SUSE-SA:2005:050: kernel

high Nessus Plugin ID 19929

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:050 (kernel).


The Linux kernel was updated to fix the following security issues:
- CVE-2005-2457: A problem in decompression of files on 'zisofs' filesystem was fixed.

- CVE-2005-2458: A potential buffer overflow in the zlib decompression handling in the kernel was fixed.

- CVE-2005-2459: Some return codes in zlib decoding were fixed which could have led to an attacker crashing the kernel.

- CVE-2005-2555: Only processes with the CAP_NET_ADMIN capability is now allowed load socket policies.

- CVE-2005-2456: Fixed a potential overflow caused by missing boundary checks of sock->sk_policy in net/xfrm/.

- AMD64/EM64T/x86_64 only: A previous fix for a denial of service attack with compat 32bit mode programs was too strict and could crash the kernel. (The earlier fix had the Mitre CVE ID CVE-2005-1765.)

- S/390 only: Fixed /sys/ permissions where a user could change machine states, including powering down or up partitions.

- CVE-2005-0916: PowerPC only: A missing patch for a hugetlb memory context handling problem was added.

Above problems affect SUSE Linux 9.1 up to 9.3 and SUSE Linux Enterprise Server 9.

Solution

http://www.suse.de/security/advisories/2005_50_kernel.html

Plugin Details

Severity: High

ID: 19929

File Name: suse_SA_2005_050.nasl

Version: 1.9

Agent: unix

Published: 10/5/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list