| Description: | The remote host is missing updates announced in
advisory SUSE-SA:2010:031.
The SUSE Linux Enterprise 11 GA Kernel was updated to 2.6.27.48 fixing
various bugs and security issues.
CVE-2010-1641: The do_gfs2_set_flags function in fs/gfs2/file.c in the
Linux kernel does not verify the ownership of a file, which allows
local users to bypass intended access restrictions via a SETFLAGS
ioctl request.
CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in
the Linux kernel allows attackers to cause a denial of service (Oops)
via unknown vectors related to truncating a file and an operation
that is not interruptible.
CVE-2010-1643: mm/shmem.c in the Linux kernel, when strict overcommit
is enabled, does not properly handle the export of shmemfs objects
by knfsd, which allows attackers to cause a denial of service (NULL
pointer dereference and knfsd crash) or possibly have unspecified
other impact via unknown vectors.
CVE-2010-1437: Race condition in the find_keyring_by_name function
in security/keys/keyring.c in the Linux kernel allows local users
to cause a denial of service (memory corruption and system crash)
or possibly have unspecified other impact via keyctl session commands
that trigger access to a dead keyring that is undergoing deletion by
the key_cleanup function.
CVE-2010-1446: arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel,
when running on PowerPC, does not properly perform a security check
for access to a kernel page, which allows local users to overwrite
arbitrary kernel memory, related to Fsl booke.
CVE-2010-1162: The release_one_tty function in drivers/char/tty_io.c in
the Linux kernel omits certain required calls to the put_pid function,
which has unspecified impact and local attack vectors.
CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux
kernel does not properly check the size of an Ethernet frame that
exceeds the MTU, which allows remote attackers to (1) cause a denial
of service (temporary network outage) via a packet with a crafted size,
in conjunction with certain packets containing A characters and certain
packets containing E characters
or (2) cause a denial of service
(system crash) via a packet with a crafted size, in conjunction with
certain packets containing '0' characters, related to the value of the
status register and erroneous behavior associated with the RxMaxSize
register. NOTE: this vulnerability exists because of an incorrect
fix for CVE-2009-1389. Code execution might be possible.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2010:031
Risk factor : High |
