Detections
Analytics
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4472)
high Nessus Plugin ID 59124
Language:
Synopsis
The remote SuSE 10 host is missing a security-related patch.Description
This kernel update fixes the following security problems :- It was possible for local user to become root by exploiting a bug in the IA32 system call emulation. This affects x86_64 platforms with kernel 2.4.x and 2.6.x before 2.6.22.7 only. (CVE-2007-4573)
- An information disclosure vulnerability in the ALSA driver can be exploited by local users to read sensitive data from the kernel memory. (CVE-2007-4571)
and the following non security bugs :
- patches.xen/xen-blkback-cdrom: CDROM removable media-present attribute plus handling code [#159907]
- patches.drivers/libata-add-pata_dma-kernel-parameter:
libata: Add a drivers/ide style DMA disable [#229260] [#272786]
- patches.drivers/libata-sata_via-kill-SATA_PATA_SHARING:
sata_via: kill SATA_PATA_SHARING register handling [#254158] [#309069]
- patches.drivers/libata-sata_via-add-PCI-IDs: sata_via:
add PCI IDs [#254158] [#326647]
- supported.conf: Marked 8250 and 8250_pci as supported (only Xen kernels build them as modules) [#260686]
- patches.fixes/bridge-module-get-put.patch: Module use count must be updated as bridges are created/destroyed [#267651]
- patches.fixes/iscsi-netware-fix: Linux Initiator hard hangs writing files to NetWare target [#286566]
- patches.fixes/lockd-chroot-fix: Allow lockd to work reliably with applications in a chroot [#288376] [#305480]
- add patches.fixes/x86_64-hangcheck_timer-fix.patch fix monotonic_clock() and hangcheck_timer [#291633]
- patches.arch/sn_hwperf_cpuinfo_fix.diff: Correctly count CPU objects for SGI ia64/sn hwperf interface [#292240]
- Extend reiserfs to properly support file systems up to 16 TiB [#294754]
- patches.fixes/reiserfs-signedness-fixes.diff: reiserfs:
fix usage of signed ints for block numbers
- patches.fixes/reiserfs-fix-large-fs.diff: reiserfs:
ignore s_bmap_nr on disk for file systems >= 8 TiB
- patches.suse/ocfs2-06-per-resource-events.diff: Deliver events without a specified resource unconditionally.
[#296606]
- patches.fixes/proc-readdir-race-fix.patch: Fix the race in proc_pid_readdir [#297232]
- patches.xen/xen3-patch-2.6.16.49-50: XEN: update to Linux 2.6.16.50 [#298719]
- patches.fixes/pm-ordering-fix.patch: PM: Fix ACPI suspend / device suspend ordering [#302207]
- patches.drivers/ibmvscsi-slave_configure.patch add
->slave_configure() to allow device restart [#304138]
- patches.arch/ppc-power6-ebus-unique_location.patch Prevent bus_id collisions [#306482]
- patches.xen/30-bit-field-booleans.patch: Fix packet loss in DomU xen netback driver [#306896]
- config/i386/kdump: Enable ahci module [#308556]
- update patches.drivers/ppc-power6-ehea.patch fix link state detection for bonding [#309553]
- patches.drivers/ibmveth-fixup-pool_deactivate.patch patches.drivers/ibmveth-large-frames.patch patches.drivers/ibmveth-large-mtu.patch: fix serveral crashes when changing ibmveth sysfs values [#326164]
- patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race- on-I RQ_WOC: sata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used [#327536]
- update patches.drivers/ibmvscsis.patch set blocksize to PAGE_CACHE_SIZE to fix flood of bio allocation warnings/failures [#328219]
Solution
Apply ZYPP patch number 4472.See Also
Plugin Details
Severity: High
ID: 59124
File Name: suse_kernel-4472.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/17/2012
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:suse:suse_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 10/2/2007
Reference Information
CVE: CVE-2007-4571, CVE-2007-4573
CWE: 264