or cause
a denial of service (memory corruption) via an ioctl call
specifying a crafted value that triggers a heap-based
buffer overflow.
*
CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in
the Linux kernel did not validate (1) length and (2) offset
values before performing memory copy operations, which
might have allowed local users to gain privileges, cause a
denial of service (memory corruption), or obtain sensitive
information from kernel memory via a crafted ioctl call,
related to the _ctl_do_mpt_command and
_ctl_diag_read_buffer functions.
Security Issue references:
* CVE-2011-1093
References
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3820519_c1d2d4f425d79c8c327f2b8603847ec6 on line 11
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!