This update of the openSUSE 11.2 kernel fixes various bugs and lots of security issues. Following security issues have been fixed: CVE-2010-4258: A local attacker could use a Oops caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lead to privilege escalation together with other issues. CVE-2010-4160: A overflow in sendto and recvfrom routines was fixed that could be used by local attackers to potentially crash the kernel using some socket families like L2TP. CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc could lead to memory corruption in the GDTH driver. CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel did not properly restrict TCP_MAXSEG values, which allows local users to cause a denial of service via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. CVE-2010-4164: A remote attacker communicating over X.25 could cause a kernel panic by attempting to negotiate malformed facilities. CVE-2010-4175: A local attacker could cause memory overruns in the RDS protocol stack, potentially crashing the kernel. So far it is considered not to be exploitable. CVE-2010-3874: A minor heap overflow in the CAN network module was fixed. Due to nature of the memory allocator it is likely not exploitable. CVE-2010-3874: A minor heap overflow in the CAN network module was fixed. Due to nature of the memory allocator it is likely not exploitable. CVE-2010-4158: A memory information leak in Berkeley packet filter rules allowed local attackers to read uninitialized memory of the kernel stack. CVE-2010-4162: A local denial of service in the blockdevice layer was fixed. CVE-2010-4163: By submitting certain I/O requests with 0 length, a local user could have caused a kernel panic. CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel did not initialize a certain block of heap memory, which allowed local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value. CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted SNDRV_CTL_IOCTL_ELEM_ADD or SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. CVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed. CVE-2010-4078: The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. CVE-2010-4082: The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. CVE-2010-3067: Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. CVE-2010-3865: A iovec integer overflow in RDS sockets was fixed which could lead to local attackers gaining kernel privileges.