openSUSE Security Update : kernel (kernel-1415)

medium Nessus Plugin ID 42334

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.1 Kernel was updated to 2.6.27.37 fixing various bugs and security issues.

Following security issues were fixed: CVE-2009-2909: Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code.

CVE-2009-3002: Fixed various sockethandler getname leaks, which could disclose memory previously used by the kernel or other userland processes to the local attacker.

CVE-2009-2910: A information leakage with upper 32bit register values on x86_64 systems was fixed.

Various KVM stability and security fixes have also been added.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=410452

https://bugzilla.novell.com/show_bug.cgi?id=441650

https://bugzilla.novell.com/show_bug.cgi?id=448410

https://bugzilla.novell.com/show_bug.cgi?id=459146

https://bugzilla.novell.com/show_bug.cgi?id=466279

https://bugzilla.novell.com/show_bug.cgi?id=466554

https://bugzilla.novell.com/show_bug.cgi?id=471396

https://bugzilla.novell.com/show_bug.cgi?id=472342

https://bugzilla.novell.com/show_bug.cgi?id=476582

https://bugzilla.novell.com/show_bug.cgi?id=477816

https://bugzilla.novell.com/show_bug.cgi?id=483375

https://bugzilla.novell.com/show_bug.cgi?id=483706

https://bugzilla.novell.com/show_bug.cgi?id=487412

https://bugzilla.novell.com/show_bug.cgi?id=490030

https://bugzilla.novell.com/show_bug.cgi?id=492547

https://bugzilla.novell.com/show_bug.cgi?id=498708

https://bugzilla.novell.com/show_bug.cgi?id=501563

https://bugzilla.novell.com/show_bug.cgi?id=504646

https://bugzilla.novell.com/show_bug.cgi?id=509753

https://bugzilla.novell.com/show_bug.cgi?id=511306

https://bugzilla.novell.com/show_bug.cgi?id=514022

https://bugzilla.novell.com/show_bug.cgi?id=515640

https://bugzilla.novell.com/show_bug.cgi?id=524242

https://bugzilla.novell.com/show_bug.cgi?id=527754

https://bugzilla.novell.com/show_bug.cgi?id=528769

https://bugzilla.novell.com/show_bug.cgi?id=531260

https://bugzilla.novell.com/show_bug.cgi?id=531384

https://bugzilla.novell.com/show_bug.cgi?id=531437

https://bugzilla.novell.com/show_bug.cgi?id=531533

https://bugzilla.novell.com/show_bug.cgi?id=531633

https://bugzilla.novell.com/show_bug.cgi?id=532063

https://bugzilla.novell.com/show_bug.cgi?id=532443

https://bugzilla.novell.com/show_bug.cgi?id=532598

https://bugzilla.novell.com/show_bug.cgi?id=533267

https://bugzilla.novell.com/show_bug.cgi?id=534065

https://bugzilla.novell.com/show_bug.cgi?id=534202

https://bugzilla.novell.com/show_bug.cgi?id=534214

https://bugzilla.novell.com/show_bug.cgi?id=534232

https://bugzilla.novell.com/show_bug.cgi?id=534961

https://bugzilla.novell.com/show_bug.cgi?id=534977

https://bugzilla.novell.com/show_bug.cgi?id=535380

https://bugzilla.novell.com/show_bug.cgi?id=535409

https://bugzilla.novell.com/show_bug.cgi?id=535497

https://bugzilla.novell.com/show_bug.cgi?id=535801

https://bugzilla.novell.com/show_bug.cgi?id=535880

https://bugzilla.novell.com/show_bug.cgi?id=535890

https://bugzilla.novell.com/show_bug.cgi?id=535947

https://bugzilla.novell.com/show_bug.cgi?id=536117

https://bugzilla.novell.com/show_bug.cgi?id=537435

https://bugzilla.novell.com/show_bug.cgi?id=539271

https://bugzilla.novell.com/show_bug.cgi?id=541403

https://bugzilla.novell.com/show_bug.cgi?id=544759

https://bugzilla.novell.com/show_bug.cgi?id=544779

https://bugzilla.novell.com/show_bug.cgi?id=545013

https://bugzilla.novell.com/show_bug.cgi?id=545236

https://bugzilla.novell.com/show_bug.cgi?id=546006

Plugin Details

Severity: Medium

ID: 42334

File Name: suse_11_1_kernel-091016.nasl

Version: 1.16

Type: local

Agent: unix

Published: 11/2/2009

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-extra, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-extra, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-extra, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-extra, cpe:/o:novell:opensuse:11.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/16/2009

Reference Information

CVE: CVE-2009-2909, CVE-2009-2910, CVE-2009-3002

CWE: 189, 200