| Beschreibung: | Description:
The remote host is missing updates announced in
advisory SUSE-SA:2007:051.
The Linux kernel in SLE 10 and SUSE Linux 10.1 was updated to fix
various security issues and lots of bugs spotted after the Service
Pack 1 release.
This again aligns the SUSE Linux 10.1 kernel with the SLE 10 release
and for 10.1 contains kABI incompatible changes, requiring updated
kernel module packages. Our KMPs shipped with SUSE Linux 10.1 were
released at the same time, the NVIDIA, ATI and madwifi module owners
have been advised to update their repositories too.
Following security issues were fixed:
- CVE-2007-2242: The IPv6 protocol allows remote attackers to cause
a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0)
that create network amplification between two routers.
The default is that RH0 is disabled now. To adjust this, write to
the file /proc/net/accept_source_route6.
- CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1)
did not properly seed pools when there is no entropy, or (2) used
an incorrect cast when extracting entropy, which might have caused
the random number generator to provide the same values after reboots
on systems without an entropy source.
- CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking
could be caused by a remote attacker by sending specially crafted
packets.
Note that this requires SCTP set-up and active to be exploitable.
- CVE-2007-3105: Stack-based buffer overflow in the random number
generator (RNG) implementation in the Linux kernel before 2.6.22
might allow local root users to cause a denial of service or gain
privileges by setting the default wake-up threshold to a value
greater than the output pool size, which triggers writing random
numbers to the stack by the pool transfer function involving bound
check ordering.
Since this value can only be changed by a root user, exploitability
is low.
- CVE-2007-3107: The signal handling in the Linux kernel, when run on
PowerPC systems using HTX, allows local users to cause a denial of
service via unspecified vectors involving floating point corruption
and concurrency.
- CVE-2007-2525: Memory leak in the PPP over Ethernet (PPPoE) socket
implementation in the Linux kernel allowed local users to cause
a denial of service (memory consumption) by creating a socket
using connect, and releasing it before the PPPIOCGCHAN ioctl is
initialized.
- CVE-2007-3513: The lcd_write function in drivers/usb/misc/usblcd.c
in the Linux kernel did not limit the amount of memory used by
a caller, which allowed local users to cause a denial of service
(memory consumption).
- CVE-2007-3851: On machines with a Intel i965 based graphics card
local users with access to the direct rendering device node could
overwrite memory on the machine and so gain root privileges.
Additionally a huge number of bugs were fixed. These are listed in
the maintenance information links.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:051
Risk factor : High
CVSS Score:
7.8
|
