Linux kernel security update

Linux kernel security update

14 Dec 2010


Package: kernel
Announcement ID: SUSE-SA:2010:060
Date: Tue, 14 Dec 2010 12:00:00 +0000
Affected Products: SLE SDK 10 SP3
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise Server 10 SP3
Vulnerability Type: remote denial of service
Following security issues were fixed:
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new
function in sound/core/control.c in the Linux kernel before
2.6.36-rc5-next-20100929 allow local users to cause a denial of
service (heap memory corruption) or possibly have unspecified
other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2)

CVE-2010-3437: Integer signedness error in the pkt_find_dev_from_minor
function in drivers/block/pktcdvd.c in the Linux kernel before
2.6.36-rc6 allows local users to obtain sensitive information from
kernel memory or cause a denial of service (invalid pointer dereference
and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS
ioctl call.

"in the Linux kernel before 2.6.36-rc5-next-20100929 " -> effect on openSUSEs?
Or was there a fix already backported in stable kernels after 2010/09/29?


pistazienfresser wrote:
> puzzled

did you notice the announcement had nothing to do with openSUSE?

oh, maybe you are running SLED/S ?

CAVEAT: [posted via NNTP w/openSUSE 10.3]

I may be a bit stupid sometimes (and not knowing/not willing to backpatch a openSUSE 10.3) but I still think the relation is not so trivial.

Did you notice that there were also two parts I chose to quote and did you read the linked

CVE-2010-3442 with

openSUSE 11.1
* kernel-debug >=
* kernel-debug-base >=
* kernel-debug-extra >=
* kernel-default >=
* kernel-default-base >=
* kernel-default-extra >=
* kernel-docs >= 2.6.3-3.13.135
* kernel-kdump >=
* kernel-pae >=
* kernel-pae-base >=
* kernel-pae-extra >=
* kernel-ppc64 >=
* kernel-ppc64-base >=
* kernel-ppc64-extra >=
* kernel-ps3 >=
* kernel-source >=
* kernel-syms >=
* kernel-trace >=
* kernel-trace-base >=
* kernel-trace-extra >=
* kernel-vanilla >=
* kernel-xen >=
* kernel-xen-base >=
* kernel-xen-extra >=

SAT Patch Nr: 3619



pistazienfresser wrote:
>> *openSUSE 11.1

if you are running openSUSE 11.1
and your update repo is enabled/refreshed
and your kernel is the latest offered
then, the new kernel should be offered to you for install

i think. :wink:

CAVEAT: [posted via NNTP w/openSUSE 10.3]
I feel annoyed that I can’t put my wide range of languages on stupid
Facebook. For example, I speak Sarcasm, fluently spoken and written,
and Various Forms of Geek…