openSUSE Security Update : kernel (kernel-2146)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of the openSUSE 11.2 kernel contains a lot of bug and
security fixes.

Following security issues were fixed: CVE-2010-0622: The wake_futex_pi
function in kernel/futex.c in the Linux kernel does not properly
handle certain unlock operations for a Priority Inheritance (PI)
futex, which allows local users to cause a denial of service (OOPS)
and possibly have unspecified other impact via vectors involving
modification of the futex value from user space.

CVE-2010-0623: The futex_lock_pi function in kernel/futex.c in the
Linux kernel does not properly manage a certain reference count, which
allows local users to cause a denial of service (OOPS) via vectors
involving an unmount of an ext3 filesystem.

CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux
kernel does not validate node values, which allows local users to read
arbitrary kernel memory locations, cause a denial of service (OOPS),
and possibly have unspecified other impact by specifying a node that
is not part of the kernel's node set.

CVE-2010-0410: drivers/connector/connector.c in the Linux kernel
allows local users to cause a denial of service (memory consumption
and system crash) by sending the kernel many NETLINK_CONNECTOR
messages.

CVE-2009-4031: The do_insn_fetch function in arch/x86/kvm/emulate.c in
the x86 emulator in the KVM subsystem in the Linux kernel tries to
interpret instructions that contain too many bytes to be valid, which
allows guest OS users to cause a denial of service (increased
scheduling latency) on the host OS via unspecified manipulations
related to SMP support.

This update also contains a large rollup of fixes for the rt2860 and
rt3090 wireless drivers from the mainline kernel.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=474773
https://bugzilla.novell.com/show_bug.cgi?id=492961
https://bugzilla.novell.com/show_bug.cgi?id=510449
https://bugzilla.novell.com/show_bug.cgi?id=544760
https://bugzilla.novell.com/show_bug.cgi?id=555747
https://bugzilla.novell.com/show_bug.cgi?id=558269
https://bugzilla.novell.com/show_bug.cgi?id=561078
https://bugzilla.novell.com/show_bug.cgi?id=565962
https://bugzilla.novell.com/show_bug.cgi?id=566634
https://bugzilla.novell.com/show_bug.cgi?id=568319
https://bugzilla.novell.com/show_bug.cgi?id=570314
https://bugzilla.novell.com/show_bug.cgi?id=574654
https://bugzilla.novell.com/show_bug.cgi?id=576927
https://bugzilla.novell.com/show_bug.cgi?id=577747
https://bugzilla.novell.com/show_bug.cgi?id=577753
https://bugzilla.novell.com/show_bug.cgi?id=578064
https://bugzilla.novell.com/show_bug.cgi?id=578222
https://bugzilla.novell.com/show_bug.cgi?id=578550
https://bugzilla.novell.com/show_bug.cgi?id=578708
https://bugzilla.novell.com/show_bug.cgi?id=579076
https://bugzilla.novell.com/show_bug.cgi?id=579219
https://bugzilla.novell.com/show_bug.cgi?id=579439
https://bugzilla.novell.com/show_bug.cgi?id=579989
https://bugzilla.novell.com/show_bug.cgi?id=580799
https://bugzilla.novell.com/show_bug.cgi?id=581271
https://bugzilla.novell.com/show_bug.cgi?id=581718
https://bugzilla.novell.com/show_bug.cgi?id=582552
https://bugzilla.novell.com/show_bug.cgi?id=582907
https://bugzilla.novell.com/show_bug.cgi?id=584320

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 45128 ()

Bugtraq ID:

CVE ID: CVE-2009-4031
CVE-2010-0410
CVE-2010-0415
CVE-2010-0622
CVE-2010-0623

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now