Summary
The remote host is missing updates announced in
advisory SUSE-SA:2009:045.
Solution
Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:045
Insight
The Linux kernel update fixes the following security issues:
CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.
[SLES9, SLES10-SP2, SLE11, openSUSE]
CVE-2009-1389: A crash on r8169 network cards when receiving large packets was fixed.
[SLES9, SLES10-SP2, SLE11, openSUSE]
CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in certain address ranges.
[SLES9, SLES10-SP2, SLE11, openSUSE]
CVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver
[SLE10-SP2, SLE11, openSUSE]
CVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible if ecryptfs is in use.
[SLE11, openSUSE]
CVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible if ecryptfs is in use.
[SLE11, openSUSE]
(no CVE assigned yet): An information leak from using sigaltstack.
[SLES9, SLES10-SP2, SLE11, openSUSE]
CVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket option
[openSUSE 10.3 only]
CVE-2009-1895: Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed.
[openSUSE 11.0 only]
CVE-2009-1046: utf-8 console memory corruption that can be used for local privilege escalation
[openSUSE 11.0 only]
CVE-2008-5033: Oops in video4linux tvaudio
[openSUSE 11.0 only]
CVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
[openSUSE 11.0 only]
The mmap_min_addr sysctl is now enabled by default to protect against kernel NULL page exploits.
[SLE11, openSUSE 11.0-11.1]
The -fno-delete-null-pointer-checks compiler option is now used to build the kernel to avoid gcc optimizing away NULL pointer checks.
Also -fwrapv is now used everywhere.
[SLES9, SLES10-SP2, SLE11, openSUSE]
The kernel update also contains numerous other, non-security bug fixes. Please refer to the rpm changelog for a detailed list.
Severity
Classification
-
CVE CVE-2008-5033, CVE-2009-0676, CVE-2009-1046, CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1758, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2692 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities