Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
The Linux kernel update was updated on openSUSE 10.2 and 10.3 to fix the following security problems:
CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine.
CVE-2007-6282: A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall).
CVE-2007-5904: A remote buffer overflow in CIFS was fixed which could potentially be used by remote attackers to crash the machine or potentially execute code.
CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine.
CVE-2008-2358: A security problem in DCCP was fixed, which could be used by remote attackers to crash the machine. Only a fix for openSUSE 10.2 was necessary.
CVE-2008-2148: The permission checking in sys_utimensat was incorrect and local attackers could change the file times of files they do not own to the current time.
CVE-2007-6206: An information leakage during core dumping of root processes was fixed. This problem was already fixed for openSUSE 10.3 previously and was now fixed for openSUSE 10.2.
CVE-2007-6712: A integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.
CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking.
CVE-2008-1367: Clear the "
direction"
flag before calling signal
handlers. For specific not yet identified programs under specific timing conditions this could potentially have caused memory corruption or code execution.
CVE-2008-1375: Fixed a dnotify race condition, which could be used by local attackers to potentially execute code.
CVE-2007-5500: A ptrace bug could be used by local attackers to hang their own processes indefinitely.
Also various non security bugs were fixed, please see the RPM changelogs.
Affected
kernel on openSUSE 10.2, openSUSE 10.3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5500, CVE-2007-5904, CVE-2007-6206, CVE-2007-6282, CVE-2007-6712, CVE-2008-0600, CVE-2008-1367, CVE-2008-1375, CVE-2008-1615, CVE-2008-1669, CVE-2008-2136, CVE-2008-2148, CVE-2008-2358 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities