SynopsisThe remote SuSE 11 host is missing one or more security updates.
DescriptionThe SUSE Linux Enterprise 11 kernel was updated to 220.127.116.11, fixing various bugs and security issues :
- The do_gfs2_set_flags() function in fs/gfs2/file.c of the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
- The nfs_wait_on_request() function in fs/nfs/pagelist.c of the Linux kernel allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. (CVE-2010-1087)
- When strict overcommit is enabled, mm/shmem.c does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.
- A race condition in the find_keyring_by_name() function in security/keys/keyring.c of the Linux kernel allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup() function. (CVE-2010-1437)
- arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory.
- The release_one_tty() function in drivers/char/tty_io.c of the Linux kernel omits certain required calls to the put_pid() function, which has an unspecified impact and local attack vectors. (CVE-2010-1162)
- The r8169 driver of the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. This vulnerability exists due to an incorrect fix for CVE-2009-1389. (CVE-2009-4537)
For a list of non-security related fixes please refer to the kernel RPM changelog.
SolutionApply SAT patch number 2682 / 2687 / 2689 as appropriate.