Impact
local privilege escalation
Solution
Please Install the Updated Packages.
Insight
This update of the openSUSE 11.3 kernel brings the kernel to version 2.6.34.4 and contains a lot of bug and security fixes
CVE-2010-3110: Missing bounds checks in several ioctls of the Novell Client novfs /proc interface allowed unprivileged local users to crash the kernel or even execute code in kernel context. The affected module is only loaded when the Novell Client stack is configured.
CVE-2010-2524: A malicious local user could fill the cache used by CIFS do perform dns lookups with chosen data, therefore tricking the kernel into mounting a wrong CIFS server.
CVE-2010-2798: A local user could trigger a NULL dereference on a gfs2 file system.
CVE-2010-2537: A local user could overwrite append-only files on a btrfs file system.
CVE-2010-2538: A local user could read kernel memory of a btrfs file system.
Affected
kernel on openSUSE 11.3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2524, CVE-2010-2537, CVE-2010-2538, CVE-2010-2798, CVE-2010-3110 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities