Lucene search

HistoryAug 20, 2009 - 4:02 p.m.

local privilege escalation in kernel


0.138 Low




The Linux kernel update fixes the following security issues: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1389: A crash on r8169 network cards when receiving large packets was fixed. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in certain address ranges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver [SLE10-SP2, SLE11, openSUSE] CVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible if ecryptfs is in use. [SLE11, openSUSE] CVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible if ecryptfs is in use. [SLE11, openSUSE] (no CVE assigned yet): An information leak from using sigaltstack. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket option [openSUSE 10.3 only] CVE-2009-1895: Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed. [openSUSE 11.0 only] CVE-2009-1046: utf-8 console memory corruption that can be used for local privilege escalation [openSUSE 11.0 only] CVE-2008-5033: Oops in video4linux tvaudio [openSUSE 11.0 only] CVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. [openSUSE 11.0 only] The mmap_min_addr sysctl is now enabled by default to protect against kernel NULL page exploits. [SLE11, openSUSE 11.0-11.1] The -fno-delete-null-pointer-checks compiler option is now used to build the kernel to avoid gcc optimizing away NULL pointer checks. Also -fwrapv is now used everywhere. [SLES9, SLES10-SP2, SLE11, openSUSE] The kernel update also contains numerous other, non-security bug fixes. Please refer to the rpm changelog for a detailed list.


There is no known workaround against all of the listed issues, please install the updated packages.