openSUSE Security Update : kernel (kernel-559)

high Nessus Plugin ID 40248

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes several security issues and hundreds of bugs in the openSUSE 11.1 kernel.

The kernel was also updated to the stable version 2.6.27.19 and is now the same kernel as we are planning to ship with SUSE Linux Enterprise 11.

This introduces kABI changes, so all kernel module packages also need to be rebuilt and reapplied.

Following security issues are fixed: CVE-2009-0029: The ABI in the Linux kernel on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

CVE-2008-5079: net/atm/svc.c in the ATM subsystem in the Linux kernel allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.

CVE-2009-0028: A minor signal handling vulnerability was fixed, where a child could send his parent a arbitrary signal.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=447624

https://bugzilla.novell.com/show_bug.cgi?id=447835

https://bugzilla.novell.com/show_bug.cgi?id=449519

https://bugzilla.novell.com/show_bug.cgi?id=449799

https://bugzilla.novell.com/show_bug.cgi?id=449812

https://bugzilla.novell.com/show_bug.cgi?id=450579

https://bugzilla.novell.com/show_bug.cgi?id=450658

https://bugzilla.novell.com/show_bug.cgi?id=455929

https://bugzilla.novell.com/show_bug.cgi?id=456405

https://bugzilla.novell.com/show_bug.cgi?id=456408

https://bugzilla.novell.com/show_bug.cgi?id=456433

https://bugzilla.novell.com/show_bug.cgi?id=456532

https://bugzilla.novell.com/show_bug.cgi?id=456654

https://bugzilla.novell.com/show_bug.cgi?id=456747

https://bugzilla.novell.com/show_bug.cgi?id=457029

https://bugzilla.novell.com/show_bug.cgi?id=457041

https://bugzilla.novell.com/show_bug.cgi?id=457043

https://bugzilla.novell.com/show_bug.cgi?id=457062

https://bugzilla.novell.com/show_bug.cgi?id=457526

https://bugzilla.novell.com/show_bug.cgi?id=457886

https://bugzilla.novell.com/show_bug.cgi?id=457896

https://bugzilla.novell.com/show_bug.cgi?id=457897

https://bugzilla.novell.com/show_bug.cgi?id=457898

https://bugzilla.novell.com/show_bug.cgi?id=457909

https://bugzilla.novell.com/show_bug.cgi?id=458037

https://bugzilla.novell.com/show_bug.cgi?id=458186

https://bugzilla.novell.com/show_bug.cgi?id=458192

https://bugzilla.novell.com/show_bug.cgi?id=458222

https://bugzilla.novell.com/show_bug.cgi?id=458380

https://bugzilla.novell.com/show_bug.cgi?id=458393

https://bugzilla.novell.com/show_bug.cgi?id=458499

https://bugzilla.novell.com/show_bug.cgi?id=458625

https://bugzilla.novell.com/show_bug.cgi?id=459557

https://bugzilla.novell.com/show_bug.cgi?id=461108

https://bugzilla.novell.com/show_bug.cgi?id=462527

https://bugzilla.novell.com/show_bug.cgi?id=462551

https://bugzilla.novell.com/show_bug.cgi?id=463313

https://bugzilla.novell.com/show_bug.cgi?id=464329

https://bugzilla.novell.com/show_bug.cgi?id=465953

https://bugzilla.novell.com/show_bug.cgi?id=472789

https://bugzilla.novell.com/show_bug.cgi?id=472896

https://bugzilla.novell.com/show_bug.cgi?id=473537

https://bugzilla.novell.com/show_bug.cgi?id=362159

https://bugzilla.novell.com/show_bug.cgi?id=395775

https://bugzilla.novell.com/show_bug.cgi?id=398270

https://bugzilla.novell.com/show_bug.cgi?id=399966

https://bugzilla.novell.com/show_bug.cgi?id=417294

https://bugzilla.novell.com/show_bug.cgi?id=426159

https://bugzilla.novell.com/show_bug.cgi?id=429984

https://bugzilla.novell.com/show_bug.cgi?id=430738

https://bugzilla.novell.com/show_bug.cgi?id=438608

https://bugzilla.novell.com/show_bug.cgi?id=438954

https://bugzilla.novell.com/show_bug.cgi?id=440497

https://bugzilla.novell.com/show_bug.cgi?id=440959

https://bugzilla.novell.com/show_bug.cgi?id=441335

https://bugzilla.novell.com/show_bug.cgi?id=441793

https://bugzilla.novell.com/show_bug.cgi?id=442668

https://bugzilla.novell.com/show_bug.cgi?id=442923

https://bugzilla.novell.com/show_bug.cgi?id=443379

https://bugzilla.novell.com/show_bug.cgi?id=443667

https://bugzilla.novell.com/show_bug.cgi?id=444199

https://bugzilla.novell.com/show_bug.cgi?id=444346

https://bugzilla.novell.com/show_bug.cgi?id=444597

https://bugzilla.novell.com/show_bug.cgi?id=446733

https://bugzilla.novell.com/show_bug.cgi?id=447249

https://bugzilla.novell.com/show_bug.cgi?id=447371

https://bugzilla.novell.com/show_bug.cgi?id=447406

https://bugzilla.novell.com/show_bug.cgi?id=447564

https://bugzilla.novell.com/show_bug.cgi?id=476206

https://bugzilla.novell.com/show_bug.cgi?id=476877

https://bugzilla.novell.com/show_bug.cgi?id=477843

https://bugzilla.novell.com/show_bug.cgi?id=477927

https://bugzilla.novell.com/show_bug.cgi?id=477931

https://bugzilla.novell.com/show_bug.cgi?id=477953

https://bugzilla.novell.com/show_bug.cgi?id=477999

https://bugzilla.novell.com/show_bug.cgi?id=478158

https://bugzilla.novell.com/show_bug.cgi?id=478551

https://bugzilla.novell.com/show_bug.cgi?id=478586

https://bugzilla.novell.com/show_bug.cgi?id=473602

https://bugzilla.novell.com/show_bug.cgi?id=473604

https://bugzilla.novell.com/show_bug.cgi?id=473916

https://bugzilla.novell.com/show_bug.cgi?id=473918

https://bugzilla.novell.com/show_bug.cgi?id=473932

https://bugzilla.novell.com/show_bug.cgi?id=474043

https://bugzilla.novell.com/show_bug.cgi?id=474301

https://bugzilla.novell.com/show_bug.cgi?id=475107

https://bugzilla.novell.com/show_bug.cgi?id=475619

https://bugzilla.novell.com/show_bug.cgi?id=475903

Plugin Details

Severity: High

ID: 40248

File Name: suse_11_1_kernel-090225.nasl

Version: 1.14

Type: local

Agent: unix

Published: 7/21/2009

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-extra, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-extra, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-extra, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-extra, cpe:/o:novell:opensuse:11.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/25/2009

Reference Information

CVE: CVE-2008-5079, CVE-2009-0028, CVE-2009-0029

CWE: 20, 264, 399