SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 2096)
High Nessus Plugin ID 59121
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis kernel update fixes the following security problems :
- A double userspace copy in a SCTP ioctl allows local attackers to overflow a buffer in the kernel, potentially allowing code execution and privilege escalation. [#199441]. (CVE-2006-3745)
- Local attackers were able to crash PowerPC systems with PPC970 processor using a not correctly disabled privileged instruction ('attn'). [#197810].
- Remote attackers able to access an NFS of a ext2 or ext3 filesystem can cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. [#192988].
and the following non security bugs :
- XEN patches/fixes :
- kunmap_atomic() must zap the PTE to avoid dangling references.
- Fix oops on io scheduler unload on a process without ioc (backport)
- OCFS2 updated to to version 1.2.3.
- update patches.arch/ppc-update_gtod-race.patch: restrict to 64bit only because it leads to deadlocks on ppc32 [#202146]
- Fix MCA recovery in context switch path [#199472]
- fix gettimeofday vs. update_gtod race [#197699]
- LKCD: dump all slab pages. [#196330]
- Make idle io be lowest priority best-effort [#195387]
- Fix dropping of wrong cic. [#195387]
- Fix stale file handle problem with subtree_checking.
- Remove Altix PROM bit that can race on MCAs. [#193296]
- Prevent silent data corruption caused by XPC. [#193132]
- Fix race condition during COW [#192259]
- sched: fix group power for allnodes_domains [#191929]
- Allow dma_alloc_coherent() to work for regions up to 2MB. [#191615]
- fix ABBA deadlock between cpuset callback_sem and hotplug cpucontrol mutex [#191582]
- Check for existing sysfs directory prior to creating one [#191360]
- Fix possible NFS panic in readdir. [#189951]
- MPT driver: Fix oops on module loading [#189534]
- SUNRPC: Ensure that rpc_mkpipe returns a refcounted dentry [#183013]
- Pass file mode on DMAPI remove events [#182691]
- MPT driver: Fix oops during error recovery [#177919]
- flush icache on POWER4 cpus to fix itrace crash [#171699]
- KPROBES: Fix system panic if user doing copy_from_user in the probe handlers [#171483]
- patches.xen/xen-balloon-max-target: Expose limit domain can be ballooned up to [#152667]
- Avoid possible soft-lockup, particularly related to md [#152099]
- reiserfs: fix transaction overflowing [#145070]
SolutionApply ZYPP patch number 2096.