openSUSE Security Update : kernel (kernel-67)

medium Nessus Plugin ID 40007

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.0 kernel was updated to 2.6.25.9.

It fixes two security problems: CVE-2008-2372: A resource starvation issue within mmap was fixed, which could have been used by local attackers to hang the machine.

CVE-2008-2826: A integer overflow in SCTP was fixed, which might have been used by remote attackers to crash the machine or potentially execute code.

The update also has lots of other bugfixes that are listed in the RPM changelog.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=300001

https://bugzilla.novell.com/show_bug.cgi?id=333043

https://bugzilla.novell.com/show_bug.cgi?id=351119

https://bugzilla.novell.com/show_bug.cgi?id=369558

https://bugzilla.novell.com/show_bug.cgi?id=374637

https://bugzilla.novell.com/show_bug.cgi?id=389656

https://bugzilla.novell.com/show_bug.cgi?id=390384

https://bugzilla.novell.com/show_bug.cgi?id=394566

https://bugzilla.novell.com/show_bug.cgi?id=396129

https://bugzilla.novell.com/show_bug.cgi?id=396311

https://bugzilla.novell.com/show_bug.cgi?id=397097

https://bugzilla.novell.com/show_bug.cgi?id=398270

https://bugzilla.novell.com/show_bug.cgi?id=398370

https://bugzilla.novell.com/show_bug.cgi?id=398573

https://bugzilla.novell.com/show_bug.cgi?id=400728

https://bugzilla.novell.com/show_bug.cgi?id=400729

https://bugzilla.novell.com/show_bug.cgi?id=400730

https://bugzilla.novell.com/show_bug.cgi?id=402607

https://bugzilla.novell.com/show_bug.cgi?id=402608

https://bugzilla.novell.com/show_bug.cgi?id=402612

Plugin Details

Severity: Medium

ID: 40007

File Name: suse_11_0_kernel-080630.nasl

Version: 1.12

Type: local

Agent: unix

Published: 7/21/2009

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-vanilla, cpe:/o:novell:opensuse:11.0, p-cpe:/a:novell:opensuse:kernel-rt, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-xen

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 6/30/2008

Reference Information

CVE: CVE-2008-2372, CVE-2008-2826

CWE: 189, 20