openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 11.3 kernel was updated to fix various bugs and security
issues.

Following security issues have been fixed: CVE-2011-4604: If root does
read() on a specific socket, it's possible to corrupt (kernel) memory
over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol
is used.

CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the
Linux kernels packet scheduler API implementation to be called on
built-in qdisc structures. A local, unprivileged user could have used
this flaw to trigger a NULL pointer dereference, resulting in a denial
of service.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used
predictable fragment identification numbers. A remote attacker could
exploit this to exhaust network resources, leading to a denial of
service.

CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c
in the Linux kernel did not properly audit INET_DIAG bytecode, which
allowed local users to cause a denial of service (kernel infinite
loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
message, as demonstrated by an INET_DIAG_BC_JMP instruction with a
zero yes value, a different vulnerability than CVE-2010-3880.

CVE-2011-1576: The Generic Receive Offload (GRO) implementation in the
Linux kernel allowed remote attackers to cause a denial of service via
crafted VLAN packets that are processed by the napi_reuse_skb
function, leading to (1) a memory leak or (2) memory corruption, a
different vulnerability than CVE-2011-1478.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in
net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have
allowed local users to cause a denial of service or have unspecified
other impact via a crafted write operation, related to string data
that lacks a terminating '\0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options function
(net/dccp/options.c) in the Linux kernel allowed remote attackers to
cause a denial of service via a Datagram Congestion Control Protocol
(DCCP) packet with an invalid feature options length, which triggered
a buffer over-read.

CVE-2011-2723: The skb_gro_header_slow function in
include/linux/netdevice.h in the Linux kernel, when Generic Receive
Offload (GRO) is enabled, reset certain fields in incorrect
situations, which allowed remote attackers to cause a denial of
service (system crash) via crafted network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was
fixed which might have allowed local attackers to read kernel memory.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs
filesystems was fixed which could be used by local attackers to crash
the kernel.

CVE-2011-4081: Using the crypto interface a local user could Oops the
kernel by writing to a AF_ALG socket.

See also :

http://lists.opensuse.org/opensuse-updates/2012-02/msg00008.html
https://bugzilla.novell.com/show_bug.cgi?id=691052
https://bugzilla.novell.com/show_bug.cgi?id=692498
https://bugzilla.novell.com/show_bug.cgi?id=698450
https://bugzilla.novell.com/show_bug.cgi?id=699709
https://bugzilla.novell.com/show_bug.cgi?id=700879
https://bugzilla.novell.com/show_bug.cgi?id=702037
https://bugzilla.novell.com/show_bug.cgi?id=707288
https://bugzilla.novell.com/show_bug.cgi?id=709764
https://bugzilla.novell.com/show_bug.cgi?id=710235
https://bugzilla.novell.com/show_bug.cgi?id=726788
https://bugzilla.novell.com/show_bug.cgi?id=728661
https://bugzilla.novell.com/show_bug.cgi?id=735612
https://bugzilla.novell.com/show_bug.cgi?id=736149

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now