sledp3-kernelSecurity update for the Linux kernel
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes
several security issues and bugs.
Following security issues were fixed:
*
CVE-2010-4258: A local attacker could use a Oops (kernel crash)
caused by other flaws to write a 0 byte to a attacker controlled
address in the kernel. This could lead to privilege escalation
together with other issues.
*
CVE-2010-3699: The backend driver in Xen 3.x allows guest OS users to
cause a denial of service via a kernel thread leak, which prevents
the device and guest OS from being shut down or create a zombie
domain, causes a hang in zenwatch, or prevents unspecified xm
commands from working properly, related to (1) netback, (2) blkback,
or (3) blktap.
*
CVE-2010-3849: The econet_sendmsg function in net/econet/af_econet.c
in the Linux kernel, when an econet address is configured, allowed
local users to cause a denial of service (NULL pointer dereference
and OOPS) via a sendmsg call that specifies a NULL value for the
remote address field.
*
CVE-2010-3848: Stack-based buffer overflow in the econet_sendmsg
function in net/econet/af_econet.c in the Linux kernel when an econet
address is configured, allowed local users to gain privileges by
providing a large number of iovec structures.
*
CVE-2010-3850: The ec_dev_ioctl function in net/econet/af_econet.c in
the Linux kernel did not require the CAP_NET_ADMIN capability, which
allowed local users to bypass intended access restrictions and
configure econet addresses via an SIOCSIFADDR ioctl call.
*
CVE-2010-4160: A overflow in sendto() and recvfrom() routines was
fixed that could be used by local attackers to potentially crash the
kernel using some socket families like L2TP.
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-defaultx86_6413afdd4f934ce723ec260a88feabda76e9723976kernel-smpx86_644789d0480d6bba14e89a25676147698617146a5akernel-sourcex86_640fbd2241c41bba081b6e5d2fb291661af2a87afckernel-symsx86_64b5bcc33efb61b153fae13c30f132c9c7fb175a1dkernel-xenx86_64563ccf668ff308b285473ada4948a6ce4ba88bf1