openSUSE 10 Security Update : kernel (kernel-4503)

High Nessus Plugin ID 27299


The remote openSUSE host is missing a security update.


This kernel update fixes the following security problems :

- CVE-2007-4571: An information disclosure vulnerability in the ALSA driver can be exploited by local users to read sensitive data from the kernel memory.

- CVE-2007-4573: It was possible for local user to become root by exploitable a bug in the IA32 system call emulation. This affects x86_64 platforms with kernel 2.4.x and 2.6.x before only.

and the following non security bugs :

- supported.conf: Mark 8250 and 8250_pci as supported (only Xen kernels build them as modules) [#260686]

- patches.fixes/bridge-module-get-put.patch: Module use count must be updated as bridges are created/destroyed [#267651]

- patches.fixes/nfsv4-MAXNAME-fix.diff: knfsd: query filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803]

- patches.fixes/sky2-tx-sum-resume.patch: sky2: fix transmit state on resume [#297132] [#326376]

- patches.suse/reiserfs-add-reiserfs_error.diff:
patches.suse/reiserfs-buffer-info-for-balance.diff: Fix reiserfs_error() with NULL superblock calls [#299604]

- patches.fixes/acpi_disable_C_states_in_suspend.patch:
ACPI: disable lower idle C-states across suspend/resume [#302482]

- kernel-syms.rpm: move the copies of the Modules.alias files from /lib/modules/... to /usr/src/linux-obj/... to avoid a file conflict between kernel-syms and other kernel-$flavor packages. The Modules.alias files in kernel-syms.rpm are intended for future use - [#307291]

- patches.fixes/jffs2-fix-ACL-vs-mode-handling: Fix ACL vs. mode handling. [#310520]

- patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-on-I RQ_WOC:
sata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used [#327536]

- Update config files: Enabled CONFIG_DVB_PLUTO2 for i386 since it's enabled everywhere else. [#327790]

- patches.drivers/libata-pata_ali-fix-garbage-PCI-rev-value: p ata_ali: fix garbage PCI rev value in ali_init_chipset() [#328422]

- patches.apparmor/apparmor-lsm-fix.diff:
apparmor_file_mmap function parameters mismatch [#328423]

- patches.drivers/libata-HPA-off-by-one-horkage: Fix HPA handling regression [#329584]


Update the affected kernel packages.

Plugin Details

Severity: High

ID: 27299

File Name: suse_kernel-4503.nasl

Version: $Revision: 1.9 $

Type: local

Agent: unix

Published: 2007/10/17

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-bigsmp, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xenpae, cpe:/o:novell:opensuse:10.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2007/10/08

Reference Information

CVE: CVE-2007-4571, CVE-2007-4573

CWE: 264