openSUSE Security Update : kernel (openSUSE-SU-2010:0634-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.3 kernel was updated to versiuon 2.6.34.7. It fixes
lots of bugs and security issues.

A major regression in handling some USB Input devices (Mice and
Keyboard) introduced by the previous update was fixed.

Fixed lots of bugs in the ATH5K wireless driver.

Following security issues were fixed: CVE-2010-3078: A XFS stack
memory information disclosure was fixed.

CVE-2010-2954: A NULL pointer dereference in the IRDA stack was fixed,
which could lead to kernel crashes.

CVE-2010-2959: A privilege escalation possibility in the CAN bus
protocol module can_bcm was fixed.

CVE-2010-2942: Several memory leaks in the net scheduling code were
fixed.

CVE-2010-2803: Fixed kernel memory information leaks from DRM ioctls.

See also :

http://lists.opensuse.org/opensuse-updates/2010-09/msg00030.html
https://bugzilla.novell.com/show_bug.cgi?id=600948
https://bugzilla.novell.com/show_bug.cgi?id=628604
https://bugzilla.novell.com/show_bug.cgi?id=632309
https://bugzilla.novell.com/show_bug.cgi?id=633543
https://bugzilla.novell.com/show_bug.cgi?id=633581
https://bugzilla.novell.com/show_bug.cgi?id=635862
https://bugzilla.novell.com/show_bug.cgi?id=636112
https://bugzilla.novell.com/show_bug.cgi?id=637436

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75549 ()

Bugtraq ID:

CVE ID: CVE-2010-2803
CVE-2010-2942
CVE-2010-2954
CVE-2010-2959
CVE-2010-3078

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now