SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2606)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This kernel update fixes the following security problems :

- The ftdi_sio driver allowed local users to cause a
denial of service (memory consumption) by writing more
data to the serial port than the hardware can handle,
which causes the data to be queued. This requires this
driver to be loaded, which only happens if such a device
is plugged in. (CVE-2006-2936)

- A deadlock in mincore that could be caused by local
attackers was fixed. (CVE-2006-4814)

- Multiple buffer overflows in the cmtp_recv_interopmsg
function in the Bluetooth driver
(net/bluetooth/cmtp/capi.c) in the Linux kernel allowed
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via CAPI messages
with a large value for the length of the (1) manu
(manufacturer) or (2) serial (serial number) field.
(CVE-2006-6106)

- The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c in the Linux kernel does not
call the init_timer function for the ISDN PPP CCP reset
state timer, which has unknown attack vectors and
results in a system crash. (CVE-2006-5749)

- Unspecified vulnerability in the listxattr system call
in Linux kernel, when a 'bad inode' is present, allows
local users to cause a denial of service (data
corruption) and possibly gain privileges.
(CVE-2006-5753)

- A remote denial of service problem on NFSv2 mounts with
ACL enabled was fixed.

and the following non security bugs :

- patches.xen/xen-x86_64-agp: add missing header [#222174]
[#224170]

- patches.fixes/dcache-race-during-umount: Fix dcache race
during umount [#136310] [#151638]

- patches.arch/x86_64-kdump-bootmem-fix: Handle
reserve_bootmem_generic beyond end_pfn [#179093]

- patches.fixes/rpc-no-paranoia: Ratelimit some messages
from SUNRPC servers (nfsd) [#190178]

- patches.fixes/nfs-lock-warning-removal: Remove useless
warning about VFS being out of sync with lock manager
[#192813]

- patches.fixes/acpiphp-fix-ibm-hotplug-oops.patch: Fix
acpiphp oops when hotplug is performed on an IBM 8864/6
[#203923]

- patches.fixes/oom-child-kill-fix.patch: OOM: prevent
OOM_DISABLE tasks from being killed when out of memory
[#211859]

- patches.drivers/alsa-control-warning-fix: Fix bogus
kernel error messages from ALSA control.c [#212484]

- patches.fixes/init_isolcpus.diff: sched: force
/sbin/init off isolated cpus [#216799]

- patches.fixes/ocfs2-network-send-lock.diff: fix
regression that caused the idle timer not to be reset
during packet processing [#216912]

- patches.fixes/workqueue_cpu_deadlock-fix.diff: [PATCH]
workqueue: fix deadlock when workqueue func takes the
workqueue mutex [#217222]

- patches.drivers/open-iscsi-handle-check-condition: Host
lockups then Reboots when an iSCSI session is attempted
[#219968]

- patches.arch/ia64-fp-rate-limit: [ia64] Reduce overhead
of FP exception logging messages. [#223314]

- patches.arch/ia64-sn2-bte_unaligned_copy-overrun: [ia64]
Avert transfer of extra cache line by
bte_unaligned_copy(). [#224166]

- patches.fixes/natsemi-long-cable-fix: natsemi: make
cable length magic configurable [#225091]

- patches.fixes/sunrpc-randomize-xids: SUNRPC: NFS_ROOT
always uses the same XIDs [#225251]

- patches.drivers/usb-funsoft-hwinfo.patch: USB: fix
hwinfo issue with funsoft driver [#226661]
patches.fixes/fix-ext3-kmalloc-flags-with-journal-handle
.diff: ext3: use GFP_NOFS for allocations while holding
journal handle [#228694]

- patches.fixes/nfs-tcp-reconnect-on-error: RPC: Ensure
that we disconnect TCP socket when client requests error
out [#230210]

- patches.fixes/sunrpc-listen-race: knfsd: Fix race that
can disable NFS server. [#230287]
patches.drivers/pci-quirk-1k-i-o-space-iobl_adr-fix-on-p
64h2.patch: PCI Quirk: 1k I/O space IOBL_ADR fix on
P64H2 [#230365]

- patches.drivers/ide-generic-fix-JMB-entries: [PATCH]
ide-generic: fix JMB handling [#231218] [#207939]

- patches.drivers/qla2xxx-block-error-handler: crash in
qla2xxx driver during error recovery [#232957]

- patches.fixes/loop_early_wakeup_fix.diff: Fix oops in
loopback device during mount. [#232992]

- patches.fixes/nfs-jiffie-wrap: Avoid extra GETATTR calls
caused by 'jiffie wrap'. [#233155]

- add patches.fixes/atalk_sendmsg-crash.patch Fix
potential OOPS in atalk_sendmsg() [#235049]

- patches.fixes/ext3_readdir_use_generic_readahead.diff:
ext3_readdir: use generic readahead [#228682] [#235302]

- patches.drivers/ide-fix-drive-side-80c-detection:
[PATCH] ide: fix drive side 80c cable detection
[#237164]

- patches.fixes/xfs-kern-28000a-buffer-unwritten-new: Set
the buffer new flag on writes to unwritten XFS extents.
This fixes a corruption in preallocated files on XFS
[#237908]

- patches.drivers/ide-atiixp-fix-cable-detection: [PATCH]
atiixp: fix cable detection [#241403]

- patches.drivers/ide-atiixp-sb600-has-only-one-port:
[PATCH] atiixp: SB600 has only one channel [#241403]

- patches.fixes/md-avoid-bitmap-overflow: Avoid possible
BUG_ON in md bitmap handling. [#242180]

- patches.fixes/ocfs2-loop-aops-hack.diff: ocfs2/loop:
forbid use of aops when inappropriate [#242200]

See also :

http://support.novell.com/security/cve/CVE-2006-2936.html
http://support.novell.com/security/cve/CVE-2006-4814.html
http://support.novell.com/security/cve/CVE-2006-5749.html
http://support.novell.com/security/cve/CVE-2006-5753.html
http://support.novell.com/security/cve/CVE-2006-6106.html

Solution :

Apply ZYPP patch number 2606.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 29486 ()

Bugtraq ID:

CVE ID: CVE-2006-2936
CVE-2006-4814
CVE-2006-5749
CVE-2006-5753
CVE-2006-6106

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now