sledp3-kernelSecurity update for the Linux kernel
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes
several security issues and bugs.
Following security issues were fixed:
*
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function
in sound/core/control.c in the Linux kernel before
2.6.36-rc5-next-20100929 allow local users to cause a denial of
service (heap memory corruption) or possibly have unspecified other
impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2)
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
*
CVE-2010-3437: Integer signedness error in the
pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the
Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive
information from kernel memory or cause a denial of service (invalid
pointer dereference and system crash) via a crafted index value in a
PKT_CTRL_CMD_STATUS ioctl call.
*
CVE-2010-4078: Uninitialized stack memory disclosure in the
FBIOGET_VBLANK ioctl in the sis and ivtv drivers could leak kernel
memory to userspace.
*
CVE-2010-4080 / CVE-2010-4081: Uninitialized stack memory disclosure
in the rme9652 ALSA driver could leak kernel memory to userspace.
*
CVE-2010-4073 / CVE-2010-4072 / CVE-2010-4083: Uninitialized stack
memory disclosure in the SystemV IPC handling functions could leak
kernel memory to userspace.
*
CVE-2010-3067: Integer overflow in the do_io_submit function in
fs/aio.c in the Linux kernel allowed local users to cause a denial of
service or possibly have unspecified other impact via crafted use of
the io_submit system call.
*
CVE-2010-3310: Multiple integer signedness errors in
net/rose/af_rose.c in the Linux kernel allowed local users to cause a
denial of service (heap memory corruption) or possibly have
unspecified other impact via a rose_getname function call, related to
the rose_bind and rose_connect functions.
*
CVE-2010-2226: The xfs_swapext function in fs/xfs/xfs_dfrag.c in the
Linux kernel did not properly check the file descriptors passed to
the SWAPEXT ioctl, which allowed local users to leverage write access
and obtain read access by swapping one file into another file.
*
CVE-2010-2946: fs/jfs/xattr.c in the Linux kernel did not properly
handle a certain legacy format for storage of extended attributes,
which might have allowed local users by bypass intended xattr
namespace restrictions via an "os2." substring at the beginning of a
name.
*
CVE-2010-2942: The actions implementation in the network queueing
functionality in the Linux kernel did not properly initialize certain
structure members when performing dump operations, which allowed
local users to obtain potentially sensitive information from kernel
memory via vectors related to (1) the tcf_gact_dump function in
net/sched/act_gact.c, (2) the tcf_mirred_dump function in
net/sched/act_mirred.c, (3) the tcf_nat_dump function in
net/sched/act_nat.c, (4) the tcf_simp_dump function in
net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in
net/sched/act_skbedit.c.
*
CVE-2010-2248: fs/cifs/cifssmb.c in the CIFS implementation in the
Linux kernel allowed remote attackers to cause a denial of service
(panic) via an SMB response packet with an invalid CountHigh value,
as demonstrated by a response from an OS/2 server, related to the
CIFSSMBWrite and CIFSSMBWrite2 functions.
*
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc
could lead to memory corruption in the GDTH driver.
*
CVE-2010-4164: A remote (or local) attacker communicating over X.25
could cause a kernel panic by attempting to negotiate malformed
facilities.
*
CVE-2010-3086: A missing lock prefix in the x86 futex code could be
used by local attackers to cause a denial of service.
*
CVE-2010-4158: A memory information leak in berkely packet filter
rules allowed local attackers to read uninitialized memory of the
kernel stack.
*
CVE-2010-4162: A local denial of service in the blockdevice layer was
fixed.
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-defaultx86_64d04395c4879b56db784f219a497f5ffcb6f49307kernel-smpx86_64bff1581bca61a94cd6f4cd74d49fb0ab01b5389ekernel-sourcex86_640c410040e622a6eb5aad9807a0f304b3f809ff4dkernel-symsx86_64173517e47712a4c8790f4b8b25493aec5bc43897kernel-xenx86_64ba1965cf54901d3899aab9340bc38da6e86780a1