SuSE Update for kernel SUSE-SA:2008:007

Impact
local privilege escalation
Solution
Please Install the Updated Packages.
Insight
This kernel update fixes the following critical security problem: - CVE-2008-0600: A local privilege escalation was found in the vmsplice_pipe system call, which could be used by local attackers to gain root access. This bug affects the following products: - openSUSE 10.2 and 10.3 - SUSE Linux Enterprise Realtime 10 (SP1) Fixed packages have been released for openSUSE 10.2 and 10.3. For SUSE Linux Enterprise Realtime 10 packages are being prepared currently. Since this problem affects Linux kernels starting with 2.6.17 and vmsplice was not back-ported, no older products are affected. - SUSE Linux Enterprise Server 8, 9, and 10: Not affected. - SUSE Linux Enterprise Desktop 10: Not affected. - Novell Linux Desktop 9: Not affected. - SUSE Linux 10.1: Not affected. Following minor security problems were fixed additionally: - CVE-2007-6206: Core dumps from root might be accessible to the wrong owner. This was fixed for openSUSE 10.3 only. - CVE-2007-6151: The isdn_ioctl function in isdn_common.c allowed local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow. This problem was fixed for openSUSE 10.2. And the following bugs were fixed for openSUSE 10.3 (numbers are https://bugzilla.novell.com/ references): - Update to minor kernel version 2.6.22.17 - networking bugfixes - contains the following patches which were removed: - patches.arch/acpica-psd.patch - patches.fixes/invalid-semicolon - patches.fixes/nopage-range-fix.patch - patches.arch/acpi_thermal_blacklist_add_r50p.patch: Avoid critical temp shutdowns on specific ThinkPad R50p (https://bugzilla.novell.com/show_bug.cgi?id=333043). - patches.rt/megasas_IRQF_NODELAY.patch: Convert megaraid SAS IRQ to non-threaded IRQ (337489). - patches.drivers/libata-implement-force-parameter added to series.conf. - patches.xen/xen3-fixup-arch-i386: Xen3 i386 build fixes. - patches.xen/xenfb-module-param: Re: Patching Xen virtual framebuffer.
Affected
kernel on openSUSE 10.2, openSUSE 10.3
References