SuSE Update for kernel SUSE-SA:2007:043

Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
The SUSE Linux 10.0 and openSUSE 10.2 have been updated to fix various security problems. Please note that the SUSE Linux 10.0 has been released some weeks ago. The SUSE Linux 10.1 is affected by some of those problems but will be updated in some weeks to merge back with the SLE10 Service Pack 1 kernel. - CVE-2007-1357: A denial of service problem against the AppleTalk protocol was fixed. A remote attacker in the same AppleTalk network segment could cause the machine to crash if it has AppleTalk protocol loaded. - CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. - CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using &quot multiple packets per netlink message&quot , and (3) bridged packets, which trigger a NULL pointer dereference. - CVE-2007-1497: nf_conntrack in netfilter does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. Please note that the connection tracking option for IPv6 is not enabled in any currently shipping SUSE Linux kernel, so it does not affect SUSE Linux default kernels. - CVE-2007-1592: A local user could affect a double-free of a ipv6 structure potentially causing a local denial of service attack. - CVE-2006-7203: The compat_sys_mount function in fs/compat.c allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode (&quot mount -t smbfs&quot ). - CVE-2007-2453: Seeding of the kernel random generator on boot did not work correctly due to a programming mistake and so the kernel might have more predictable random numbers than assured. - CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. Also some non-security bugs were fixed.
Affected
kernel on openSUSE 10.2, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9
References