The remote host is missing updates announced in advisory SUSE-SA:2004:037.
An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.
We would like to thank Richard Hart for reporting the problem.
This problem has already been fixed in the 2.6.8 upstream Linux kernel, this update contains a backport of the fix.
Products running a 2.4 kernel are not affected.
Mitre has assigned the CVE ID CVE-2004-0816 for this problem.
Additionaly Martin Schwidefsky of IBM found an incorrectly handled privileged instruction which can lead to a local user gaining root user privileges.
This only affects the SUSE Linux Enterprise Server 9 on the S/390 platform and has been assigned CVE ID CVE-2004-0887.
Additionaly the following non-security bugs were fixed:
- Two CD burning problems.
- USB 2.0 stability problems under high load on SMP systems.
- Several SUSE Linux Enterprise Server issues. (see the Maintenance Information Mail for more informations).
Solution: Update your system with the packages as indicated in the referenced security advisory.