Objavljena je nadogradnja jezgre operacijskog sustava SUSE Linux Enterprise 11 koja ispravlja višestruke sigurnosne nedostatke. Neki od njih napadačima omogućuju pristup osjetljivim informacijama, izvođenje napada uskraćivanja usluge i izvršavanje proizvoljnog programskog koda.
Paket:
Linux kernel 2.6.x
Operacijski sustavi:
SUSE Linux Enterprise Server (SLES) 11
Kritičnost:
4.9
Problem:
neodgovarajuće rukovanje memorijom, pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika
Neki od uočenih nedostataka javljaju se zbog loše izvedbe sučelja "/proc/PID/io", preljeva međuspremnika upravljačkog programa "si4713-i2c" te problema u implementaciji GUID particija.
Posljedica:
Lokalni napadači mogu iskoristiti navedene nedostatke za pristup osjetljivim podacima, pokretanje DoS napada i izvršavanje zlonamjernog programskog koda.
Rješenje:
Svim se korisnicima savjetuje primjena nadogradnje.
SUSE Security Update: kernel update for SLE11 SP1
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:0984-1
Rating: important
References: #225091 #602150 #635880 #649625 #663678 #685226
#692784 #693513 #694315 #699354 #699916 #701355
#703155 #703786 #704361 #704957 #705433 #705903
#706696 #707332 #707644 #708160 #708376 #708730
#710352 #711752 #711941 #712316 #712366
Cross-References: CVE-2010-3881 CVE-2011-1776 CVE-2011-2495
CVE-2011-2700 CVE-2011-2909 CVE-2011-2918
Affected Products:
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 23 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 Service Pack 1 kernel was
updated to 2.6.32.45 and fixes various bugs and security
issues.
Following security issues were fixed: CVE-2011-1776: Timo
Warns reported an issue in the Linux implementation for
GUID partitions. Users with physical access could gain
access to sensitive kernel memory by adding a storage
device with a specially crafted corrupted invalid partition
table.
CVE-2010-3881: The second part of this fix was not yet
applied to our kernel: arch/x86/kvm/x86.c in the Linux
kernel before 2.6.36.2 does not initialize certain
structure members, which allows local users to obtain
potentially sensitive information from kernel stack memory
via read operations on the /dev/kvm device.
CVE-2011-2495: The /proc/PID/io interface could be used by
local attackers to gain information on other processes like
number of password characters typed or similar.
CVE-2011-2700: A small buffer overflow in the radio driver
si4713-i2c was fixed that could potentially used by local
attackers to crash the kernel or potentially execute code.
CVE-2011-2909: A kernel information leak in the comedi
driver from kernel to userspace was fixed.
CVE-2011-2918: In the perf framework software event
overflows could deadlock or delete an uninitialized timer.
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64):
kernel-default-extra-2.6.32.45-0.3.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
kernel-xen-extra-2.6.32.45-0.3.1
- SLE 11 SERVER Unsupported Extras (ppc64):
kernel-ppc64-extra-2.6.32.45-0.3.1
- SLE 11 SERVER Unsupported Extras (i586):
kernel-pae-extra-2.6.32.45-0.3.1
References:
http://support.novell.com/security/cve/CVE-2010-3881.html
http://support.novell.com/security/cve/CVE-2011-1776.html
http://support.novell.com/security/cve/CVE-2011-2495.html
http://support.novell.com/security/cve/CVE-2011-2700.html
http://support.novell.com/security/cve/CVE-2011-2909.html
http://support.novell.com/security/cve/CVE-2011-2918.html
https://bugzilla.novell.com/225091
https://bugzilla.novell.com/602150
https://bugzilla.novell.com/635880
https://bugzilla.novell.com/649625
https://bugzilla.novell.com/663678
https://bugzilla.novell.com/685226
https://bugzilla.novell.com/692784
https://bugzilla.novell.com/693513
https://bugzilla.novell.com/694315
https://bugzilla.novell.com/699354
https://bugzilla.novell.com/699916
https://bugzilla.novell.com/701355
https://bugzilla.novell.com/703155
https://bugzilla.novell.com/703786
https://bugzilla.novell.com/704361
https://bugzilla.novell.com/704957
https://bugzilla.novell.com/705433
https://bugzilla.novell.com/705903
https://bugzilla.novell.com/706696
https://bugzilla.novell.com/707332
https://bugzilla.novell.com/707644
https://bugzilla.novell.com/708160
https://bugzilla.novell.com/708376
https://bugzilla.novell.com/708730
https://bugzilla.novell.com/710352
https://bugzilla.novell.com/711752
https://bugzilla.novell.com/711941
https://bugzilla.novell.com/712316
https://bugzilla.novell.com/712366
http://download.novell.com/patch/finder/?keywords=2c008d324a5017bbf31069d01bda163d
http://download.novell.com/patch/finder/?keywords=5efdf70977ca2033f5801839d7d47981
http://download.novell.com/patch/finder/?keywords=90b4172ccdf696ff763a578516754624
http://download.novell.com/patch/finder/?keywords=dc81f86fa9b2b3e014159918dd23d8f9
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke