SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6641)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update fixes various bugs and some security issues in the SUSE
Linux Enterprise 10 SP 3 kernel.

The following security issues were fixed: CVE-2009-3238: The
get_random_int function in drivers/char/random.c in the Linux kernel
produces insufficiently random numbers, which allows attackers to
predict the return value, and possibly defeat protection mechanisms
based on randomization, via vectors that leverage the functions
tendency to return the same value over and over again for long
stretches of time.

- The (1) agp_generic_alloc_page and (2)
agp_generic_alloc_pages functions in
drivers/char/agp/generic.c in the agp subsystem in the
Linux kernel do not zero out pages that may later be
available to a user-space process, which allows local
users to obtain sensitive information by reading these
pages. (CVE-2009-1192)

- Unsigned check in the ax25 socket handler could allow
local attackers to potentially crash the kernel or even
execute code. (CVE-2009-2909)

See also :

http://support.novell.com/security/cve/CVE-2009-1192.html
http://support.novell.com/security/cve/CVE-2009-2909.html
http://support.novell.com/security/cve/CVE-2009-3238.html

Solution :

Apply ZYPP patch number 6641.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 59141 ()

Bugtraq ID:

CVE ID: CVE-2009-1192
CVE-2009-2909
CVE-2009-3238

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now