openSUSE Security Update : kernel (kernel-1211)
High Nessus Plugin ID 40783
Synopsis
The remote openSUSE host is missing a security update.
Description
This kernel update for openSUSE 11.0 fixes some bugs and several security problems.
The following security issues are fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.
CVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.
CVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.
The compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.
CVE-2009-1389: A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network.
CVE-2009-1895: Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed.
CVE-2009-1046: A utf-8 console memory corruption that can be used for local privilege escalation was fixed.
The NULL page protection using mmap_min_addr was enabled (was disabled before).
No CVE yet: A sigaltstack kernel memory disclosure was fixed.
CVE-2008-5033: A local denial of service (Oops) in video4linux tvaudio was fixed.
CVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
Solution
Update the affected kernel packages.