Detections
Analytics

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7811)

critical Nessus Plugin ID 59160

Language:

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed :

 - A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash.
 (CVE-2009-4067)

 - Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. (CVE-2011-3363)

 - A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. (CVE-2011-3191)

 - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
 (CVE-2011-1776)

The following non-security issues have been fixed :

 - md: fix deadlock in md/raid1 and md/raid10 when handling a read error. (bnc#628343)

 - md: fix possible raid1/raid10 deadlock on read error during resync. (bnc#628343)

 - Add timeo parameter to /proc/mounts for nfs filesystems.
 (bnc#616256)

 - virtio: indirect ring entries (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876)

 - virtio: teach virtio_has_feature() about transport features. (bnc#713876)

 - nf_nat: do not add NAT extension for confirmed conntracks. (bnc#709213)

 - 8250: Oxford Semiconductor Devices. (bnc#717126)

 - 8250_pci: Add support for the Digi/IBM PCIe 2-port Adapter. (bnc#717126)

 - 8250: Fix capabilities when changing the port type.
 (bnc#717126)

 - 8250: Add EEH support. (bnc#717126)

 - xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354 / bnc#721830)

 - ipmi: do not grab locks in run-to-completion mode.
 (bnc#717421)

 - cifs: add fallback in is_path_accessible for old servers. (bnc#718028)

 - cciss: do not attempt to read from a write-only register. (bnc#683101)

 - s390: kernel: System hang if hangcheck timer expires (bnc#712009,LTC#74157).

 - s390: kernel: NSS creation with initrd fails (bnc#712009,LTC#74207).

 - s390: kernel: remove code to handle topology interrupts (bnc#712009,LTC#74440).

 - xen: Added 1083-kbdfront-absolute-coordinates.patch.
 (bnc#717585)

 - acpi: Use a spinlock instead of mutex to guard gbl_lock access. (bnc#707439)

 - Allow balance_dirty_pages to help other filesystems.
 (bnc#709369)

 - nfs: fix congestion control. (bnc#709369)

 - NFS: Separate metadata and page cache revalidation mechanisms. (bnc#709369)

 - jbd: Fix oops in journal_remove_journal_head().
 (bnc#694315)

 - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)

 - xen/x86: replace order-based range checking of M2P table by linear one.

 - xen/x86: use dynamically adjusted upper bound for contiguous regions. (bnc#635880)

 - Fix type in patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is
 -making-progress.

 - s390: cio: Add timeouts for internal IO (bnc#701550,LTC#72691).

 - s390: kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132).

 - s390: qeth: wrong number of output queues for HiperSockets (bnc#701550,LTC#73814).

Solution

Apply ZYPP patch number 7811.

See Also

http://support.novell.com/security/cve/CVE-2009-4067.html

http://support.novell.com/security/cve/CVE-2011-1577.html

http://support.novell.com/security/cve/CVE-2011-1776.html

http://support.novell.com/security/cve/CVE-2011-3191.html

http://support.novell.com/security/cve/CVE-2011-3363.html

Plugin Details

Severity: Critical

ID: 59160

File Name: suse_kernel-7811.nasl

Version: 1.5

Type: local

Agent: unix

Published: 5/17/2012

Updated: 1/19/2021

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/21/2011

Reference Information

CVE: CVE-2009-4067, CVE-2011-1577, CVE-2011-1776, CVE-2011-3191, CVE-2011-3363