| Beschreibung: | Description:
The remote host is missing updates announced in
advisory SUSE-SA:2008:037.
The openSUSE 11.0 kernel was updated to 2.6.25.11-0.1.
It fixes following security problems:
CVE-2008-2812: Various tty / serial devices did not check
function pointers for NULL before calling them, leading to potential
crashes or code execution. The devices affected are usually only
accessible by the root user though.
CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c
in the Linux kernel allows remote attackers to cause a denial of
service (kernel heap memory corruption and system crash) and possibly
have unspecified other impact via a crafted PPPOL2TP packet that
results in a large value for a certain length variable.
CVE-2008-3247: On x86_64 systems, a incorrect buffer size in LDT
handling might lead to local untrusted attackers causing a crash
of the machine or potentially execute code with kernel privileges.
This problem only affects the openSUSE 11.0 kernel, since the problem
was introduced in the 2.6.25 kernel.
The update also has lots of other bugfixes that are listed in the
RPM changelog.
We previously also released a 2.6.25.9-0.2 kernel but did not
separately announce it. That update fixed the following security
problems:
CVE-2008-2372: A resource starvation issue within mmap was fixed,
which could have been used by local attackers to hang the machine.
CVE-2008-2826: A integer overflow in SCTP was fixed, which might have
been used by remote attackers to crash the machine or potentially
execute code.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2008:037
Risk factor : High
CVSS Score:
7.8
|
