Articles / SuSE: New Linux kernel pack...

SuSE: New Linux kernel packages fix security vulnerabilities

Patrick Lenz @scoop 19 Feb 2012 17:08 0

The openSUSE 11.4 kernel was updated to fix bugs and security issues. If root does read() on a specific socket, it’s possible to corrupt (kernel) memory over the network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. Multiple kernel information leaks via ip_tables, netfilter, and arp_tables were fixed.

The inet_diag_bc_audit function did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message. A buffer overflow in the clusterip_proc_write function might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating ‘\0’ character. An integer underflow in the dccp_parse_options function allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.

The skb_gro_header_slow function, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic. A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory. A local denial of service when using bridged networking via a flood ping was fixed.

A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.

Updated packages are available from download.opensuse.org.

  openSUSE Security Update: kernel: security and bugfix update.
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0236-1
Rating:             important
References:         #676602 #679059 #681180 #681181 #681184 #681185 
                   #691052 #692498 #699709 #700879 #702037 #707288 
                   #709561 #709764 #710235 #713933 #723999 #726788 
                   #736149 
Cross-References:   CVE-2011-1080 CVE-2011-1170 CVE-2011-1171
                   CVE-2011-1172 CVE-2011-1173 CVE-2011-1770
                   CVE-2011-2203 CVE-2011-2213 CVE-2011-2534
                   CVE-2011-2699 CVE-2011-2723 CVE-2011-2898
                   CVE-2011-4081 CVE-2011-4087 CVE-2011-4604

Affected Products:
                   openSUSE 11.4
______________________________________________________________________________

  An update that solves 15 vulnerabilities and has four fixes
  is now available. It includes one version update.

Description:

  The openSUSE 11.4 kernel was updated to fix bugs and
  security issues.

  Following security issues have been fixed: CVE-2011-4604:
  If root does read() on a specific socket, it's possible to
  corrupt (kernel) memory over network, with an ICMP packet,
  if the B.A.T.M.A.N. mesh protocol is used.

  CVE-2011-2699: Fernando Gont discovered that the IPv6 stack
  used predictable fragment identification numbers. A remote
  attacker could exploit this to exhaust network resources,
  leading to a denial of service.

  CVE-2011-1173: A kernel information leak via ip6_tables was
  fixed.

  CVE-2011-1172: A kernel information leak via ip6_tables
  netfilter was fixed.

  CVE-2011-1171: A kernel information leak via ip_tables was
  fixed.

  CVE-2011-1170: A kernel information leak via arp_tables was
  fixed.

  CVE-2011-1080: A kernel information leak via netfilter was
  fixed.

  CVE-2011-2213: The inet_diag_bc_audit function in
  net/ipv4/inet_diag.c in the Linux kernel did not properly
  audit INET_DIAG bytecode, which allowed local users to
  cause a denial of service (kernel infinite loop) via
  crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
  message, as demonstrated by an INET_DIAG_BC_JMP instruction
  with a zero yes value, a different vulnerability than
  CVE-2010-3880.

  CVE-2011-2534: Buffer overflow in the clusterip_proc_write
  function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux
  kernel might have allowed local users to cause a denial of
  service or have unspecified other impact via a crafted
  write operation, related to string data that lacks a
  terminating '\0' character.

  CVE-2011-1770: Integer underflow in the dccp_parse_options
  function (net/dccp/options.c) in the Linux kernel allowed
  remote attackers to cause a denial of service via a
  Datagram Congestion Control Protocol (DCCP) packet with an
  invalid feature options length, which triggered a buffer
  over-read.

  CVE-2011-2723: The skb_gro_header_slow function in
  include/linux/netdevice.h in the Linux kernel, when Generic
  Receive Offload (GRO) is enabled, reset certain fields in
  incorrect situations, which allowed remote attackers to
  cause a denial of service (system crash) via crafted
  network traffic.

  CVE-2011-2898: A kernel information leak in the AF_PACKET
  protocol was fixed which might have allowed local attackers
  to read kernel memory.

  CVE-2011-4087: A local denial of service when using bridged
  networking via a flood ping was fixed.

  CVE-2011-2203: A NULL ptr dereference on mounting corrupt
  hfs filesystems was fixed which could be used by local
  attackers to crash the kernel.

  CVE-2011-4081: Using the crypto interface a local user
  could Oops the kernel by writing to a AF_ALG socket.


Special Instructions and Notes:

  Please reboot the system after installing this update.

Patch Instructions:

  To install this openSUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - openSUSE 11.4:

     zypper in -t patch kernel-5606

  To bring your system up-to-date, use "zypper patch".


Package List:

  - openSUSE 11.4 (i586 x86_64) [New Version: 2.6.37.6]:

     kernel-debug-2.6.37.6-0.11.1
     kernel-debug-base-2.6.37.6-0.11.1
     kernel-debug-devel-2.6.37.6-0.11.1
     kernel-default-2.6.37.6-0.11.1
     kernel-default-base-2.6.37.6-0.11.1
     kernel-default-devel-2.6.37.6-0.11.1
     kernel-desktop-2.6.37.6-0.11.1
     kernel-desktop-base-2.6.37.6-0.11.1
     kernel-desktop-devel-2.6.37.6-0.11.1
     kernel-ec2-2.6.37.6-0.11.1
     kernel-ec2-base-2.6.37.6-0.11.1
     kernel-ec2-devel-2.6.37.6-0.11.1
     kernel-ec2-extra-2.6.37.6-0.11.1
     kernel-syms-2.6.37.6-0.11.1
     kernel-trace-2.6.37.6-0.11.1
     kernel-trace-base-2.6.37.6-0.11.1
     kernel-trace-devel-2.6.37.6-0.11.1
     kernel-vanilla-2.6.37.6-0.11.1
     kernel-vanilla-base-2.6.37.6-0.11.1
     kernel-vanilla-devel-2.6.37.6-0.11.1
     kernel-xen-2.6.37.6-0.11.1
     kernel-xen-base-2.6.37.6-0.11.1
     kernel-xen-devel-2.6.37.6-0.11.1
     preload-kmp-default-1.2_k2.6.37.6_0.11-6.7.28
     preload-kmp-desktop-1.2_k2.6.37.6_0.11-6.7.28

  - openSUSE 11.4 (noarch) [New Version: 2.6.37.6]:

     kernel-devel-2.6.37.6-0.11.1
     kernel-docs-2.6.37.6-0.11.1
     kernel-source-2.6.37.6-0.11.1
     kernel-source-vanilla-2.6.37.6-0.11.1

  - openSUSE 11.4 (i586) [New Version: 2.6.37.6]:

     kernel-pae-2.6.37.6-0.11.1
     kernel-pae-base-2.6.37.6-0.11.1
     kernel-pae-devel-2.6.37.6-0.11.1
     kernel-vmi-2.6.37.6-0.11.1
     kernel-vmi-base-2.6.37.6-0.11.1
     kernel-vmi-devel-2.6.37.6-0.11.1


References:

  http://support.novell.com/security/cve/CVE-2011-1080.html
  http://support.novell.com/security/cve/CVE-2011-1170.html
  http://support.novell.com/security/cve/CVE-2011-1171.html
  http://support.novell.com/security/cve/CVE-2011-1172.html
  http://support.novell.com/security/cve/CVE-2011-1173.html
  http://support.novell.com/security/cve/CVE-2011-1770.html
  http://support.novell.com/security/cve/CVE-2011-2203.html
  http://support.novell.com/security/cve/CVE-2011-2213.html
  http://support.novell.com/security/cve/CVE-2011-2534.html
  http://support.novell.com/security/cve/CVE-2011-2699.html
  http://support.novell.com/security/cve/CVE-2011-2723.html
  http://support.novell.com/security/cve/CVE-2011-2898.html
  http://support.novell.com/security/cve/CVE-2011-4081.html
  http://support.novell.com/security/cve/CVE-2011-4087.html
  http://support.novell.com/security/cve/CVE-2011-4604.html
  https://bugzilla.novell.com/676602
  https://bugzilla.novell.com/679059
  https://bugzilla.novell.com/681180
  https://bugzilla.novell.com/681181
  https://bugzilla.novell.com/681184
  https://bugzilla.novell.com/681185
  https://bugzilla.novell.com/691052
  https://bugzilla.novell.com/692498
  https://bugzilla.novell.com/699709
  https://bugzilla.novell.com/700879
  https://bugzilla.novell.com/702037
  https://bugzilla.novell.com/707288
  https://bugzilla.novell.com/709561
  https://bugzilla.novell.com/709764
  https://bugzilla.novell.com/710235
  https://bugzilla.novell.com/713933
  https://bugzilla.novell.com/723999
  https://bugzilla.novell.com/726788
  https://bugzilla.novell.com/736149

Related projects

Screenshot

Project Spotlight

Openwall GNU/*/Linux

A small security-enhanced Linux distribution for servers.

Screenshot

Project Spotlight

Guacamole

A pure HTML5/JavaScript VNC viewer.