openSUSE Security Update : kernel (kernel-111)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.0 kernel was updated to 2.6.25.11.

It fixes following security problems: CVE-2008-2812: Various tty /
serial devices did not check functionpointers for NULL before calling
them, leading to potential crashes or code execution. The devices
affected are usually only accessible by the root user though.

CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c
in the Linux kernel allows remote attackers to cause a denial of
service (kernel heap memory corruption and system crash) and possibly
have unspecified other impact via a crafted PPPOL2TP packet that
results in a large value for a certain length variable.

No CVE yet: On x86_64 systems, a incorrect buffersize in LDT handling
might lead to local untrusted attackers causing a crash of the machine
or potentially execute code with kernel privileges.

The update also has lots of other bugfixes that are listed in the RPM
changelog.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=216857
https://bugzilla.novell.com/show_bug.cgi?id=400815
https://bugzilla.novell.com/show_bug.cgi?id=400874
https://bugzilla.novell.com/show_bug.cgi?id=404892
https://bugzilla.novell.com/show_bug.cgi?id=408734

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 40008 ()

Bugtraq ID:

CVE ID: CVE-2008-2750
CVE-2008-2812

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now