local privilege escalation

Please Install the Updated Packages.

This update of the openSUSE 11.3 kernel brings the kernel to version 2.6.34.4 and contains a lot of bug and security fixes CVE-2010-3110: Missing bounds checks in several ioctls of the Novell Client novfs /proc interface allowed unprivileged local users to crash the kernel or even execute code in kernel context. The affected module is only loaded when the Novell Client stack is configured. CVE-2010-2524: A malicious local user could fill the cache used by CIFS do perform dns lookups with chosen data, therefore tricking the kernel into mounting a wrong CIFS server. CVE-2010-2798: A local user could trigger a NULL dereference on a gfs2 file system. CVE-2010-2537: A local user could overwrite append-only files on a btrfs file system. CVE-2010-2538: A local user could read kernel memory of a btrfs file system.

kernel on openSUSE 11.3

• http://www.novell.com/linux/security/advisories/2010_39_kernel.html

---

Updated on 2015-03-25