| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The openSUSE 11.3 kernel was updated to fix various bugs
and security issues.
The following security issues have been fixed: CVE-2011-4604:
If root does read() on a specific socket, it's possible to
corrupt (kernel) memory over network, with an ICMP packet,
if the B.A.T.M.A.N. mesh protocol is used.
CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function
in the Linux kernels packet scheduler API implementation to
be called on built-in qdisc structures. A local,
unprivileged user could have used this flaw to trigger a
NULL pointer dereference, resulting in a denial of service.
CVE-2011-2699: Fernando Gont discovered that the IPv6 stack
used predictable fragment identification numbers. A remote
attacker could exploit this to exhaust network resources,
leading to a denial of service.
CVE-2011-2213: The inet_diag_bc_audit function in
net/ipv4/inet_diag.c in the Linux kernel did not properly
audit INET_DIAG bytecode, which allowed local users to
cause a denial of service (kernel infinite loop) via
crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
message, as demonstrated by an INET_DIAG_BC_JMP instruction
with a zero yes value, a different vulnerability than
CVE-2010-3880.
CVE-2011-1576: The Generic Receive Offload (GRO)
implementation in the Linux kernel allowed remote attackers
to cause a denial of service via crafted VLAN packets that
are processed by the napi_reuse_skb function, leading to
(1) a memory leak or (2) memory corruption, a different
vulnerability than CVE-2011-1478.
CVE-2011-2534: Buffer overflow in the clusterip_proc_write
function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux
kernel might have allowed local users to cause a denial of
service or have unspecified other impact via a crafted
write operation, related to string data that lacks a
terminating '\0' character.
CVE-2011-1770: Integer underflow in the dccp_parse_options
function (net/dccp/options.c) in the Linux kernel allowed
remote attackers to cause a denial of service via a
Datagram Congestion Control Protocol (DCCP) packet with an
invalid feature options length, which triggered a buffer
over-read.
CVE-2011-2723: The skb_gro_header_slow function in
include/linux/netdevice.h in the Linux kernel, when Generic
Receive Offload (GRO) is enabled, reset certain fields in
incorrect situations, which allowed remote attackers to
cause a denial of service (system crash) via crafted
network traffic.
CVE-2011-2898: A kernel information leak in the AF_PACKET
protocol was fixed which might have allowed local attackers
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on openSUSE 11.3
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
