SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2682 / 2687 / 2689)

High Nessus Plugin ID 50922

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 kernel was updated to 2.6.27.48, fixing various bugs and security issues :

- The do_gfs2_set_flags() function in fs/gfs2/file.c of the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
(CVE-2010-1641)

- The nfs_wait_on_request() function in fs/nfs/pagelist.c of the Linux kernel allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. (CVE-2010-1087)

- When strict overcommit is enabled, mm/shmem.c does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.
(CVE-2010-1643)

- A race condition in the find_keyring_by_name() function in security/keys/keyring.c of the Linux kernel allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup() function. (CVE-2010-1437)

- arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory.
(CVE-2010-1446)

- The release_one_tty() function in drivers/char/tty_io.c of the Linux kernel omits certain required calls to the put_pid() function, which has an unspecified impact and local attack vectors. (CVE-2010-1162)

- The r8169 driver of the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. This vulnerability exists due to an incorrect fix for CVE-2009-1389. (CVE-2009-4537)

For a list of non-security related fixes please refer to the kernel RPM changelog.

Solution

Apply SAT patch number 2682 / 2687 / 2689 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=465707

https://bugzilla.novell.com/show_bug.cgi?id=543480

https://bugzilla.novell.com/show_bug.cgi?id=557710

https://bugzilla.novell.com/show_bug.cgi?id=559111

https://bugzilla.novell.com/show_bug.cgi?id=567376

https://bugzilla.novell.com/show_bug.cgi?id=569916

https://bugzilla.novell.com/show_bug.cgi?id=574006

https://bugzilla.novell.com/show_bug.cgi?id=577967

https://bugzilla.novell.com/show_bug.cgi?id=583677

https://bugzilla.novell.com/show_bug.cgi?id=584216

https://bugzilla.novell.com/show_bug.cgi?id=590415

https://bugzilla.novell.com/show_bug.cgi?id=591371

https://bugzilla.novell.com/show_bug.cgi?id=591556

https://bugzilla.novell.com/show_bug.cgi?id=593881

https://bugzilla.novell.com/show_bug.cgi?id=596113

https://bugzilla.novell.com/show_bug.cgi?id=596462

https://bugzilla.novell.com/show_bug.cgi?id=597337

https://bugzilla.novell.com/show_bug.cgi?id=599213

https://bugzilla.novell.com/show_bug.cgi?id=599955

https://bugzilla.novell.com/show_bug.cgi?id=600774

https://bugzilla.novell.com/show_bug.cgi?id=601283

https://bugzilla.novell.com/show_bug.cgi?id=602969

https://bugzilla.novell.com/show_bug.cgi?id=604183

https://bugzilla.novell.com/show_bug.cgi?id=608366

https://bugzilla.novell.com/show_bug.cgi?id=608576

https://bugzilla.novell.com/show_bug.cgi?id=608933

https://bugzilla.novell.com/show_bug.cgi?id=609134

https://bugzilla.novell.com/show_bug.cgi?id=610296

https://bugzilla.novell.com/show_bug.cgi?id=612213

http://support.novell.com/security/cve/CVE-2009-1389.html

http://support.novell.com/security/cve/CVE-2009-4537.html

http://support.novell.com/security/cve/CVE-2010-1087.html

http://support.novell.com/security/cve/CVE-2010-1162.html

http://support.novell.com/security/cve/CVE-2010-1437.html

http://support.novell.com/security/cve/CVE-2010-1446.html

http://support.novell.com/security/cve/CVE-2010-1641.html

http://support.novell.com/security/cve/CVE-2010-1643.html

Plugin Details

Severity: High

ID: 50922

File Name: suse_11_kernel-100709.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2010/12/02

Updated: 2018/06/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-vmi, p-cpe:/a:novell:suse_linux:11:kernel-vmi-base, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2010/07/09

Reference Information

CVE: CVE-2009-1389, CVE-2009-4537, CVE-2010-1087, CVE-2010-1162, CVE-2010-1437, CVE-2010-1446, CVE-2010-1641, CVE-2010-1643

CWE: 20, 119