SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5924)
High Nessus Plugin ID 41537
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThe SUSE Linux Enterprise 10 Service Pack 2 kernel was updated to fix some security issues and various bugs.
The following security problems have been fixed :
- net/atm/svc.c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/ *vc file, related to corruption of the vcc table. (CVE-2008-5079)
- The __scm_destroy function in net/core/scm.c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. (CVE-2008-5029)
- Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. (CVE-2008-4933)
- Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
- The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.
A lot of other bugs were fixed, a detailed list can be found in the RPM changelog.
SolutionApply ZYPP patch number 5924.