openSUSE 10 Security Update : kernel (kernel-4503)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This kernel update fixes the following security problems :

- CVE-2007-4571: An information disclosure vulnerability
in the ALSA driver can be exploited by local users to
read sensitive data from the kernel memory.

- CVE-2007-4573: It was possible for local user to become
root by exploitable a bug in the IA32 system call
emulation. This affects x86_64 platforms with kernel
2.4.x and 2.6.x before 2.6.22.7 only.

and the following non security bugs :

- supported.conf: Mark 8250 and 8250_pci as supported
(only Xen kernels build them as modules) [#260686]

- patches.fixes/bridge-module-get-put.patch: Module use
count must be updated as bridges are created/destroyed
[#267651]

- patches.fixes/nfsv4-MAXNAME-fix.diff: knfsd: query
filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803]

- patches.fixes/sky2-tx-sum-resume.patch: sky2: fix
transmit state on resume [#297132] [#326376]

- patches.suse/reiserfs-add-reiserfs_error.diff:
patches.suse/reiserfs-use-reiserfs_error.diff:
patches.suse/reiserfs-buffer-info-for-balance.diff: Fix
reiserfs_error() with NULL superblock calls [#299604]

- patches.fixes/acpi_disable_C_states_in_suspend.patch:
ACPI: disable lower idle C-states across suspend/resume
[#302482]

- kernel-syms.rpm: move the copies of the Modules.alias
files from /lib/modules/... to /usr/src/linux-obj/... to
avoid a file conflict between kernel-syms and other
kernel-$flavor packages. The Modules.alias files in
kernel-syms.rpm are intended for future use - [#307291]

- patches.fixes/jffs2-fix-ACL-vs-mode-handling: Fix ACL
vs. mode handling. [#310520]

- patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-on-I RQ_WOC:
sata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used [#327536]

- Update config files: Enabled CONFIG_DVB_PLUTO2 for i386
since it's enabled everywhere else. [#327790]

- patches.drivers/libata-pata_ali-fix-garbage-PCI-rev-value: p
ata_ali: fix garbage PCI rev value in ali_init_chipset() [#328422]

- patches.apparmor/apparmor-lsm-fix.diff:
apparmor_file_mmap function parameters mismatch
[#328423]

- patches.drivers/libata-HPA-off-by-one-horkage: Fix HPA
handling regression [#329584]

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27299 ()

Bugtraq ID:

CVE ID: CVE-2007-4571
CVE-2007-4573

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now