sledp2-kernelSecurity update for Linux kernelSecurity update for Linux kernelThis kernel update for SUSE Linux Enterprise 10 Service
Pack 2 fixes various bugs and some security problems:
CVE-2008-4210: When creating a file, open()/creat() allowed
the setgid bit to be set via the mode argument even when,
due to the bsdgroups mount option or the file being created
in a setgid directory, the new file's group is one which
the user is not a member of. The local attacker could then
use ftruncate() and memory-mapped I/O to turn the new file
into an arbitrary binary and thus gain the privileges of
this group, since these operations do not clear the setgid
bit."
CVE-2008-3528: The ext[234] filesystem code fails to
properly handle corrupted data structures. With a mounted
filesystem image or partition that have corrupted
dir->i_size and dir->i_blocks, a user performing either a
read or write operation on the mounted image or partition
can lead to a possible denial of service by spamming the
logfile.
CVE-2008-1514: The S/390 ptrace code allowed local users to
cause a denial of service (kernel panic) via the
user-area-padding test from the ptrace testsuite in 31-bit
mode, which triggers an invalid dereference.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the
Linux kernel did not properly zero out the dio struct,
which allows local users to cause a denial of service
(OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in
sbni_ioctl().
Also OCFS2 was updated to version v1.4.1-1.
The full amount of changes can be reviewed in the RPM
changelog.
This kernel update for SUSE Linux Enterprise 10 Service
Pack 2 fixes various bugs and some security problems:
CVE-2008-4210: When creating a file, open()/creat() allowed
the setgid bit to be set via the mode argument even when,
due to the bsdgroups mount option or the file being created
in a setgid directory, the new file's group is one which
the user is not a member of. The local attacker could then
use ftruncate() and memory-mapped I/O to turn the new file
into an arbitrary binary and thus gain the privileges of
this group, since these operations do not clear the setgid
bit."
CVE-2008-3528: The ext[234] filesystem code fails to
properly handle corrupted data structures. With a mounted
filesystem image or partition that have corrupted
dir->i_size and dir->i_blocks, a user performing either a
read or write operation on the mounted image or partition
can lead to a possible denial of service by spamming the
logfile.
CVE-2008-1514: The S/390 ptrace code allowed local users to
cause a denial of service (kernel panic) via the
user-area-padding test from the ptrace testsuite in 31-bit
mode, which triggers an invalid dereference.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the
Linux kernel did not properly zero out the dio struct,
which allows local users to cause a denial of service
(OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in
sbni_ioctl().
Also OCFS2 was updated to version v1.4.1-1.
The full amount of changes can be reviewed in the RPM
changelog.
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-defaultx86_648f168f87cba3b0c982f88ed6519c0039b1fc08b2kernel-smpx86_643b255435a2c094a3d1dafd15b71b1f910aa5fcb5kernel-sourcex86_64d886e2bf32f7d91cb934d985b8efea8a736d50b8kernel-symsx86_64eccd6b7a604bd28c911c4b516759d2603ca1bbcekernel-xenx86_643d2922f86bed6d0ac421d49093e5de130edef60e