openSUSE Security Update : kernel (kernel-423)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes various security issues and several bugs in the
openSUSE 11.0 kernel. It was also updated to the stable version
2.6.25.20.

CVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in
drivers/watchdog/ib700wdt.c might allow local users to have an unknown
impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.

CVE-2008-5700: libata did not set minimum timeouts for SG_IO requests,
which allows local users to cause a denial of service (Programmed I/O
mode on drives) via multiple simultaneous invocations of an
unspecified test program.

CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users
to cause a denial of service (kernel infinite loop) by making two
calls to svc_listen for the same socket, and then reading a
/proc/net/atm/*vc file, related to corruption of the vcc table.

CVE-2008-5300: Linux kernel 2.6.28 allows local users to cause a
denial of service ('soft lockup' and process loss) via a large number
of sendmsg function calls, which does not block during AF_UNIX garbage
collection and triggers an OOM condition, a different vulnerability
than CVE-2008-5029.

CVE-2008-5029: The __scm_destroy function in net/core/scm.c makes
indirect recursive calls to itself through calls to the fput function,
which allows local users to cause a denial of service (panic) via
vectors related to sending an SCM_RIGHTS message through a UNIX domain
socket and closing file descriptors.

CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in
fs/hfsplus/catalog.c allowed attackers to cause a denial of service
(memory corruption or system crash) via an hfsplus filesystem image
with an invalid catalog namelength field, related to the
hfsplus_cat_build_key_uni function.

CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec
function in fs/hfs/catalog.c allowed attackers to cause a denial of
service (memory corruption or system crash) via an hfs filesystem
image with an invalid catalog namelength field, a related issue to
CVE-2008-4933.

CVE-2008-5182: The inotify functionality might allow local users to
gain privileges via unknown vectors related to race conditions in
inotify watch removal and umount.

CVE-2008-3831: The i915 driver in drivers/char/drm/i915_dma.c does not
restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager
(DRM) master, which allows local users to cause a denial of service
(memory corruption) via a crafted ioctl call, related to absence of
the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

CVE-2008-4554: The do_splice_from function in fs/splice.c did not
reject file descriptors that have the O_APPEND flag set, which allows
local users to bypass append mode and make arbitrary changes to other
locations in the file.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=362850
https://bugzilla.novell.com/show_bug.cgi?id=371657
https://bugzilla.novell.com/show_bug.cgi?id=399966
https://bugzilla.novell.com/show_bug.cgi?id=405546
https://bugzilla.novell.com/show_bug.cgi?id=419250
https://bugzilla.novell.com/show_bug.cgi?id=429919
https://bugzilla.novell.com/show_bug.cgi?id=439461
https://bugzilla.novell.com/show_bug.cgi?id=442364
https://bugzilla.novell.com/show_bug.cgi?id=442594
https://bugzilla.novell.com/show_bug.cgi?id=443640
https://bugzilla.novell.com/show_bug.cgi?id=443661
https://bugzilla.novell.com/show_bug.cgi?id=445569
https://bugzilla.novell.com/show_bug.cgi?id=446973
https://bugzilla.novell.com/show_bug.cgi?id=447241
https://bugzilla.novell.com/show_bug.cgi?id=447406
https://bugzilla.novell.com/show_bug.cgi?id=450417
https://bugzilla.novell.com/show_bug.cgi?id=457896
https://bugzilla.novell.com/show_bug.cgi?id=457897
https://bugzilla.novell.com/show_bug.cgi?id=457898

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now