Overview Repositories Revisions Requests Users Attributes Meta
kernel: security and bugfix update.

The openSUSE 11.4 kernel was updated to fix bugs and
security issues.

Following security issues have been fixed: CVE-2011-4604:
If root does read() on a specific socket, it's possible to
corrupt (kernel) memory over network, with an ICMP packet,
if the B.A.T.M.A.N. mesh protocol is used.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack
used predictable fragment identification numbers. A remote
attacker could exploit this to exhaust network resources,
leading to a denial of service.

CVE-2011-1173: A kernel information leak via ip6_tables was
fixed.

CVE-2011-1172: A kernel information leak via ip6_tables
netfilter was fixed.

CVE-2011-1171: A kernel information leak via ip_tables was
fixed.

CVE-2011-1170: A kernel information leak via arp_tables was
fixed.

CVE-2011-1080: A kernel information leak via netfilter was
fixed.

CVE-2011-2213: The inet_diag_bc_audit function in
net/ipv4/inet_diag.c in the Linux kernel did not properly
audit INET_DIAG bytecode, which allowed local users to
cause a denial of service (kernel infinite loop) via
crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
message, as demonstrated by an INET_DIAG_BC_JMP instruction
with a zero yes value, a different vulnerability than
CVE-2010-3880.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write
function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux
kernel might have allowed local users to cause a denial of
service or have unspecified other impact via a crafted
write operation, related to string data that lacks a
terminating '\0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options
function (net/dccp/options.c) in the Linux kernel allowed
remote attackers to cause a denial of service via a
Datagram Congestion Control Protocol (DCCP) packet with an
invalid feature options length, which triggered a buffer
over-read.

CVE-2011-2723: The skb_gro_header_slow function in
include/linux/netdevice.h in the Linux kernel, when Generic
Receive Offload (GRO) is enabled, reset certain fields in
incorrect situations, which allowed remote attackers to
cause a denial of service (system crash) via crafted
network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET
protocol was fixed which might have allowed local attackers
to read kernel memory.

CVE-2011-4087: A local denial of service when using bridged
networking via a flood ping was fixed.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt
hfs filesystems was fixed which could be used by local
attackers to crash the kernel.

CVE-2011-4081: Using the crypto interface a local user
could Oops the kernel by writing to a AF_ALG socket.

Fixed bugs
bnc#681184
AL: Filename not displayed for few events in the active view
bnc#681185
VUL-0: kernel: netfilter: ip6_tables: fix infoleak to userspace
bnc#736149
VUL-1: CVE-2011-4604: kernel: bat_socket_read: memory corruption
bnc#707288
VUL-1: kernel: ipv6: make fragment identifications less predictable
bnc#681181
VUL-0: CVE-2011-1171: kernel: netfilter: ip_tables: fix infoleak to userspace
bnc#681180
VUL-0: CVE-2011-1170: kernel: netfilter: arp_tables: fix infoleak to userspace
bnc#676602
VUL-0: kernel: ebtables infoleak
bnc#700879
VUL-0: kernel: inet_diag: fix inet_diag_bc_audit()
bnc#691052
After kernel update 2.6.37.6-0.5.1 display stop to work with invalid framebuffer id error
bnc#713933
[REGRESSION] Failures while running controller freezer testcases of ltp.
bnc#702037
VUL-1: kernel: buffer overflow in the clusterip_proc_write function
bnc#692498
VUL-1: kernel: DCCP invalid options
bnc#707288
VUL-1: kernel: ipv6: make fragment identifications less predictable
bnc#709764
BOOGAARD ASSURANTIEN BV S3046039
bnc#710235
VUL-1: kernel: af_packet information leak
bnc#679059
Boot hangs when NFS is enabled
bnc#709561
VUL-0: kernel: system hangs on ping -R through "bridge over vlan over bond" interface
bnc#699709
VUL-1: kernel: hfs_find_init() sb->ext_tree NULL pointer dereference
bnc#726788
VUL-0: CVE-2011-4081: kernel: crypto: ghash: null pointer deref if no key is set
bnc#723999
L3-Question: Unable to allocate over 256GB of memory
CVE#CVE-2011-1080
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-1170
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected 0 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se
CVE#CVE-2011-1171
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected 0 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sen
CVE#CVE-2011-1172
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected 0 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se
CVE#CVE-2011-1173
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an
CVE#CVE-2011-1770
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options le
CVE#CVE-2011-2203
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
CVE#CVE-2011-2213
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instruc
CVE#CVE-2011-2534
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to st
CVE#CVE-2011-2699
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2723
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (sy
CVE#CVE-2011-2898
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-4081
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-4087
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-4604
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Selected Binaries
openSUSE Build Service is sponsored by
Places