SuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 5735)
Medium Nessus Plugin ID 59134
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis patch updates the SUSE Linux Enterprise 10 SP1 kernel. It fixes various bugs and security issues.
The following security issues are addressed :
- fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. (CVE-2008-4210)
- The ext filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile.
- fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. (CVE-2007-6716)
All other bugfixes can be found by looking at the RPM changelog.
SolutionApply ZYPP patch number 5735.