Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 fixing lots of bugs and several security issues.
Following security issues were fixed:
CVE-2009-4131: A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite files of other users, including root.
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2009-1298: A remote denial of service by sending overly long packets could be used by remote attackers to crash a machine.
CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2009-4026: The mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous " code shuffling patch."
CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2009-4027: Race condition in the mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.
CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
CVSS v2 Base Score: 6.6 (AV:L/AC:L/Au:N/C:N/I:C/A:C)
CVE-2009-4005: The collect_rx_frame function in
drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. This requires the attacker to access the machine on ISDN protocol level.
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2009-3080: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2009-3624: The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.
CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N ...
Description truncated, for more information please check the Reference URL
Affected
kernel on openSUSE 11.2
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities