Verfasst: 10.02.2010, 00:45
Linux Kernel: Security/Bugfix update to 2.6.31.12
This update of the openSUSE 11.2 kernel brings the kernel
to version 2.6.31.12 and contains a lot of bug and security
fixes.
CVE-2010-0299: The permission of the devtmpfs root
directory was incorrectly 1777 (instead of 755). If it was
used, local attackers could escalate privileges. (openSUSE
11.2 does not use this filesystem by default).
CVE-2009-3939: The poll_mode_io file for the megaraid_sas
driver in the Linux kernel 2.6.31.6 and earlier has
world-writable permissions, which allows local users to
change the I/O mode of the driver by modifying this file.
CVE-2010-0007: ebtables was lacking a CAP_NET_ADMIN check,
making it possible for local unprivileged attackers to
modify the network bridge management.
CVE-2010-0003: An information leakage on fatal signals on
x86_64 machines was fixed.
CVE-2009-4141: A race condition in fasync handling could be
used by local attackers to crash the machine or potentially
execute code.
CVE-2010-0006: The ipv6_hop_jumbo function in
net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4,
when network namespaces are enabled, allows remote
attackers to cause a denial of service (NULL pointer
dereference) via an invalid IPv6 jumbogram.
CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000
driver in the Linux kernel 2.6.32.3 and earlier handles
Ethernet frames that exceed the MTU by processing certain
trailing payload data as if it were a complete frame, which
allows remote attackers to bypass packet filters via a
large packet with a crafted payload.
CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e
driver in the Linux kernel 2.6.32.3 and earlier does not
properly check the size of an Ethernet frame that exceeds
the MTU, which allows remote attackers to have an
unspecified impact via crafted packets.
This update of the openSUSE 11.2 kernel brings the kernel
to version 2.6.31.12 and contains a lot of bug and security
fixes.
CVE-2010-0299: The permission of the devtmpfs root
directory was incorrectly 1777 (instead of 755). If it was
used, local attackers could escalate privileges. (openSUSE
11.2 does not use this filesystem by default).
CVE-2009-3939: The poll_mode_io file for the megaraid_sas
driver in the Linux kernel 2.6.31.6 and earlier has
world-writable permissions, which allows local users to
change the I/O mode of the driver by modifying this file.
CVE-2010-0007: ebtables was lacking a CAP_NET_ADMIN check,
making it possible for local unprivileged attackers to
modify the network bridge management.
CVE-2010-0003: An information leakage on fatal signals on
x86_64 machines was fixed.
CVE-2009-4141: A race condition in fasync handling could be
used by local attackers to crash the machine or potentially
execute code.
CVE-2010-0006: The ipv6_hop_jumbo function in
net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4,
when network namespaces are enabled, allows remote
attackers to cause a denial of service (NULL pointer
dereference) via an invalid IPv6 jumbogram.
CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000
driver in the Linux kernel 2.6.32.3 and earlier handles
Ethernet frames that exceed the MTU by processing certain
trailing payload data as if it were a complete frame, which
allows remote attackers to bypass packet filters via a
large packet with a crafted payload.
CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e
driver in the Linux kernel 2.6.32.3 and earlier does not
properly check the size of an Ethernet frame that exceeds
the MTU, which allows remote attackers to have an
unspecified impact via crafted packets.