SUSE-SU-2011:0635-2: moderate: Security update for Linux kernel

Sun Feb 26 20:08:13 MST 2012

   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0635-2
Rating:             moderate
References:         #211997 #363921 #506571 #518089 #570121 #584522 
                    #597771 #59807 #598159 #599213 #599826 #608994 
                    #612213 #615929 #620372 #641575 #644880 #646633 
                    #647632 #650513 #651109 #652939 #652940 #655670 
                    #657350 #657759 #660233 #664725 #678356 #686813 

Affected Products:
                    SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update fixes a several security issues and various
   bugs in the SUSE  Linux Enterprise 10 SP 2 Long Term
   Service Pack Support (LTSS) kernel.

   The following security issues were fixed:

   *

   CVE-2011-1573: Boundschecking was missing in
   AARESOLVE_OFFSET, which allowed local attackers to
   overwrite kernel memory and so escalate privileges or crash
   the kernel.

   *

   CVE-2010-3849: The econet_sendmsg function in
   net/econet/af_econet.c in the Linux kernel, when an econet
   address is configured, allowed local users to cause a
   denial of service (NULL pointer dereference and OOPS) via a
   sendmsg call that specifies a NULL value for the remote
   address field.

   *

   CVE-2010-3848: Stack-based buffer overflow in the
   econet_sendmsg function in net/econet/af_econet.c in the
   Linux kernel when an econet address is configured, allowed
   local users to gain privileges by providing a large number
   of iovec structures.

   *

   CVE-2010-3850: The ec_dev_ioctl function in
   net/econet/af_econet.c in the Linux kernel did not require
   the CAP_NET_ADMIN capability, which allowed local users to
   bypass intended access restrictions and configure econet
   addresses via an SIOCSIFADDR ioctl call.

   *

   CVE-2010-4258: A local attacker could use a Oops
   (kernel crash) caused by other flaws to write a 0 byte to a
   attacker controlled address in the kernel. This could lead
   to privilege escalation together with other issues.

   *

   CVE-2010-4160: Multiple integer overflows in the (1)
   pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the
   (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the
   PPPoL2TP and IPoL2TP implementations in the Linux kernel
   allowed local users to cause a denial of service (heap
   memory corruption and panic) or possibly gain privileges
   via a crafted sendto call.

   *

   CVE-2010-4157: A 32bit vs 64bit integer mismatch in
   gdth_ioctl_alloc could lead to memory corruption in the
   GDTH driver.

   *

   CVE-2010-3081: Incorrect buffer handling in the
   biarch-compat buffer handling could be used by local
   attackers to gain root privileges. This problem affects
   foremost x86_64, or potentially other biarch platforms,
   like PowerPC and S390x.

   *

   CVE-2010-2521: Multiple buffer overflows in
   fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS
   server in the Linux kernel allowed remote attackers to
   cause a denial of service (panic) or possibly execute
   arbitrary code via a crafted NFSv4 compound WRITE request,
   related to the read_buf and nfsd4_decode_compound functions.

Indications:

   Everyone using the Linux Kernel on s390x architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Package List:

   - SUSE Linux Enterprise Server 10 SP2 (s390x):

      kernel-default-2.6.16.60-0.42.11
      kernel-source-2.6.16.60-0.42.11
      kernel-syms-2.6.16.60-0.42.11

References:

   https://bugzilla.novell.com/211997
   https://bugzilla.novell.com/363921
   https://bugzilla.novell.com/506571
   https://bugzilla.novell.com/518089
   https://bugzilla.novell.com/570121
   https://bugzilla.novell.com/584522
   https://bugzilla.novell.com/597771
   https://bugzilla.novell.com/59807
   https://bugzilla.novell.com/598159
   https://bugzilla.novell.com/599213
   https://bugzilla.novell.com/599826
   https://bugzilla.novell.com/608994
   https://bugzilla.novell.com/612213
   https://bugzilla.novell.com/615929
   https://bugzilla.novell.com/620372
   https://bugzilla.novell.com/641575
   https://bugzilla.novell.com/644880
   https://bugzilla.novell.com/646633
   https://bugzilla.novell.com/647632
   https://bugzilla.novell.com/650513
   https://bugzilla.novell.com/651109
   https://bugzilla.novell.com/652939
   https://bugzilla.novell.com/652940
   https://bugzilla.novell.com/655670
   https://bugzilla.novell.com/657350
   https://bugzilla.novell.com/657759
   https://bugzilla.novell.com/660233
   https://bugzilla.novell.com/664725
   https://bugzilla.novell.com/678356
   https://bugzilla.novell.com/686813
   http://download.novell.com/patch/finder/?keywords=026b38ec9a6f1f9490f7afc997212483