sledp2-kernelSecurity update for Linux kernelSecurity update for Linux kernelThis Linux kernel update for SUSE Linux Enterprise 10
Service Pack 2 fixes various bugs and several security
issues.
Following security issues were fixed: CVE-2009-0675: The
skfp_ioctl function in drivers/net/skfp/skfddi.c in the
Linux kernel permits SKFP_CLR_STATS requests only when the
CAP_NET_ADMIN capability is absent, instead of when this
capability is present, which allows local users to reset
the driver statistics, related to an "inverted logic" issue.
CVE-2009-0676: The sock_getsockopt function in
net/core/sock.c in the Linux kernel does not initialize a
certain structure member, which allows local users to
obtain potentially sensitive information from kernel memory
via an SO_BSDCOMPAT getsockopt request.
CVE-2009-0028: The clone system call in the Linux kernel
allows local users to send arbitrary signals to a parent
process from an unprivileged child process by launching an
additional child process with the CLONE_PARENT flag, and
then letting this new process exit.
CVE-2008-1294: The Linux kernel does not check when a user
attempts to set RLIMIT_CPU to 0 until after the change is
made, which allows local users to bypass intended resource
limits.
CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns.c
in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel allows remote attackers
to have an unknown impact via an FWD-TSN (aka FORWARD-TSN)
chunk with a large stream ID.
CVE-2009-1046: The console selection feature in the Linux
kernel when the UTF-8 console is used, allows physically
proximate attackers to cause a denial of service (memory
corruption) by selecting a small number of 3-byte UTF-8
characters, which triggers an an off-by-two memory error.
It is is not clear if this can be exploited at all.
Also a huge number of regular bugs were fixed, please see
the RPM changelog for full details.
This Linux kernel update for SUSE Linux Enterprise 10
Service Pack 2 fixes various bugs and several security
issues.
Following security issues were fixed: CVE-2009-0675: The
skfp_ioctl function in drivers/net/skfp/skfddi.c in the
Linux kernel permits SKFP_CLR_STATS requests only when the
CAP_NET_ADMIN capability is absent, instead of when this
capability is present, which allows local users to reset
the driver statistics, related to an "inverted logic" issue.
CVE-2009-0676: The sock_getsockopt function in
net/core/sock.c in the Linux kernel does not initialize a
certain structure member, which allows local users to
obtain potentially sensitive information from kernel memory
via an SO_BSDCOMPAT getsockopt request.
CVE-2009-0028: The clone system call in the Linux kernel
allows local users to send arbitrary signals to a parent
process from an unprivileged child process by launching an
additional child process with the CLONE_PARENT flag, and
then letting this new process exit.
CVE-2008-1294: The Linux kernel does not check when a user
attempts to set RLIMIT_CPU to 0 until after the change is
made, which allows local users to bypass intended resource
limits.
CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns.c
in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel allows remote attackers
to have an unknown impact via an FWD-TSN (aka FORWARD-TSN)
chunk with a large stream ID.
CVE-2009-1046: The console selection feature in the Linux
kernel when the UTF-8 console is used, allows physically
proximate attackers to cause a denial of service (memory
corruption) by selecting a small number of 3-byte UTF-8
characters, which triggers an an off-by-two memory error.
It is is not clear if this can be exploited at all.
Also a huge number of regular bugs were fixed, please see
the RPM changelog for full details.
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-defaultx86_64a815a71cbfeba70e8336ab55877c5c2eebf997bekernel-smpx86_646907f91337653721d18f6d671876eff7b2e50faakernel-sourcex86_6422cadc912d6f6b1989aabb045390f5af215194b5kernel-symsx86_643dfa24f172d8e53f6e4852d545d9616c3365c058kernel-xenx86_646a39d42aac55110c40a73d975566b6b68f1164ef