SUSE-SA:2009:032 -- SUSE kernel remote code execution
|ID: oval:org.secpod.oval:def:400081||Date: (C)2012-01-31 (M)2017-10-04|
|Class: PATCH||Family: unix|
This Linux kernel update for SUSE Linux Enterprise 11 and openSUSE 11.1 fixes lots of bugs and some security issues. The kernel was also updated to the 18.104.22.168 stable release. Following security issues have been fixed: CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. This requires that kernel can be made to mount a &qt cifs &qt filesystem from a malicious CIFS server. CVE-2009-1337: The exit_notify function in kernel/exit.c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks. CVE-2009-1265: Integer overflow in rose_sendmsg in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes &qt garbage &qt memory to be sent. CVE-2009-1242: The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel on the i386 platform allows guest OS users to cause a denial of service by setting the EFER_LME bit in the Extended Feature Enable Register model-specific register, which is specific to the x86_64 platform. CVE-2009-1360: The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel, when Network Namespace Support is enabled, allows remote attackers to cause a denial of service via vectors involving IPv6 packets. CVE-2009-1192: drivers/char/agp/generic.c in the agp subsystem in the Linux kernel does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Additionally a lot of bugs have been fixed and are listed in the RPM changelog.