openSUSE Security Update : kernel (openSUSE-SU-2010:0634-1)
high Nessus Plugin ID 75549
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote openSUSE host is missing a security update.Description
The openSUSE 11.3 kernel was updated to versiuon 2.6.34.7. It fixes lots of bugs and security issues.A major regression in handling some USB Input devices (Mice and Keyboard) introduced by the previous update was fixed.
Fixed lots of bugs in the ATH5K wireless driver.
Following security issues were fixed: CVE-2010-3078: A XFS stack memory information disclosure was fixed.
CVE-2010-2954: A NULL pointer dereference in the IRDA stack was fixed, which could lead to kernel crashes.
CVE-2010-2959: A privilege escalation possibility in the CAN bus protocol module can_bcm was fixed.
CVE-2010-2942: Several memory leaks in the net scheduling code were fixed.
CVE-2010-2803: Fixed kernel memory information leaks from DRM ioctls.
Solution
Update the affected kernel packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=600948
https://bugzilla.novell.com/show_bug.cgi?id=628604
https://bugzilla.novell.com/show_bug.cgi?id=632309
https://bugzilla.novell.com/show_bug.cgi?id=633543
https://bugzilla.novell.com/show_bug.cgi?id=633581
https://bugzilla.novell.com/show_bug.cgi?id=635862
https://bugzilla.novell.com/show_bug.cgi?id=636112
https://bugzilla.novell.com/show_bug.cgi?id=637436
https://lists.opensuse.org/opensuse-updates/2010-09/msg00030.html
Plugin Details
Severity: High
ID: 75549
File Name: suse_11_3_kernel-100915.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/13/2014
Updated: 1/14/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.3
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/15/2010
Reference Information
CVE: CVE-2010-2803, CVE-2010-2942, CVE-2010-2954, CVE-2010-2959, CVE-2010-3078