openSUSE 10 Security Update : kernel (kernel-2099)
High Nessus Plugin ID 27290
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis kernel update fixes the following security problems :
- CVE-2006-3745: A double userspace copy in a SCTP ioctl allows local attackers to overflow a buffer in the kernel, potentially allowing code execution and privilege escalation. [#199441]
- CVE-2006-4093: Local attackers were able to crash PowerPC systems with PPC970 processor using a not correctly disabled privileged instruction ('attn').
- CVE-2006-3468: Remote attackers able to access an NFS of a ext2 or ext3 filesystem can cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. [#192988]
Additionaly this kernel catches up to the SLE 10 state of the kernel, with massive additional fixes.
SolutionUpdate the affected kernel packages.