Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
This patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable release.
It also includes bugfixes and security fixes:
CVE-2008-4410: The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state.
CVE-2008-4618: Fixed a kernel panic in SCTP while process protocol violation parameter.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->
i_size and dir->
i_blocks, a user performing
either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile.
CVE-2008-3526: Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-4576: SCTP in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
CVE-2008-4445: The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.
CVE-2008-3792: net/sctp/socket.c in the Stream Control Transmission Pro ...
Description truncated, for more information please check the Reference URL
Affected
kernel on openSUSE 11.0
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3525, CVE-2008-3526, CVE-2008-3528, CVE-2008-3792, CVE-2008-3911, CVE-2008-4113, CVE-2008-4410, CVE-2008-4445, CVE-2008-4576, CVE-2008-4618 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities