slesp2-kernelSecurity update for the Linux kernelSecurity update for the Linux kernelThe Linux kernel on SUSE Linux Enterprise 10 Service Pack 2
was updated to fix various security issues and several bugs.
Following security issues were fixed: CVE-2009-0834: The
audit_syscall_entry function in the Linux kernel on the
x86_64 platform did not properly handle (1) a 32-bit
process making a 64-bit syscall or (2) a 64-bit process
making a 32-bit syscall, which allows local users to bypass
certain syscall audit configurations via crafted syscalls.
CVE-2009-1072: nfsd in the Linux kernel did not drop the
CAP_MKNOD capability before handling a user request in a
thread, which allows local users to create device nodes, as
demonstrated on a filesystem that has been exported with
the root_squash option.
CVE-2009-0835 The __secure_computing function in
kernel/seccomp.c in the seccomp subsystem in the Linux
kernel on the x86_64 platform, when CONFIG_SECCOMP is
enabled, does not properly handle (1) a 32-bit process
making a 64-bit syscall or (2) a 64-bit process making a
32-bit syscall, which allows local users to bypass intended
access restrictions via crafted syscalls that are
misinterpreted as (a) stat or (b) chmod.
CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS
in the Linux kernel 2.6.29 and earlier allows remote
attackers to cause a denial of service (crash) or potential
code execution via a long nativeFileSystem field in a Tree
Connect response to an SMB mount request.
This requires that kernel can be made to mount a "cifs"
filesystem from a malicious CIFS server.
CVE-2009-1337: The exit_notify function in kernel/exit.c in
the Linux kernel did not restrict exit signals when the
CAP_KILL capability is held, which allows local users to
send an arbitrary signal to a process by running a program
that modifies the exit_signal field and then uses an exec
system call to launch a setuid application.
CVE-2009-0859: The shm_get_stat function in ipc/shm.c in
the shm subsystem in the Linux kernel, when CONFIG_SHMEM is
disabled, misinterprets the data type of an inode, which
allows local users to cause a denial of service (system
hang) via an SHM_INFO shmctl call, as demonstrated by
running the ipcs program. (SUSE is enabling CONFIG_SHMEM,
so is by default not affected, the fix is just for
completeness).
The GCC option -fwrapv has been added to compilation to
work around potentially removing integer overflow checks.
CVE-2009-1265: Integer overflow in rose_sendmsg
(sys/net/af_rose.c) in the Linux kernel might allow
attackers to obtain sensitive information via a large
length value, which causes "garbage" memory to be sent.
Also a number of bugs were fixed, for details please see
the RPM changelog.
The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2
was updated to fix various security issues and several bugs.
Following security issues were fixed: CVE-2009-0834: The
audit_syscall_entry function in the Linux kernel on the
x86_64 platform did not properly handle (1) a 32-bit
process making a 64-bit syscall or (2) a 64-bit process
making a 32-bit syscall, which allows local users to bypass
certain syscall audit configurations via crafted syscalls.
CVE-2009-1072: nfsd in the Linux kernel did not drop the
CAP_MKNOD capability before handling a user request in a
thread, which allows local users to create device nodes, as
demonstrated on a filesystem that has been exported with
the root_squash option.
CVE-2009-0835 The __secure_computing function in
kernel/seccomp.c in the seccomp subsystem in the Linux
kernel on the x86_64 platform, when CONFIG_SECCOMP is
enabled, does not properly handle (1) a 32-bit process
making a 64-bit syscall or (2) a 64-bit process making a
32-bit syscall, which allows local users to bypass intended
access restrictions via crafted syscalls that are
misinterpreted as (a) stat or (b) chmod.
CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS
in the Linux kernel 2.6.29 and earlier allows remote
attackers to cause a denial of service (crash) or potential
code execution via a long nativeFileSystem field in a Tree
Connect response to an SMB mount request.
This requires that kernel can be made to mount a "cifs"
filesystem from a malicious CIFS server.
CVE-2009-1337: The exit_notify function in kernel/exit.c in
the Linux kernel did not restrict exit signals when the
CAP_KILL capability is held, which allows local users to
send an arbitrary signal to a process by running a program
that modifies the exit_signal field and then uses an exec
system call to launch a setuid application.
CVE-2009-0859: The shm_get_stat function in ipc/shm.c in
the shm subsystem in the Linux kernel, when CONFIG_SHMEM is
disabled, misinterprets the data type of an inode, which
allows local users to cause a denial of service (system
hang) via an SHM_INFO shmctl call, as demonstrated by
running the ipcs program. (SUSE is enabling CONFIG_SHMEM,
so is by default not affected, the fix is just for
completeness).
The GCC option -fwrapv has been added to compilation to
work around potentially removing integer overflow checks.
CVE-2009-1265: Integer overflow in rose_sendmsg
(sys/net/af_rose.c) in the Linux kernel might allow
attackers to obtain sensitive information via a large
length value, which causes "garbage" memory to be sent.
Also a number of bugs were fixed, for details please see
the RPM changelog.
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-debugx86_64faee3b8c073ebc03bd155367c5a09b70991e2966kernel-defaultx86_64cf4c5701d0fe13fe097aefd32a1ee67fbb298f0ckernel-kdumpx86_643ef047b477c68dddff5f8799acd9183f5f5007d8kernel-smpx86_64fd26f4ac169abf3c0585f748aba93fec01a7795fkernel-sourcex86_649da9ac693f906548b1ef5e2ff23c793ba0d92c2bkernel-symsx86_6421f38212820a82ce15af3fa0a920356c7055f8e9kernel-xenx86_64187ca9d438ddb57fb6e3a8a97af16adc7419274a