U radu jezgre operacijskog sustava SuSE Linux Enterprise Server 11 SP1, uočeni su i uklonjeni brojni sigurnosni propusti koji omogućuju stjecanje povećanih ovlasti, izvođenje DoS napada te pokretanje zlonamjernog programskog koda.
Paket:
Linux kernel 2.6.x
Operacijski sustavi:
SUSE 11
Kritičnost:
6
Problem:
cjelobrojno prepisivanje, korupcija memorije, pogreška u programskoj funkciji
Iskorištavanje:
lokalno/udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Neki od važnijih propusta su gubitak memorije uzrokovan nepravilnostima više jezgrenih funkcija, korupcija memorije preko "napi_reuse_skb" funkcije, dereferenciranje NULL pokazivača i dr.
Posljedica:
Zlonamjernom korisniku spomenute nepravilnosti omogućuju DoS napad, povećanje ovlasti te izvršavanje proizvoljnog programskog koda.
Rješenje:
Savjetuje se pregled originalne preporuke za više informacija o propustima te instalacija nadogradnji.
SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0364-1
Rating: important
References: #590980 #591293 #651219 #653260 #698450 #699709
#707096 #707288 #708877 #711203 #711539 #712366
#714001 #716901 #722406 #726788 #732021 #734056
#745881
Cross-References: CVE-2010-3873 CVE-2011-1576 CVE-2011-1577
CVE-2011-1833 CVE-2011-2203 CVE-2011-2918
CVE-2011-2928 CVE-2011-3191 CVE-2011-3353
CVE-2011-4081 CVE-2011-4110 CVE-2011-4326
Affected Products:
SUSE Linux Enterprise Real Time 11 SP1
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 7 fixes is
now available. It includes one version update.
Description:
The SUSE Linux Enterprise Server 11 SP1 Realtime kernel was
updated to 2.6.33.20 to fix various bugs and security
issues.
The following security issues have been fixed:
* CVE-2011-4110: KEYS: Fix a NULL pointer deref in the
user-defined key type, which allowed local attackers to
Oops the kernel.
* CVE-2011-4081: Avoid potential NULL pointer deref in
ghash, which allowed local attackers to Oops the kernel.
* CVE-2010-3873: When using X.25 communication a
malicious sender could corrupt data structures, causing
crashes or potential code execution. Please note that X.25
needs to be setup to make this effective, which these days
is usually not the case.
* CVE-2011-2203: A NULL ptr dereference on mounting
corrupt hfs filesystems was fixed which could be used by
local attackers to crash the kernel.
* CVE-2011-3191: A malicious CIFS server could cause a
integer overflow on the local machine on directory index
operations, in turn causing memory corruption.
* CVE-2011-3353: In the fuse filesystem,
FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
write so the message processing could overrun and result in
a BUG_ON() in fuse_copy_fill(). This flaw could be used by
local users able to mount FUSE filesystems to crash the
system.
* CVE-2011-4326: A bug was found in the way headroom
check was performed in udp6_ufo_fragment() function. A
remote attacker could use this flaw to crash the system.
* CVE-2011-1576: The Generic Receive Offload (GRO)
implementation in the Linux kernel allowed remote attackers
to cause a denial of service via crafted VLAN packets that
are processed by the napi_reuse_skb function, leading to
(1) a memory leak or (2) memory corruption, a different
vulnerability than CVE-2011-1478.
* CVE-2011-1833: Added a kernel option to ensure
ecryptfs is mounting only on paths belonging to the current
ui, which would have allowed local attackers to potentially
gain privileges via symlink attacks.
* CVE-2011-2918: In the perf framework software event
overflows could deadlock or delete an uninitialized timer.
Included in Linux 2.6.32.19 stable update:
* CVE-2011-2928: The befs_follow_link function in
fs/befs/linuxvfs.c in the Linux kernel did not validate the
length attribute of long symlinks, which allowed local
users to cause a denial of service (incorrect pointer
dereference and OOPS) by accessing a long symlink on a
malformed Be filesystem.
* CVE-2011-3353: In the fuse filesystem,
FUSE_NOTIFY_INVAL_ENTRY did not check the length of the
write so the message processing could overrun and result in
a BUG_ON() in fuse_copy_fill(). This flaw could be used by
local users able to mount FUSE filesystems to crash the
system.
* CVE-2011-1577: The Linux kernel automatically
evaluated partition tables of storage devices. The code for
evaluating EFI GUID partitions (in fs/partitions/efi.c)
contained a bug that causes a kernel oops on certain
corrupted GUID partition tables, which might be used by
local attackers to crash the kernel or potentially execute
code.
The following non security bugs have been fixed:
* Fix DL980G7 numa enumeration problem. HP bios SRAT
table contains more entries (256) than SLERT NR_CPUS (128).
Pull in mainline fixes to always parse the entire table,
regardless of configured NR_CPUS.
* x86, acpi: Parse all SRAT cpu entries even above the
cpu number limitation (bnc#745881).
* x86, ia64, acpi: Clean up x86-ism in
drivers/acpi/numa.c (bnc#745881).
* rt, timerfd: fix timerfd_settime() livelock.
* Fix build failure on 12.1 systems.
CONFIG_BUILD_DOCSRC builds Documentation/video4linux but
without reference to local includes, thus build only
succeeds on older SUSE releases where linux-glibc-devel
provides (obsolete) videodev.h. Add upstream patch which
drops support for v4lgrab.c which is safe as sample
executable is not packaged in any released rpm.
* Add missing references symset for the rt flavor
(bnc#722406#c69).
* Pick up SP1 82576 ET2 Quad Port driver addon. Pick up
I350 as well, since it's just recognition of a follow-on
part for 82580.
* igb: Add support for 82576 ET2 Quad Port Server
Adapter (bnc#591293, bnc#722406).
* igb: add support for Intel I350 Gigabit Network
Connection (bnc#590980).
* Fix regression introduced by backport of mainline
commit 43fa5460
* sched/rt: Migrate equal priority tasks to available
CPUs.
* sched: fix broken SCHED_RESET_ON_FORK handling
(bnc#708877).
* sched: Fix rt_rq runtime leakage bug (bnc#707096).
Security Issue references:
* CVE-2011-4110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
>
* CVE-2011-4081
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081
>
* CVE-2010-3873
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873
>
* CVE-2011-2203
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2203
>
* CVE-2011-3191
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
>
* CVE-2011-3353
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353
>
* CVE-2011-4326
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4326
>
* CVE-2011-1576
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
>
* CVE-2011-1833
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1833
>
* CVE-2011-2918
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918
>
* CVE-2011-2928
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928
>
* CVE-2011-3353
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3353
>
* CVE-2011-1577
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
>
Indications:
Everyone using the Real Time Linux Kernel on x86_64 architecture should
update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time 11 SP1:
zypper in -t patch slertesp1-kernel-5802
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time 11 SP1 (x86_64) [New Version: 2.6.33.20]:
brocade-bna-kmp-rt-2.1.0.0_2.6.33.20_rt31_0.3-0.2.34
cluster-network-kmp-rt-1.4_2.6.33.20_rt31_0.3-2.5.28
cluster-network-kmp-rt_trace-1.4_2.6.33.20_rt31_0.3-2.5.28
drbd-kmp-rt-8.3.11_2.6.33.20_rt31_0.3-0.3.28
drbd-kmp-rt_trace-8.3.11_2.6.33.20_rt31_0.3-0.3.28
iscsitarget-kmp-rt-1.4.19_2.6.33.20_rt31_0.3-0.9.11.2
kernel-rt-2.6.33.20-0.3.1
kernel-rt-base-2.6.33.20-0.3.1
kernel-rt-devel-2.6.33.20-0.3.1
kernel-rt_trace-2.6.33.20-0.3.1
kernel-rt_trace-base-2.6.33.20-0.3.1
kernel-rt_trace-devel-2.6.33.20-0.3.1
kernel-source-rt-2.6.33.20-0.3.1
kernel-syms-rt-2.6.33.20-0.3.1
ocfs2-kmp-rt-1.6_2.6.33.20_rt31_0.3-0.4.2.28
ocfs2-kmp-rt_trace-1.6_2.6.33.20_rt31_0.3-0.4.2.28
ofed-kmp-rt-1.5.2_2.6.33.20_rt31_0.3-0.9.13.15
References:
http://support.novell.com/security/cve/CVE-2010-3873.html
http://support.novell.com/security/cve/CVE-2011-1576.html
http://support.novell.com/security/cve/CVE-2011-1577.html
http://support.novell.com/security/cve/CVE-2011-1833.html
http://support.novell.com/security/cve/CVE-2011-2203.html
http://support.novell.com/security/cve/CVE-2011-2918.html
http://support.novell.com/security/cve/CVE-2011-2928.html
http://support.novell.com/security/cve/CVE-2011-3191.html
http://support.novell.com/security/cve/CVE-2011-3353.html
http://support.novell.com/security/cve/CVE-2011-4081.html
http://support.novell.com/security/cve/CVE-2011-4110.html
http://support.novell.com/security/cve/CVE-2011-4326.html
https://bugzilla.novell.com/590980
https://bugzilla.novell.com/591293
https://bugzilla.novell.com/651219
https://bugzilla.novell.com/653260
https://bugzilla.novell.com/698450
https://bugzilla.novell.com/699709
https://bugzilla.novell.com/707096
https://bugzilla.novell.com/707288
https://bugzilla.novell.com/708877
https://bugzilla.novell.com/711203
https://bugzilla.novell.com/711539
https://bugzilla.novell.com/712366
https://bugzilla.novell.com/714001
https://bugzilla.novell.com/716901
https://bugzilla.novell.com/722406
https://bugzilla.novell.com/726788
https://bugzilla.novell.com/732021
https://bugzilla.novell.com/734056
https://bugzilla.novell.com/745881
http://download.novell.com/patch/finder/?keywords=2e813f9c7b45c2dd561fb51cf3245000
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke