Overview Repositories Revisions Requests Users Attributes Meta
kernel: security and bugfix update.

The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing
lots of bugs and security issues.

Following security issues have been fixed: CVE-2011-2495:
The /proc/PID/io interface could be used by local attackers
to gain information on other processes like number of
password characters typed or similar.

CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.

CVE-2011-2022: The agp_generic_remove_memory function in
drivers/char/agp/generic.c in the Linux kernel before
2.6.38.5 did not validate a certain start parameter, which
allowed local users to gain privileges or cause a denial of
service (system crash) via a crafted AGPIOC_UNBIND
agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.

CVE-2011-1745: Integer overflow in the
agp_generic_insert_memory function in
drivers/char/agp/generic.c in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl
call.

CVE-2011-2493: A denial of service on mounting invalid ext4
filesystems was fixed.

CVE-2011-2491: A local unprivileged user able to access a
NFS filesystem could use file locking to deadlock parts of
an nfs server under some circumstance.

CVE-2011-2498: Also account PTE pages when calculating OOM
scoring, which could have lead to a denial of service.

CVE-2011-2496: The normal mmap paths all avoid creating a
mapping where the pgoff inside the mapping could wrap
around due to overflow. However, an expanding mremap() can
take such a non-wrapping mapping and make it bigger and
cause a wrapping condition.

CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM
partitions (in fs/partitions/ldm.c) contained bugs that
could crash the kernel for certain corrupted LDM partitions.

CVE-2011-1479: A regression in inotify fix for a memory
leak could lead to a double free corruption which could
crash the system.

CVE-2011-1927: A missing route validation issue in
ip_expire() could be used by remote attackers to trigger a
NULL ptr dereference, crashing parts of the kernel.

CVE-2011-1593: Multiple integer overflows in the
next_pidmap function in kernel/pid.c in the Linux kernel
allowed local users to cause a denial of service (system
crash) via a crafted (1) getdents or (2) readdir system
call.

CVE-2011-1020: The proc filesystem implementation in the
Linux kernel did not restrict access to the /proc directory
tree of a process after this process performs an exec of a
setuid program, which allowed local users to obtain
sensitive information or cause a denial of service via
open, lseek, read, and write system calls.

Fixed bugs
bnc#704788
kernel BUG at nfs4state.c:391 after you update
bnc#703155
VUL-0: kernel: /proc/$pid/io info leak
bnc#693043
VUL-0: kernel: agp_generic_remove_memory vulnerability
bnc#689797
VUL-0: kernel: buffer overflow and DoS issues in agp
bnc#693043
VUL-0: kernel: agp_generic_remove_memory vulnerability
bnc#704788
kernel BUG at nfs4state.c:391 after you update
bnc#701998
VUL-1: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info
bnc#702013
VUL-1: kernel: NLM: Dont hang forever on NLM unlock requests
bnc#584493
setterm -background blue -foreground white -bold -blank 20 -store malfunctions since KMS was enabled in 11.3
bnc#681840
Extend backlist of SCSI devices (was: Adaptec aic7xxx driver does endless resets with kernel 2.6.37)
bnc#698247
BUG: unable to handle kernel NULL pointer dereference at n_tty_read
bnc#693374
Possible regression of Bug 642043 - NULL pointer dereference in n_tty_read() (follow up of bug 642043)
bnc#702579
VUL-0: kernel: oom: use pte pages in OOM score
bnc#702285
VUL-0: kernel: mm: avoid wrapping vm_pgoff
bnc#687368
Loop device gets stuck when using vm-install to create Xen domU
bnc#698221
VUL-1: kernel: incompplete fix for: fs/partitions: Kernel heap overflow via corrupted LDM partition tables
bnc#699123
Reading from a samba share mounted with cifs is too slow
bnc#697859
[FATE #311704,#311703,#311771,#311706,#311705,#311772] APEI support
bnc#655693
VUL-1: kernel: inotify memory leak
bnc#672008
[i915, mtrr] Complete system freeze at start
bnc#661979
FSC Amilo A-2000/A-6600 does not power off after shutdown
bnc#677827
setxattr(2) ignores XATTR_CREATE and XATTR_REPLACE
bnc#693013
kernel BUG at /usr/src/packages/BUILD/kernel-default-2.6.32.29/linux-2.6.32/fs/inode.c:323!
bnc#666423
hypervisor/Dom0 crashes under high load on OBS workers
bnc#694498
VUL-1: kernel: net: ip_expire() must revalidate route
bnc#688432
VUL-0: kernel: proc: signedness issue in next_pidmap()
bnc#693382
unable to handle kernel paging request
bnc#595586
rfkill fails to reenable WLAN on eeepc900A
bnc#669889
L3-Question: SLES 11 SP1 kernel consumes about 400 MB slab more than SLES 11 kernel
bnc#692502
Fix for bug 669889 can cause regressions on large NUMA systems
bnc#692497
VUL-1: kernel: CVE-2011-1771: cifs oops when creating file with O_DIRECT set
bnc#674982
VUL-1: kernel: /proc/$pid/ leaks contents across setuid exec
bnc#681826
VUL-0: CVE-2011-1182: kernel: SI_TKILL signal spoofing
bnc#674648
VUL-1: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables
bnc#679545
"zypper ref" fails if repository is located on a btrfs subvolume
bnc#689583
drivers/net/usb/cdc-phonet.c panics kernel because netif_stop_queue() is called before register_netdev()
CVE#CVE-2011-1017
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.
CVE#CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information o
CVE#CVE-2011-1479
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-1593
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.
CVE#CVE-2011-1745
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
CVE#CVE-2011-1927
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2022
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGP
CVE#CVE-2011-2182
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2484
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM K
CVE#CVE-2011-2491
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2493
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2495
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2496
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2498
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Selected Binaries
openSUSE Build Service is sponsored by
Places