SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1410 / 1412 / 1413)

Medium Nessus Plugin ID 42343

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.37 fixing various bugs and security issues.

The following security issues were fixed :

- Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code. (CVE-2009-2909)

- Fixed various sockethandler getname leaks, which could disclose memory previously used by the kernel or other userland processes to the local attacker.
(CVE-2009-3002)

- A information leakage with upper 32bit register values on x86_64 systems was fixed. (CVE-2009-2910)

Various KVM stability and security fixes have also been added.

Solution

Apply SAT patch number 1410 / 1412 / 1413 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=410452

https://bugzilla.novell.com/show_bug.cgi?id=441650

https://bugzilla.novell.com/show_bug.cgi?id=448410

https://bugzilla.novell.com/show_bug.cgi?id=459146

https://bugzilla.novell.com/show_bug.cgi?id=466554

https://bugzilla.novell.com/show_bug.cgi?id=471396

https://bugzilla.novell.com/show_bug.cgi?id=472342

https://bugzilla.novell.com/show_bug.cgi?id=476582

https://bugzilla.novell.com/show_bug.cgi?id=477816

https://bugzilla.novell.com/show_bug.cgi?id=483375

https://bugzilla.novell.com/show_bug.cgi?id=483706

https://bugzilla.novell.com/show_bug.cgi?id=487412

https://bugzilla.novell.com/show_bug.cgi?id=490030

https://bugzilla.novell.com/show_bug.cgi?id=492547

https://bugzilla.novell.com/show_bug.cgi?id=498708

https://bugzilla.novell.com/show_bug.cgi?id=501563

https://bugzilla.novell.com/show_bug.cgi?id=504646

https://bugzilla.novell.com/show_bug.cgi?id=509753

https://bugzilla.novell.com/show_bug.cgi?id=511306

https://bugzilla.novell.com/show_bug.cgi?id=514022

https://bugzilla.novell.com/show_bug.cgi?id=515640

https://bugzilla.novell.com/show_bug.cgi?id=524242

https://bugzilla.novell.com/show_bug.cgi?id=527754

https://bugzilla.novell.com/show_bug.cgi?id=528769

https://bugzilla.novell.com/show_bug.cgi?id=531260

https://bugzilla.novell.com/show_bug.cgi?id=531384

https://bugzilla.novell.com/show_bug.cgi?id=531437

https://bugzilla.novell.com/show_bug.cgi?id=531533

https://bugzilla.novell.com/show_bug.cgi?id=531633

https://bugzilla.novell.com/show_bug.cgi?id=532063

https://bugzilla.novell.com/show_bug.cgi?id=532443

https://bugzilla.novell.com/show_bug.cgi?id=532598

https://bugzilla.novell.com/show_bug.cgi?id=533267

https://bugzilla.novell.com/show_bug.cgi?id=534065

https://bugzilla.novell.com/show_bug.cgi?id=534202

https://bugzilla.novell.com/show_bug.cgi?id=534214

https://bugzilla.novell.com/show_bug.cgi?id=534232

https://bugzilla.novell.com/show_bug.cgi?id=534961

https://bugzilla.novell.com/show_bug.cgi?id=534977

https://bugzilla.novell.com/show_bug.cgi?id=535380

https://bugzilla.novell.com/show_bug.cgi?id=535409

https://bugzilla.novell.com/show_bug.cgi?id=535497

https://bugzilla.novell.com/show_bug.cgi?id=535801

https://bugzilla.novell.com/show_bug.cgi?id=535880

https://bugzilla.novell.com/show_bug.cgi?id=535890

https://bugzilla.novell.com/show_bug.cgi?id=535947

https://bugzilla.novell.com/show_bug.cgi?id=536117

https://bugzilla.novell.com/show_bug.cgi?id=537435

https://bugzilla.novell.com/show_bug.cgi?id=539271

https://bugzilla.novell.com/show_bug.cgi?id=541403

https://bugzilla.novell.com/show_bug.cgi?id=544759

https://bugzilla.novell.com/show_bug.cgi?id=544779

https://bugzilla.novell.com/show_bug.cgi?id=545013

https://bugzilla.novell.com/show_bug.cgi?id=545236

https://bugzilla.novell.com/show_bug.cgi?id=546006

http://support.novell.com/security/cve/CVE-2009-2909.html

http://support.novell.com/security/cve/CVE-2009-2910.html

http://support.novell.com/security/cve/CVE-2009-3002.html

Plugin Details

Severity: Medium

ID: 42343

File Name: suse_11_kernel-091015.nasl

Version: Revision: 1.16

Type: local

Agent: unix

Published: 2009/11/03

Updated: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-vmi, p-cpe:/a:novell:suse_linux:11:kernel-vmi-base, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/10/15

Reference Information

CVE: CVE-2009-2909, CVE-2009-2910, CVE-2009-3002

CWE: 189, 200