Verfasst: 08.09.2010, 18:42
Linux Kernel: Security/Bugfix update to 2.6.34.4
This update of the openSUSE 11.3 kernel brings the kernel
to version 2.6.34.4 and contains a lot of bug and security
fixes
CVE-2010-3110: Missing bounds checks in several ioctls of
the Novell Client novfs /proc interface allowed
unprivileged local users to crash the kernel or even
execute code in kernel context.
CVE-2010-2524: a malicious local user could fill the cache
used by CIFS do perform dns lookups with chosen data,
therefore tricking the kernel into mounting a wrong CIFS
server.
CVE-2010-2798: a local user could trigger a NULL derefence
on a gfs2 file system
CVE-2010-2537: a local user could overwrite append-only
files on a btrfs file system
CVE-2010-2538: a local user could read kernel memory of a
btrfs file system
This update of the openSUSE 11.3 kernel brings the kernel
to version 2.6.34.4 and contains a lot of bug and security
fixes
CVE-2010-3110: Missing bounds checks in several ioctls of
the Novell Client novfs /proc interface allowed
unprivileged local users to crash the kernel or even
execute code in kernel context.
CVE-2010-2524: a malicious local user could fill the cache
used by CIFS do perform dns lookups with chosen data,
therefore tricking the kernel into mounting a wrong CIFS
server.
CVE-2010-2798: a local user could trigger a NULL derefence
on a gfs2 file system
CVE-2010-2537: a local user could overwrite append-only
files on a btrfs file system
CVE-2010-2538: a local user could read kernel memory of a
btrfs file system