SUSE 5180 Published by

The following updates has been released for openSUSE: openSUSE-SU-2012:0237-1: important: VUL-0: nginx: heap overflow, openSUSE-SU-2012:0236-1: important: kernel: security and bugfix update., openSUSE-SU-2012:0234-1: important: MozillaFirefox: Version 10, openSUSE-SU-2012:0227-1: important: xorg-x11-server, openSUSE-SU-2012:0039-2: important: MozillaFirefox, openSUSE-SU-2012:0208-1: important: tomcat6: Fix multiple weaknesses in HTTP DIGESTS, and openSUSE-SU-2012:0206-1: important: kernel: security and bugfix update.



openSUSE-SU-2012:0237-1: important: VUL-0: nginx: heap overflow
openSUSE Security Update: VUL-0: nginx: heap overflow
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0237-1
Rating: important
References: #731084
Cross-References: CVE-2011-4315
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

A flaw in the custom DNS resolver of nginx could lead to a
heap based buffer overflow which could potentially allow
attackers to execute arbitrary code or to cause a Denial of
Service (bnc#731084, CVE-2011-4315).


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch nginx-0.8-5467

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

nginx-0.8-0.8.53-4.9.1


References:

http://support.novell.com/security/cve/CVE-2011-4315.html
https://bugzilla.novell.com/731084

openSUSE-SU-2012:0236-1: important: kernel: security and bugfix update.
openSUSE Security Update: kernel: security and bugfix update.
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0236-1
Rating: important
References: #676602 #679059 #681180 #681181 #681184 #681185
#691052 #692498 #699709 #700879 #702037 #707288
#709561 #709764 #710235 #713933 #723999 #726788
#736149
Cross-References: CVE-2011-1080 CVE-2011-1170 CVE-2011-1171
CVE-2011-1172 CVE-2011-1173 CVE-2011-1770
CVE-2011-2203 CVE-2011-2213 CVE-2011-2534
CVE-2011-2699 CVE-2011-2723 CVE-2011-2898
CVE-2011-4081 CVE-2011-4087 CVE-2011-4604

Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that solves 15 vulnerabilities and has four fixes
is now available. It includes one version update.

Description:

The openSUSE 11.4 kernel was updated to fix bugs and
security issues.

Following security issues have been fixed: CVE-2011-4604:
If root does read() on a specific socket, it's possible to
corrupt (kernel) memory over network, with an ICMP packet,
if the B.A.T.M.A.N. mesh protocol is used.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack
used predictable fragment identification numbers. A remote
attacker could exploit this to exhaust network resources,
leading to a denial of service.

CVE-2011-1173: A kernel information leak via ip6_tables was
fixed.

CVE-2011-1172: A kernel information leak via ip6_tables
netfilter was fixed.

CVE-2011-1171: A kernel information leak via ip_tables was
fixed.

CVE-2011-1170: A kernel information leak via arp_tables was
fixed.

CVE-2011-1080: A kernel information leak via netfilter was
fixed.

CVE-2011-2213: The inet_diag_bc_audit function in
net/ipv4/inet_diag.c in the Linux kernel did not properly
audit INET_DIAG bytecode, which allowed local users to
cause a denial of service (kernel infinite loop) via
crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
message, as demonstrated by an INET_DIAG_BC_JMP instruction
with a zero yes value, a different vulnerability than
CVE-2010-3880.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write
function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux
kernel might have allowed local users to cause a denial of
service or have unspecified other impact via a crafted
write operation, related to string data that lacks a
terminating '\0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options
function (net/dccp/options.c) in the Linux kernel allowed
remote attackers to cause a denial of service via a
Datagram Congestion Control Protocol (DCCP) packet with an
invalid feature options length, which triggered a buffer
over-read.

CVE-2011-2723: The skb_gro_header_slow function in
include/linux/netdevice.h in the Linux kernel, when Generic
Receive Offload (GRO) is enabled, reset certain fields in
incorrect situations, which allowed remote attackers to
cause a denial of service (system crash) via crafted
network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET
protocol was fixed which might have allowed local attackers
to read kernel memory.

CVE-2011-4087: A local denial of service when using bridged
networking via a flood ping was fixed.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt
hfs filesystems was fixed which could be used by local
attackers to crash the kernel.

CVE-2011-4081: Using the crypto interface a local user
could Oops the kernel by writing to a AF_ALG socket.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch kernel-5606

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 2.6.37.6]:

kernel-debug-2.6.37.6-0.11.1
kernel-debug-base-2.6.37.6-0.11.1
kernel-debug-devel-2.6.37.6-0.11.1
kernel-default-2.6.37.6-0.11.1
kernel-default-base-2.6.37.6-0.11.1
kernel-default-devel-2.6.37.6-0.11.1
kernel-desktop-2.6.37.6-0.11.1
kernel-desktop-base-2.6.37.6-0.11.1
kernel-desktop-devel-2.6.37.6-0.11.1
kernel-ec2-2.6.37.6-0.11.1
kernel-ec2-base-2.6.37.6-0.11.1
kernel-ec2-devel-2.6.37.6-0.11.1
kernel-ec2-extra-2.6.37.6-0.11.1
kernel-syms-2.6.37.6-0.11.1
kernel-trace-2.6.37.6-0.11.1
kernel-trace-base-2.6.37.6-0.11.1
kernel-trace-devel-2.6.37.6-0.11.1
kernel-vanilla-2.6.37.6-0.11.1
kernel-vanilla-base-2.6.37.6-0.11.1
kernel-vanilla-devel-2.6.37.6-0.11.1
kernel-xen-2.6.37.6-0.11.1
kernel-xen-base-2.6.37.6-0.11.1
kernel-xen-devel-2.6.37.6-0.11.1
preload-kmp-default-1.2_k2.6.37.6_0.11-6.7.28
preload-kmp-desktop-1.2_k2.6.37.6_0.11-6.7.28

- openSUSE 11.4 (noarch) [New Version: 2.6.37.6]:

kernel-devel-2.6.37.6-0.11.1
kernel-docs-2.6.37.6-0.11.1
kernel-source-2.6.37.6-0.11.1
kernel-source-vanilla-2.6.37.6-0.11.1

- openSUSE 11.4 (i586) [New Version: 2.6.37.6]:

kernel-pae-2.6.37.6-0.11.1
kernel-pae-base-2.6.37.6-0.11.1
kernel-pae-devel-2.6.37.6-0.11.1
kernel-vmi-2.6.37.6-0.11.1
kernel-vmi-base-2.6.37.6-0.11.1
kernel-vmi-devel-2.6.37.6-0.11.1


References:

http://support.novell.com/security/cve/CVE-2011-1080.html
http://support.novell.com/security/cve/CVE-2011-1170.html
http://support.novell.com/security/cve/CVE-2011-1171.html
http://support.novell.com/security/cve/CVE-2011-1172.html
http://support.novell.com/security/cve/CVE-2011-1173.html
http://support.novell.com/security/cve/CVE-2011-1770.html
http://support.novell.com/security/cve/CVE-2011-2203.html
http://support.novell.com/security/cve/CVE-2011-2213.html
http://support.novell.com/security/cve/CVE-2011-2534.html
http://support.novell.com/security/cve/CVE-2011-2699.html
http://support.novell.com/security/cve/CVE-2011-2723.html
http://support.novell.com/security/cve/CVE-2011-2898.html
http://support.novell.com/security/cve/CVE-2011-4081.html
http://support.novell.com/security/cve/CVE-2011-4087.html
http://support.novell.com/security/cve/CVE-2011-4604.html
https://bugzilla.novell.com/676602
https://bugzilla.novell.com/679059
https://bugzilla.novell.com/681180
https://bugzilla.novell.com/681181
https://bugzilla.novell.com/681184
https://bugzilla.novell.com/681185
https://bugzilla.novell.com/691052
https://bugzilla.novell.com/692498
https://bugzilla.novell.com/699709
https://bugzilla.novell.com/700879
https://bugzilla.novell.com/702037
https://bugzilla.novell.com/707288
https://bugzilla.novell.com/709561
https://bugzilla.novell.com/709764
https://bugzilla.novell.com/710235
https://bugzilla.novell.com/713933
https://bugzilla.novell.com/723999
https://bugzilla.novell.com/726788
https://bugzilla.novell.com/736149

openSUSE-SU-2012:0234-1: important: MozillaFirefox: Version 10
openSUSE Security Update: MozillaFirefox: Version 10
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0234-1
Rating: important
References: #744275
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that contains security fixes can now be
installed. It includes 5 new package versions.

Description:

Mozilla Firefox was updated to version 10 to fix bugs and
security issues.

MFSA 2012-01: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.

In general these flaws cannot be exploited through email in
the Thunderbird and SeaMonkey products because scripting is
disabled, but are potentially a risk in browser or
browser-like contexts in those products. References

CVE-2012-0443: Ben Hawkes, Christian Holler, Honza Bombas,
Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der
Beken, and Bill McCloskey reported memory safety problems
that were fixed in Firefox 10.

CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory
safety problems that were fixed in both Firefox 10 and
Firefox 3.6.26.


MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox
has been generous in its interpretation of web addresses
containing square brackets around the host. If this host
was not a valid IPv6 literal address, Firefox attempted to
interpret the host as a regular domain name. Gregory
Fleischer reported that requests made using IPv6 syntax
using XMLHttpRequest objects through a proxy may generate
errors depending on proxy configuration for IPv6. The
resulting error messages from the proxy may disclose
sensitive data because Same-Origin Policy (SOP) will allow
the XMLHttpRequest object to read these error messages,
allowing user privacy to be eroded. Firefox now enforces
RFC 3986 IPv6 literal syntax and that may break links
written using the non-standard Firefox-only forms that were
previously accepted.

This was fixed previously for Firefox 7.0, Thunderbird 7.0,
and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and
Thunderbird 3.1.18 during 2012.


MFSA 2012-03/CVE-2012-0445: Alex Dvorov reported that an
attacker could replace a sub-frame in another domain's
document by using the name attribute of the sub-frame as a
form submission target. This can potentially allow for
phishing attacks against users and violates the HTML5 frame
navigation policy.

Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability


MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative that
removed child nodes of nsDOMAttribute can be accessed under
certain circumstances because of a premature notification
of AttributeChildRemoved. This use-after-free of the child
nodes could possibly allow for for remote code execution.

MFSA 2012-05/CVE-2012-0446: Mozilla security researcher
moz_bug_r_a4 reported that frame scripts bypass XPConnect
security checks when calling untrusted objects. This allows
for cross-site scripting (XSS) attacks through web pages
and Firefox extensions. The fix enables the Script Security
Manager (SSM) to force security checks on all frame scripts.

Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability


MFSA 2012-06/CVE-2012-0447: Mozilla developer Tim Abraldes
reported that when encoding images as
image/vnd.microsoft.icon the resulting data was always a
fixed size, with uninitialized memory appended as padding
beyond the size of the actual image. This is the result of
mImageBufferSize in the encoder being initialized with a
value different than the size of the source image. There is
the possibility of sensitive data from uninitialized memory
being appended to a PNG image when converted fron an ICO
format image. This sensitive data may then be disclosed in
the resulting image.

Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability


MFSA 2012-07/CVE-2012-0444: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative the
possibility of memory corruption during the decoding of Ogg
Vorbis files. This can cause a crash during decoding and
has the potential for remote code execution.


MFSA 2012-08/CVE-2012-0449: Security researchers Nicolas
Gregoire and Aki Helin independently reported that when
processing a malformed embedded XSLT stylesheet, Firefox
can crash due to a memory corruption. While there is no
evidence that this is directly exploitable, there is a
possibility of remote code execution.

MFSA 2012-09/CVE-2012-0450: magicant starmen reported that
if a user chooses to export their Firefox Sync key the
"Firefox Recovery Key.html" file is saved with incorrect
permissions, making the file contents potentially readable
by other users on Linux and OS X systems.

Firefox 3.6 is not affected by this vulnerability.


Special Instructions and Notes:

Please reboot the system after installing this update.This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application. This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch MozillaFirefox-5750 MozillaThunderbird-5751 mozilla-js192-5749 seamonkey-5768

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.26,10.0,2.7 and 3.1.18]:

MozillaFirefox-10.0-0.2.1
MozillaFirefox-branding-upstream-10.0-0.2.1
MozillaFirefox-buildsymbols-10.0-0.2.1
MozillaFirefox-devel-10.0-0.2.1
MozillaFirefox-translations-common-10.0-0.2.1
MozillaFirefox-translations-other-10.0-0.2.1
MozillaThunderbird-3.1.18-0.23.1
MozillaThunderbird-buildsymbols-3.1.18-0.23.1
MozillaThunderbird-devel-3.1.18-0.23.1
MozillaThunderbird-translations-common-3.1.18-0.23.1
MozillaThunderbird-translations-other-3.1.18-0.23.1
enigmail-1.1.2+3.1.18-0.23.1
mozilla-js192-1.9.2.26-0.2.1
mozilla-xulrunner192-1.9.2.26-0.2.1
mozilla-xulrunner192-buildsymbols-1.9.2.26-0.2.1
mozilla-xulrunner192-devel-1.9.2.26-0.2.1
mozilla-xulrunner192-gnome-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-common-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-other-1.9.2.26-0.2.1
seamonkey-2.7-0.2.1
seamonkey-dom-inspector-2.7-0.2.1
seamonkey-irc-2.7-0.2.1
seamonkey-translations-common-2.7-0.2.1
seamonkey-translations-other-2.7-0.2.1
seamonkey-venkman-2.7-0.2.1

- openSUSE 11.4 (x86_64) [New Version: 1.9.2.26]:

mozilla-js192-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-gnome-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-common-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-other-32bit-1.9.2.26-0.2.1


References:

https://bugzilla.novell.com/744275

openSUSE-SU-2012:0227-1: important: xorg-x11-server
openSUSE Security Update: xorg-x11-server
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0227-1
Rating: important
References: #722944
Cross-References: CVE-2011-4028 CVE-2011-4029
Affected Products:
openSUSE 11.3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

The X server had two security issues and one bug that is
fixed by this update.

CVE-2011-4028: It is possible for a local attacker to
deduce if a file exists or not by exploiting the way that
Xorg creates its lock files.

CVE-2011-4029: It is possible for a non-root local user to
set the read permission for all users on any file or
directory.


Special Instructions and Notes:

Please reboot the system after installing this update.This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application. This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch xorg-x11-Xvnc-5490

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64):

xorg-x11-Xvnc-7.5_1.8.0-10.15.2
xorg-x11-server-7.5_1.8.0-10.15.2
xorg-x11-server-extra-7.5_1.8.0-10.15.2
xorg-x11-server-sdk-7.5_1.8.0-10.15.2


References:

http://support.novell.com/security/cve/CVE-2011-4028.html
http://support.novell.com/security/cve/CVE-2011-4029.html
https://bugzilla.novell.com/722944

openSUSE-SU-2012:0039-2: important: MozillaFirefox
openSUSE Security Update: MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0039-2
Rating: important
References: #737533
Cross-References: CVE-2011-3658 CVE-2011-3660 CVE-2011-3661
CVE-2011-3663 CVE-2011-3665
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available. It
includes two new package versions.

Description:

Mozilla Firefox Version 9 fixes several security issues:

* MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety
hazards
* MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash
in the YARR regular expression library
* MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds
access
* MFSA 2011-56/CVE-2011-3663: Key detection without
JavaScript via SVG animation
* MFSA 2011-58/CVE-2011-3665: Crash scaling to
extreme sizes


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch MozillaFirefox-5577

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.25 and 9.0]:

MozillaFirefox-9.0-0.2.1
MozillaFirefox-branding-upstream-9.0-0.2.1
MozillaFirefox-buildsymbols-9.0-0.2.1
MozillaFirefox-devel-9.0-0.2.1
MozillaFirefox-translations-common-9.0-0.2.1
MozillaFirefox-translations-other-9.0-0.2.1
mozilla-js192-1.9.2.25-0.2.1
mozilla-xulrunner192-1.9.2.25-0.2.1
mozilla-xulrunner192-buildsymbols-1.9.2.25-0.2.1
mozilla-xulrunner192-devel-1.9.2.25-0.2.1
mozilla-xulrunner192-gnome-1.9.2.25-0.2.1
mozilla-xulrunner192-translations-common-1.9.2.25-0.2.1
mozilla-xulrunner192-translations-other-1.9.2.25-0.2.1

- openSUSE 11.4 (x86_64) [New Version: 1.9.2.25]:

mozilla-js192-32bit-1.9.2.25-0.2.1
mozilla-xulrunner192-32bit-1.9.2.25-0.2.1
mozilla-xulrunner192-gnome-32bit-1.9.2.25-0.2.1
mozilla-xulrunner192-translations-common-32bit-1.9.2.25-0.2.1
mozilla-xulrunner192-translations-other-32bit-1.9.2.25-0.2.1


References:

http://support.novell.com/security/cve/CVE-2011-3658.html
http://support.novell.com/security/cve/CVE-2011-3660.html
http://support.novell.com/security/cve/CVE-2011-3661.html
http://support.novell.com/security/cve/CVE-2011-3663.html
http://support.novell.com/security/cve/CVE-2011-3665.html
https://bugzilla.novell.com/737533

openSUSE-SU-2012:0208-1: important: tomcat6: Fix multiple weaknesses in HTTP DIGESTS
openSUSE Security Update: tomcat6: Fix multiple weaknesses in HTTP DIGESTS
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0208-1
Rating: important
References: #742477
Cross-References: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063
CVE-2011-5064
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update fixes a regression in parameter passing (in
urldecoding of parameters that contain spaces).

In addition, multiple weaknesses in HTTP DIGESTS are fixed
(CVE-2011-1184).


CVE-2011-5062: The HTTP Digest Access Authentication
implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x
before 6.0.33 and 7.x before 7.0.12 does not check qop
values, which might allow remote attackers to bypass
intended integrity-protection requirements via a qop=auth
value, a different vulnerability than CVE-2011-1184.

CVE-2011-5063: The HTTP Digest Access Authentication
implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x
before 6.0.33, and 7.x before 7.0.12 does not check realm
values, which might allow remote attackers to bypass
intended access restrictions by leveraging the availability
of a protection space with weaker authentication or
authorization requirements, a different vulnerability than
CVE-2011-1184.

CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest
Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12
uses Catalina as the hard-coded server secret (aka private
key), which makes it easier for remote attackers to bypass
cryptographic protection mechanisms by leveraging knowledge
of this string, a different vulnerability than
CVE-2011-1184.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch tomcat6-5765

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (noarch):

tomcat6-6.0.32-7.14.1
tomcat6-admin-webapps-6.0.32-7.14.1
tomcat6-docs-webapp-6.0.32-7.14.1
tomcat6-el-1_0-api-6.0.32-7.14.1
tomcat6-javadoc-6.0.32-7.14.1
tomcat6-jsp-2_1-api-6.0.32-7.14.1
tomcat6-lib-6.0.32-7.14.1
tomcat6-servlet-2_5-api-6.0.32-7.14.1
tomcat6-webapps-6.0.32-7.14.1


References:

http://support.novell.com/security/cve/CVE-2011-1184.html
http://support.novell.com/security/cve/CVE-2011-5062.html
http://support.novell.com/security/cve/CVE-2011-5063.html
http://support.novell.com/security/cve/CVE-2011-5064.html
https://bugzilla.novell.com/742477

openSUSE-SU-2012:0206-1: important: kernel: security and bugfix update.
openSUSE Security Update: kernel: security and bugfix update.
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0206-1
Rating: important
References: #691052 #692498 #698450 #699709 #700879 #702037
#707288 #709764 #710235 #726788 #728661 #735612
#736149
Cross-References: CVE-2011-1576 CVE-2011-1770 CVE-2011-2203
CVE-2011-2213 CVE-2011-2525 CVE-2011-2534
CVE-2011-2699 CVE-2011-2723 CVE-2011-2898
CVE-2011-4081 CVE-2011-4604
Affected Products:
openSUSE 11.3
______________________________________________________________________________

An update that solves 11 vulnerabilities and has two fixes
is now available. It includes one version update.

Description:

The openSUSE 11.3 kernel was updated to fix various bugs
and security issues.

Following security issues have been fixed: CVE-2011-4604:
If root does read() on a specific socket, it's possible to
corrupt (kernel) memory over network, with an ICMP packet,
if the B.A.T.M.A.N. mesh protocol is used.

CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function
in the Linux kernels packet scheduler API implementation to
be called on built-in qdisc structures. A local,
unprivileged user could have used this flaw to trigger a
NULL pointer dereference, resulting in a denial of service.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack
used predictable fragment identification numbers. A remote
attacker could exploit this to exhaust network resources,
leading to a denial of service.

CVE-2011-2213: The inet_diag_bc_audit function in
net/ipv4/inet_diag.c in the Linux kernel did not properly
audit INET_DIAG bytecode, which allowed local users to
cause a denial of service (kernel infinite loop) via
crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
message, as demonstrated by an INET_DIAG_BC_JMP instruction
with a zero yes value, a different vulnerability than
CVE-2010-3880.

CVE-2011-1576: The Generic Receive Offload (GRO)
implementation in the Linux kernel allowed remote attackers
to cause a denial of service via crafted VLAN packets that
are processed by the napi_reuse_skb function, leading to
(1) a memory leak or (2) memory corruption, a different
vulnerability than CVE-2011-1478.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write
function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux
kernel might have allowed local users to cause a denial of
service or have unspecified other impact via a crafted
write operation, related to string data that lacks a
terminating '\0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options
function (net/dccp/options.c) in the Linux kernel allowed
remote attackers to cause a denial of service via a
Datagram Congestion Control Protocol (DCCP) packet with an
invalid feature options length, which triggered a buffer
over-read.

CVE-2011-2723: The skb_gro_header_slow function in
include/linux/netdevice.h in the Linux kernel, when Generic
Receive Offload (GRO) is enabled, reset certain fields in
incorrect situations, which allowed remote attackers to
cause a denial of service (system crash) via crafted
network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET
protocol was fixed which might have allowed local attackers
to read kernel memory.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt
hfs filesystems was fixed which could be used by local
attackers to crash the kernel.

CVE-2011-4081: Using the crypto interface a local user
could Oops the kernel by writing to a AF_ALG socket.


Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch kernel-5605

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64) [New Version: 2.6.34.10]:

kernel-debug-2.6.34.10-0.6.1
kernel-debug-base-2.6.34.10-0.6.1
kernel-debug-devel-2.6.34.10-0.6.1
kernel-default-2.6.34.10-0.6.1
kernel-default-base-2.6.34.10-0.6.1
kernel-default-devel-2.6.34.10-0.6.1
kernel-desktop-2.6.34.10-0.6.1
kernel-desktop-base-2.6.34.10-0.6.1
kernel-desktop-devel-2.6.34.10-0.6.1
kernel-ec2-2.6.34.10-0.6.1
kernel-ec2-base-2.6.34.10-0.6.1
kernel-ec2-devel-2.6.34.10-0.6.1
kernel-ec2-extra-2.6.34.10-0.6.1
kernel-syms-2.6.34.10-0.6.1
kernel-trace-2.6.34.10-0.6.1
kernel-trace-base-2.6.34.10-0.6.1
kernel-trace-devel-2.6.34.10-0.6.1
kernel-vanilla-2.6.34.10-0.6.1
kernel-vanilla-base-2.6.34.10-0.6.1
kernel-vanilla-devel-2.6.34.10-0.6.1
kernel-xen-2.6.34.10-0.6.1
kernel-xen-base-2.6.34.10-0.6.1
kernel-xen-devel-2.6.34.10-0.6.1
preload-kmp-default-1.1_k2.6.34.10_0.6-19.1.37
preload-kmp-desktop-1.1_k2.6.34.10_0.6-19.1.37

- openSUSE 11.3 (noarch) [New Version: 2.6.34.10]:

kernel-devel-2.6.34.10-0.6.1
kernel-source-2.6.34.10-0.6.1
kernel-source-vanilla-2.6.34.10-0.6.1

- openSUSE 11.3 (i586) [New Version: 2.6.34.10]:

kernel-pae-2.6.34.10-0.6.1
kernel-pae-base-2.6.34.10-0.6.1
kernel-pae-devel-2.6.34.10-0.6.1
kernel-vmi-2.6.34.10-0.6.1
kernel-vmi-base-2.6.34.10-0.6.1
kernel-vmi-devel-2.6.34.10-0.6.1


References:

http://support.novell.com/security/cve/CVE-2011-1576.html
http://support.novell.com/security/cve/CVE-2011-1770.html
http://support.novell.com/security/cve/CVE-2011-2203.html
http://support.novell.com/security/cve/CVE-2011-2213.html
http://support.novell.com/security/cve/CVE-2011-2525.html
http://support.novell.com/security/cve/CVE-2011-2534.html
http://support.novell.com/security/cve/CVE-2011-2699.html
http://support.novell.com/security/cve/CVE-2011-2723.html
http://support.novell.com/security/cve/CVE-2011-2898.html
http://support.novell.com/security/cve/CVE-2011-4081.html
http://support.novell.com/security/cve/CVE-2011-4604.html
https://bugzilla.novell.com/691052
https://bugzilla.novell.com/692498
https://bugzilla.novell.com/698450
https://bugzilla.novell.com/699709
https://bugzilla.novell.com/700879
https://bugzilla.novell.com/702037
https://bugzilla.novell.com/707288
https://bugzilla.novell.com/709764
https://bugzilla.novell.com/710235
https://bugzilla.novell.com/726788
https://bugzilla.novell.com/728661
https://bugzilla.novell.com/735612
https://bugzilla.novell.com/736149