SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)
High Nessus Plugin ID 41535
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems :
- When creating a file, open()/creat() allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, the new file's group is one which the user is not a member of. The local attacker could then use ftruncate() and memory-mapped I/O to turn the new file into an arbitrary binary and thus gain the privileges of this group, since these operations do not clear the setgid bit.'. (CVE-2008-4210)
- The ext filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile.
- The S/390 ptrace code allowed local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.
- fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. (CVE-2007-6716)
- Added missing capability checks in sbni_ioctl().
Also OCFS2 was updated to version v1.4.1-1.
The full amount of changes can be reviewed in the RPM changelog.
SolutionApply ZYPP patch number 5668.