SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)


This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems : - When creating a file, open()/creat() allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, the new file's group is one which the user is not a member of. The local attacker could then use ftruncate() and memory-mapped I/O to turn the new file into an arbitrary binary and thus gain the privileges of this group, since these operations do not clear the setgid bit.'. (CVE-2008-4210) - The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. (CVE-2008-3528) - The S/390 ptrace code allowed local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference. (CVE-2008-1514) - fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. (CVE-2007-6716) - Added missing capability checks in sbni_ioctl(). (CVE-2008-3525) Also OCFS2 was updated to version v1.4.1-1. The full amount of changes can be reviewed in the RPM changelog.