openSUSE Security Update : kernel (openSUSE-SU-2011:1222-1)

critical Nessus Plugin ID 75881

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues.

Following security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks.

CVE-2011-2695: Multiple off-by-one errors in the ext4 subsystem in the Linux kernel allowed local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.

CVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes.

CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer.

CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system.

CVE-2011-2183: Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash.

CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host.

CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

Following non-security bugs were fixed :

- novfs: Unable to change password in the Novell Client for Linux (bnc#713229).

- novfs: last modification time not reliable (bnc#642896).

- novfs: unlink directory after unmap (bnc#649625).

- fs: novfs: Fix exit handlers on local_unlink (bnc#649625).

- novfs: 'Unable to save Login Script' appears when trying to save a user login script (bnc#638985).

- fs: novfs: Limit check for datacopy between user and kernel space.

- novfs: Fix checking of login id (bnc#626119).

- novfs: Set the sticky bit for the novfs mountpoint (bnc#686412).

- ACPICA: Fix issues/fault with automatic 'serialized' method support (bnc#678097).

- drm/radeon/kms: Fix I2C mask definitions (bnc#712023).

- ext4: Fix max file size and logical block counting of extent format file (bnc#706374).

- novfs: fix off-by-one allocation error (bnc#669378 bnc#719710).

- novfs: fix some kmalloc/kfree issues (bnc#669378 bnc#719710).

- novfs: fix some DirCache locking issues (bnc#669378 bnc#719710).

- memsw: remove noswapaccount kernel parameter (bnc#719450).

- Provide memory controller swap extension. Keep the feature disabled by default. Use swapaccount=1 kernel boot parameter for enabling it.

- Config cleanups: CONFIG_OLPC should be enabled only for i386 non PAE

- TTY: pty, fix pty counting (bnc#711203).

- USB: OHCI: fix another regression for NVIDIA controllers (bnc#682204).

- xen/blkfront: avoid NULL de-reference in CDROM ioctl handling.

- x86, mtrr: lock stop machine during MTRR rendezvous sequence (bnc#672008).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=626119

https://bugzilla.novell.com/show_bug.cgi?id=638985

https://bugzilla.novell.com/show_bug.cgi?id=642896

https://bugzilla.novell.com/show_bug.cgi?id=649625

https://bugzilla.novell.com/show_bug.cgi?id=669378

https://bugzilla.novell.com/show_bug.cgi?id=672008

https://bugzilla.novell.com/show_bug.cgi?id=678097

https://bugzilla.novell.com/show_bug.cgi?id=682204

https://bugzilla.novell.com/show_bug.cgi?id=686412

https://bugzilla.novell.com/show_bug.cgi?id=692784

https://bugzilla.novell.com/show_bug.cgi?id=697901

https://bugzilla.novell.com/show_bug.cgi?id=706374

https://bugzilla.novell.com/show_bug.cgi?id=711203

https://bugzilla.novell.com/show_bug.cgi?id=711539

https://bugzilla.novell.com/show_bug.cgi?id=712023

https://bugzilla.novell.com/show_bug.cgi?id=712366

https://bugzilla.novell.com/show_bug.cgi?id=713229

https://bugzilla.novell.com/show_bug.cgi?id=714001

https://bugzilla.novell.com/show_bug.cgi?id=716901

https://bugzilla.novell.com/show_bug.cgi?id=718028

https://bugzilla.novell.com/show_bug.cgi?id=719450

https://bugzilla.novell.com/show_bug.cgi?id=719710

https://lists.opensuse.org/opensuse-updates/2011-11/msg00007.html

Plugin Details

Severity: Critical

ID: 75881

File Name: suse_11_4_kernel-111026.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo, p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-devel, cpe:/o:novell:opensuse:11.4, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-vmi-debugsource, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 10/26/2011

Reference Information

CVE: CVE-2011-1577, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2695, CVE-2011-2918, CVE-2011-3191, CVE-2011-3353, CVE-2011-3363