SuSE Update for kernel SUSE-SA:2007:053

Impact
local privilege escalation
Solution
Please Install the Updated Packages.
Insight
The Linux kernel has been updated to fix various security problems. Please note that some of the issues below might have been fixed previously for other distributions by updates already and were issued separate advisories. Only CVE-2007-4571 are completely new issues. Updates for SLES 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2, 10.3 were released on Wednesday. Updates for SUSE Linux Enterprise Server 9 were released Thursday (yesterday), updates for SUSE Linux Enterprise Server 8 were released Friday (today). - CVE-2007-4573: It was possible for local user to become root by exploitable a bug in the IA32 system call emulation. This problem affects the x86_64 platform only, on all distributions. - CVE-2007-4571: An information disclosure vulnerability in the ALSA driver can be exploited by local users to read sensitive data from the kernel memory. This affects system with ALSA drivers loaded. - CVE-2007-3105: Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wake-up threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving &quot bound check ordering&quot . Since this value can only be changed by a root user, exploitability is low. - CVE-2007-2525: A memory leak in the PPPoE driver can be abused by local users to cause a denial-of-service condition. - CVE-2007-3851: On machines with a Intel i965 based graphics card local users with access to the direct rendering device node could overwrite memory on the machine and so gain root privileges. - CVE-2007-2875: An integer underflow in the cpuset_tasks_read function allows local users to obtain portions of kernel memory when the cpuset filesystem is mounted. - CVE-2007-3107: The signal handling in the Linux kernel, when run on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency. - CVE-2007-3513: The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel did not limit the amount o ... Description truncated, for more information please check the Reference URL
Affected
kernel on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References