openSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)
High Nessus Plugin ID 75882
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe openSUSE 11.4 kernel was updated to fix bugs and security issues.
Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.
CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.
CVE-2011-1173: A kernel information leak via ip6_tables was fixed.
CVE-2011-1172: A kernel information leak via ip6_tables netfilter was fixed.
CVE-2011-1171: A kernel information leak via ip_tables was fixed.
CVE-2011-1170: A kernel information leak via arp_tables was fixed.
CVE-2011-1080: A kernel information leak via netfilter was fixed.
CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '0' character.
CVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.
CVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.
CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.
CVE-2011-4087: A local denial of service when using bridged networking via a flood ping was fixed.
CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.
CVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.
SolutionUpdate the affected kernel packages.