SUSE-SA:2010:031 -- SUSE kernel remote denial of service
|ID: oval:org.secpod.oval:def:400050||Date: (C)2012-01-31 (M)2017-10-04|
|Class: PATCH||Family: unix|
The SUSE Linux Enterprise 11 GA Kernel was updated to 220.127.116.11 fixing various bugs and security issues. CVE-2010-1641: The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in the Linux kernel allows attackers to cause a denial of service via unknown vectors related to truncating a file and an operation that is not interruptible. CVE-2010-1643: mm/shmem.c in the Linux kernel, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2010-1437: Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. CVE-2010-1446: arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke. CVE-2010-1162: The release_one_tty function in drivers/char/tty_io.c in the Linux kernel omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors. CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to cause a denial of service via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or cause a denial of service via a packet with a crafted size, in conjunction with certain packets containing "0" characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. Code execution might be possible.