sdkp2-kernelSecurity update for Linux kernelSecurity update for Linux kernelThe SUSE Linux Enterprise 10 Service Pack 2 kernel was
updated to fix some security issues and various bugs.
The following security problems have been fixed:
CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed
local users to cause a denial of service (kernel infinite
loop) by making two calls to svc_listen for the same
socket, and then reading a /proc/net/atm/ *vc file, related
to corruption of the vcc table.
CVE-2008-5029: The __scm_destroy function in net/core/scm.c
makes indirect recursive calls to itself through calls to
the fput function, which allows local users to cause a
denial of service (panic) via vectors related to sending an
SCM_RIGHTS message through a UNIX domain socket and closing
file descriptors.
CVE-2008-4933: Buffer overflow in the hfsplus_find_cat
function in fs/hfsplus/catalog.c allowed attackers to cause
a denial of service (memory corruption or system crash) via
an hfsplus filesystem image with an invalid catalog
namelength field, related to the hfsplus_cat_build_key_uni
function.
CVE-2008-5025: Stack-based buffer overflow in the
hfs_cat_find_brec function in fs/hfs/catalog.c allowed
attackers to cause a denial of service (memory corruption
or system crash) via an hfs filesystem image with an
invalid catalog namelength field, a related issue to
CVE-2008-4933.
CVE-2008-5182: The inotify functionality might allow local
users to gain privileges via unknown vectors related to
race conditions in inotify watch removal and umount.
A lot of other bugs were fixed, a detailed list can be
found in the RPM changelog.
The SUSE Linux Enterprise 10 Service Pack 2 kernel was
updated to fix some security issues and various bugs.
The following security problems have been fixed:
CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed
local users to cause a denial of service (kernel infinite
loop) by making two calls to svc_listen for the same
socket, and then reading a /proc/net/atm/ *vc file, related
to corruption of the vcc table.
CVE-2008-5029: The __scm_destroy function in net/core/scm.c
makes indirect recursive calls to itself through calls to
the fput function, which allows local users to cause a
denial of service (panic) via vectors related to sending an
SCM_RIGHTS message through a UNIX domain socket and closing
file descriptors.
CVE-2008-4933: Buffer overflow in the hfsplus_find_cat
function in fs/hfsplus/catalog.c allowed attackers to cause
a denial of service (memory corruption or system crash) via
an hfsplus filesystem image with an invalid catalog
namelength field, related to the hfsplus_cat_build_key_uni
function.
CVE-2008-5025: Stack-based buffer overflow in the
hfs_cat_find_brec function in fs/hfs/catalog.c allowed
attackers to cause a denial of service (memory corruption
or system crash) via an hfs filesystem image with an
invalid catalog namelength field, a related issue to
CVE-2008-4933.
CVE-2008-5182: The inotify functionality might allow local
users to gain privileges via unknown vectors related to
race conditions in inotify watch removal and umount.
A lot of other bugs were fixed, a detailed list can be
found in the RPM changelog.
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-debugi5861942ae1a8b8447c28f52ca02c9a2262655392299kernel-kdumpi586821108ffe6a07a448f67cd8c2e365a1b9e1c3bb1kernel-xeni58670404abc47575bd465d22131ad7f36f6e05eab89kernel-xenpaei586d03a5a0a966dd24b1a79d8e56eb84e919078515b