SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4938)

high Nessus Plugin ID 59126

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This kernel update fixes the following security problems :

- Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. (CVE-2008-0007)

- Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code.
(CVE-2008-0001)

- Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. (CVE-2007-5966)

- The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). (CVE-2007-6417)

Additionally the following bugfixes have been included for all platforms :

- patches.suse/bootsplash: Bootsplash for current kernel (none). patch the patch for Bug 345980.

- patches.fixes/megaraid-fixup-driver-version: Megaraid driver version out of sync (299740).

- OCFS2: Updated to version 1.2.8

- patches.fixes/ocfs2-1.2-svn-r3070.diff: [PATCH] ocfs2:
Remove overzealous BUG_ON().

- patches.fixes/ocfs2-1.2-svn-r3072.diff: [PATCH] ocfs2:
fix rename vs unlink race.

- patches.fixes/ocfs2-1.2-svn-r3074.diff: [PATCH] ocfs2:
Remove expensive local alloc bitmap scan code.

- patches.fixes/ocfs2-1.2-svn-r3057.diff: [PATCH] ocfs2:
Check for cluster locking in ocfs2_readpage.

- patches.fixes/ocfs2-1.2-svn-r2975.diff: ocfs2_dlm: make functions static.

- patches.fixes/ocfs2-1.2-svn-r2976.diff: [PATCH] ocfs2_dlm: make tot_backoff more descriptive.

- patches.fixes/ocfs2-1.2-svn-r3002.diff: [PATCH] ocfs2:
Remove the printing of harmless ERRORS like ECONNRESET, EPIPE..

- patches.fixes/ocfs2-1.2-svn-r3004.diff: [PATCH] ocfs2_dlm: Call cond_resched_lock() once per hash bucket scan.

- patches.fixes/ocfs2-1.2-svn-r3006.diff: [PATCH] ocfs2_dlm: Silence compiler warnings.

- patches.fixes/ocfs2-1.2-svn-r3062.diff: [PATCH] ocfs2_dlm: Fix double increment of migrated lockres' owner count.

- patches.fixes/hugetlb-get_user_pages-corruption.patch:
hugetlb: follow_hugetlb_page() for write access (345239).

- enable patches.fixes/reiserfs-fault-in-pages.patch (333412)

- patches.drivers/usb-update-evdo-driver-ids.patch: USB:
update evdo driver ids. Get the module to build...

- patches.drivers/usb-add-usb_device_and_interface_info.pa tch: USB: add USB_DEVICE_AND_INTERFACE_INFO(). This is needed to get the HUAWEI devices to work properly, and to get patches.drivers/usb-update-evdo-driver-ids.patch to build without errors.

- patches.drivers/usb-update-evdo-driver-ids.patch: USB:
update evdo driver ids on request from our IT department (345438).

- patches.suse/kdump-dump_after_notifier.patch: Add dump_after_notifier sysctl (265764).

- patches.drivers/libata-sata_nv-disable-ADMA: sata_nv:
disable ADMA by default (346508).

- patches.fixes/cpufreq-fix-ondemand-deadlock.patch:
Cpufreq fix ondemand deadlock (337439).

- patches.fixes/eliminate-cpufreq_userspace-scaling_setspe ed-deadlock.patch: Eliminate cpufreq_userspace scaling_setspeed deadlock (337439).

- patches.xen/15181-dma-tracking.patch: Fix issue preventing Xen KMPs from building.

- patches.drivers/r8169-perform-a-PHY-reset-before.patch:
r8169: perform a PHY reset before any other operation at boot time (345658).

- patches.drivers/r8169-more-alignment-for-the-0x8168:
refresh.

- patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. (292478).
There was a problem with this patch which would cause apparently random crashes when lockd was in use. The offending change has been removed.

- patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850).

- patches.fixes/cifs-incomplete-recv.patch: fix incorrect session reconnects (279783).

- patches.fixes/megaraid_mbox-dell-cerc-support: Fix so that it applies properly. I extended the context to 6 lines to help patch find where to apply the patch (267134).

- patches.fixes/md-idle-test: md: improve the is_mddev_idle test fix (326591).

Fixes for the AMD64/Intel EM64T (x86_64) platform :

- patches.arch/x86_64-mce-loop: x86_64: fix misplaced `continue' in mce.c (344239).

Solution

Apply ZYPP patch number 4938.

See Also

http://support.novell.com/security/cve/CVE-2007-5966.html

http://support.novell.com/security/cve/CVE-2007-6417.html

http://support.novell.com/security/cve/CVE-2008-0001.html

http://support.novell.com/security/cve/CVE-2008-0007.html

Plugin Details

Severity: High

ID: 59126

File Name: suse_kernel-4938.nasl

Version: 1.6

Type: local

Agent: unix

Published: 5/17/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/24/2008

Reference Information

CVE: CVE-2007-5966, CVE-2007-6417, CVE-2008-0001, CVE-2008-0007

CWE: 189, 200, 399