SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)

high Nessus Plugin ID 46252

Language:

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS.

The following security issues were fixed :

- drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. (CVE-2009-4537)

- The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the Linux kernel arlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
(CVE-2010-1086)

- fs/namei.c in Linux kernel does not always follow NFS automount 'symlinks,' which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.
(CVE-2010-1088)

- Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020)

- The processcompl_compat function in drivers/usb/core/devio.c in the Linux kernel does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). (CVE-2010-1083)

- drivers/connector/connector.c in the Linux kernel allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410)

Solution

Apply ZYPP patch number 7011.

See Also

http://support.novell.com/security/cve/CVE-2009-4020.html

http://support.novell.com/security/cve/CVE-2009-4537.html

http://support.novell.com/security/cve/CVE-2010-0410.html

http://support.novell.com/security/cve/CVE-2010-1083.html

http://support.novell.com/security/cve/CVE-2010-1086.html

http://support.novell.com/security/cve/CVE-2010-1088.html

Plugin Details

Severity: High

ID: 46252

File Name: suse_kernel-7011.nasl

Version: 1.17

Type: local

Agent: unix

Published: 5/7/2010

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 4/29/2010

Reference Information

CVE: CVE-2009-4020, CVE-2009-4537, CVE-2010-0410, CVE-2010-1083, CVE-2010-1086, CVE-2010-1088

CWE: 119, 20, 399