remote denial of service in kernel

This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. Following security issues were fixed: CVE-2010-2521: A crafted NFS write request might have caused a buffer overwrite, potentially causing a kernel crash. CVE-2008-0598: The x86_64 copy_to_user implementation might have leaked kernel memory depending on specific user buffer setups. CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel did not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing ‘\0’ characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. CVE-2010-1188: Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a listening socket, allowed remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed. CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel did not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allowed local users to cause a denial of service (“overflow” of the UBIFS orphan area) via a series of attempted file creations within deleted directories. CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel did not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this files permissions, a related issue to CVE-2010-0727. CVE-2007-6206: The do_coredump function in fs/exec.c in Linux kernel did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might have allowed local users to obtain sensitive information. CVE-2010-1088: fs/namei.c in the Linux kernel did not always follow NFS automount “symlinks,” which allowed attackers to have an unknown impact, related to LOOKUP_FOLLOW. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-1083: The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel did not clear the transfer buffer before returning to userspace when a USB command fails, which might have made it easier for physically proximate attackers to obtain sensitive information (kernel memory).

Solution

There is no known workaround, please install the update packages.