SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 7059)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe
regression introduced by previous bugfix updates that would corrupt
NFSv4 mounted data.

The update also fixes several other bugs and following security
issue :

- drivers/net/r8169.c in the r8169 driver of Linux kernel
2.6.32.3 and earlier does not properly check the size of
an Ethernet frame that exceeds the maximum transmission
unit (MTU), which allows remote attackers to.
(CVE-2009-4537)

1. cause a denial of service (temporary network outage)
via a packet with a crafted size, in conjunction with
certain packets containing A characters and certain
packets containing E characters; or 2. cause a denial of
service (system crash) via a packet with a crafted size,
in conjunction with certain packets containing '0'
characters, related to the value of the status register
and erroneous behavior associated with the RxMaxSize
register.

- An information leak in 32bit emulation on x86_64
machines could disclose sensitive information to local
attackers. (CVE-2008-0598)

See also :

http://support.novell.com/security/cve/CVE-2008-0598.html
http://support.novell.com/security/cve/CVE-2009-4537.html

Solution :

Apply ZYPP patch number 7059.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 49871 ()

Bugtraq ID:

CVE ID: CVE-2008-0598
CVE-2009-4537

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now