SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel.
The following security issues were fixed :
- Two sysfs filers in the qla2xxx driver were worldwriteable, so users could change SCSI attributes of the qla2xxx driver. CVE-2009-4536:
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-3556)
(The e1000e driver is not included in the SLES 10 SP2 kernel, so CVE-2009-4538 does not affect this kernel.)
SolutionApply ZYPP patch number 6810.