slesp2-kernelSecurity update for Linux kernelSecurity update for Linux kernelThis patch updates the SUSE Linux Enterprise 10 SP2 kernel
to fix various bugs and some security issues.
Following security issues were fixed: CVE-2009-2692: A
missing NULL pointer check in the socket sendpage function
can be used by local attackers to gain root privileges.
(No cve yet) A information leak from using sigaltstack was
fixed.
Enabled -fno-delete-null-pointer-checks to avoid optimizing
away NULL pointer checks and fixed Makefiles to make sure
-fwrapv is used everywhere.
CVE-2009-1758: The hypervisor_callback function in Xen
allows guest user applications to cause a denial of service
(kernel oops) of the guest OS by triggering a segmentation
fault in "certain address ranges."
CVE-2009-1389: A crash on r8169 network cards when
receiving large packets was fixed.
CVE-2009-1630: The nfs_permission function in fs/nfs/dir.c
in the NFS client implementation in the Linux kernel, when
atomic_open is available, does not check execute (aka EXEC
or MAY_EXEC) permission bits, which allows local users to
bypass permissions and execute files, as demonstrated by
files on an NFSv4 fileserver
This patch updates the SUSE Linux Enterprise 10 SP2 kernel
to fix various bugs and some security issues.
Following security issues were fixed: CVE-2009-2692: A
missing NULL pointer check in the socket sendpage function
can be used by local attackers to gain root privileges.
(No cve yet) A information leak from using sigaltstack was
fixed.
Enabled -fno-delete-null-pointer-checks to avoid optimizing
away NULL pointer checks and fixed Makefiles to make sure
-fwrapv is used everywhere.
CVE-2009-1758: The hypervisor_callback function in Xen
allows guest user applications to cause a denial of service
(kernel oops) of the guest OS by triggering a segmentation
fault in "certain address ranges."
CVE-2009-1389: A crash on r8169 network cards when
receiving large packets was fixed.
CVE-2009-1630: The nfs_permission function in fs/nfs/dir.c
in the NFS client implementation in the Linux kernel, when
atomic_open is available, does not check execute (aka EXEC
or MAY_EXEC) permission bits, which allows local users to
bypass permissions and execute files, as demonstrated by
files on an NFSv4 fileserver
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-debugx86_6413199237bc7e97913c4eb038e58d6e0b74257bafkernel-defaultx86_6419e7d3797239529c9e02be0c98ee1f5685a9eecbkernel-kdumpx86_644a8b3b2ce4a1a7309f2ba93c9e05a6d424e55418kernel-smpx86_64dd4af877194b1ec95e2e82d90c381afe766465dekernel-sourcex86_64395bd41bb6c834cd2e9413dc511a64335a9474a2kernel-symsx86_64141da3365a715cb70fab6faf3c81dd301eae4a5akernel-xenx86_64f23c6c99cf1df9f29358f490aae5e5cfb63eb0b2