| Beschreibung: | Description:
The remote host is missing updates announced in
advisory SUSE-SA:2010:016.
The openSUSE 11.0 kernel was updated to fix following security issues:
CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the
Linux kernel 2.6.32 allows remote attackers to have an unspecified impact
via a crafted Hierarchical File System (HFS) filesystem, related to the
hfs_readdir function in fs/hfs/dir.c.
CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the
Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that
the ELF interpreter is available before a call to the SET_PERSONALITY
macro, which allows local users to cause a denial of service (system
crash) via a 32-bit application that attempts to execute a 64-bit
application and then triggers a segmentation fault, as demonstrated by
amd64_killer, related to the flush_old_exec function.
CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the
Linux kernel before 2.6.33-rc7 does not properly handle certain unlock
operations for a Priority Inheritance (PI) futex, which allows local
users to cause a denial of service (OOPS) and possibly have unspecified
other impact via vectors involving modification of the futex value from
user space.
CVE-2010-0410: drivers/connector/connector.c in the Linux kernel
before 2.6.32.8 allows local users to cause a denial of service (memory
consumption and system crash) by sending the kernel many NETLINK_CONNECTOR
messages.
CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux
kernel before 2.6.33-rc7 does not validate node values, which allows
local users to read arbitrary kernel memory locations, cause a denial of
service (OOPS), and possibly have unspecified other impact by specifying
a node that is not part of the kernel's node set.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2010:016
Risk factor : High
CVSS Score:
7.8
|
