Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and by malicious people to cause a DoS.
59b5189c78026cf88ebfe8b25c1353bdcd3c3a2a81c8b9ef7fd368177a189098
----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
SUSE update for kernel
SECUNIA ADVISORY ID:
SA32443
VERIFY ADVISORY:
http://secunia.com/advisories/32443/
CRITICAL:
Moderately critical
IMPACT:
Privilege escalation, DoS
WHERE:
>From remote
OPERATING SYSTEM:
openSUSE 11.0
http://secunia.com/advisories/product/19180/
DESCRIPTION:
SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and potentially gain escalated
privileges, and by malicious people to cause a DoS.
For more information:
SA32124
A vulnerability is caused due an integer overflow within the
"sctp_setsockopt_auth_key()" function in net/sctp/socket.c, which can
be exploited to e.g. cause a DoS via a specially crafted
"sca_keylength" field associated with the SCTP_AUTH_KEY option.
SOLUTION:
Apply updated packages.
x86 Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-debug-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-default-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-pae-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-rt-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-rt_debug-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-source-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-syms-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-vanilla-2.6.25.18-0.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/kernel-xen-2.6.25.18-0.2.i586.rpm
Platform Independent:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/noarch/kernel-docs-2.6.25.18-0.2.noarch.rpm
Power PC Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-default-2.6.25.18-0.2.ppc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-kdump-2.6.25.18-0.2.ppc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-ppc64-2.6.25.18-0.2.ppc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-ps3-2.6.25.18-0.2.ppc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-source-2.6.25.18-0.2.ppc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-syms-2.6.25.18-0.2.ppc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/ppc/kernel-vanilla-2.6.25.18-0.2.ppc.rpm
x86-64 Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-debug-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-default-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-rt-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-rt_debug-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-source-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-syms-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-vanilla-2.6.25.18-0.2.x86_64.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/kernel-xen-2.6.25.18-0.2.x86_64.rpm
Sources:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-debug-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-default-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-docs-2.6.25.18-0.2.src.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-kdump-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-pae-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-ppc64-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-ps3-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-rt-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-rt_debug-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-source-2.6.25.18-0.2.src.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-syms-2.6.25.18-0.2.src.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-vanilla-2.6.25.18-0.2.nosrc.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/kernel-xen-2.6.25.18-0.2.nosrc.rpm
ORIGINAL ADVISORY:
SUSE-SA:2008:053:
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
OTHER REFERENCES:
SA32124:
http://secunia.com/advisories/32124/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------