[SuSE] Schwachstellen im SuSE Linux Kernel

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes SuSE Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2008-5033 – Null Pointer Referenzierung in der Funktion
chip_command() des Linux i2c Audio Treibers

Die Funktion chip_command() aus dem i2c Audio Treiber
(drivers/media/video/tvaudio.c) ueberprueft Funktionszeiger nicht
ausreichend, wodurch unter Umstaenden ein Null Pointer dereferenziert
werden kann. Lokale Angreifer koennen ueber diese Schwachstelle eine
Kernel Panic auszuloesen (Denial of Service).

CVE-2009-0676 – Schwachstelle in der Funktion sock_getsockopt() des
Linux Kernel

In der Linux Kernel Funktion sock_getsockopt() aus der Datei
net/core/sock.c wird die zurueckgegebene Speicherstruktur fuer einen
SO_BSDCOMPAT getsockopt Request nicht initialisiert. Ein lokaler
Angreifer kann dadurch an sensitive Daten gelangen.

CVE-2009-1046 – Schwachstelle in der UTF-8 Konsolenauswahl

Die Konsolenauswahl im Linux Kernel kann, bei Verwendung der UTF-8
Konsole, einen ‘off by two error’ Speicherfehler ausloesen, wenn eine
kurze Folge von 3-Byte UTF-8 Zeichen eingegeben wird. Ein Angreifer
mit physikalischem Zugriff auf den Computer kann damit einen Denial of
Service ausloesen. Anmerkung: Es ist nicht bekannt ob dieser Fehler
die Grenzen beschraenkter Privilegien ueberschreitet.

CVE-2009-1385 – Interger Underflow im Linux e1000 Treiber

In der Funktion e1000_clean_rx_irq() des Linux e1000 Treibers laesst
sich bei der Berechnung der Framegroesse ein Integer Underflow
ausloesen. Angreifer koennen diese Schwachstelle ueber das Netz dazu
ausnutzen, eine Kernel Panic auszuloesen (Denial of Service).

CVE-2009-1389 – Buffer Overflow RTL8169 Linux Treiber

Im Linux RTL8169 Treiber (drivers/net/r8169.c) laesst sich durch ein
Ethernet Paket das laenger als die konfigurierte MTU fuer das
empfangende Interface ist, ein Buffer Overflow ausloesen. Angreifer
koennen diese Schwachstelle ueber das Netz dazu ausnutzen, das System
zum Absturz zu bringen (Denial of Service).

CVE-2009-1630 – Schwachstelle in der Funktion nfs_permission()

Die Funktion nfs_permission() (aus: fs/nfs/dir.c) der NFS Client
Implementation ueberprueft, wenn atomic_open verfuegbar ist, nicht ob
die Berechtigung zum Ausfuehren von Dateien gesetzt ist. Ein lokaler
Angreifer kann diese Schwachstelle ausnutzen um
Sicherheitsbeschraenkungen zu umgehen und Dateien zur Ausfuehrung
bringen.

CVE-2009-1758 – Schwachstelle in der Funktion hypervisor_callback()

Die Funktion hypervisor_callback(), die Bestandteil des Linux Kernel
in bestimmten Versionen mit XEN-Patchset ist, kann eine
Speicherschutzverletzung und damit einen Kernel-OOPS des
Gastbetriebssystems ausloesen. Ein Angreifer mit eingeschraenkten
Rechten im Gastbetriebssystem kann es durch diese Schwachstelle zum
Absturz bringen.

CVE-2009-1895 – Schwachstelle im Linux personality Subsystem

Ein Fehler im Linux Personality Subsystem fuehrt dazu, das unter
bestimmten Umstaenden die ADDR_COMPAT_LAYOUT und MMAP_PAGE_ZERO Flags
nicht geloescht werden, wenn ein SetUID oder SetGID Programm
ausgefuehrt wird. Dies erleichtert lokalen Angreifern, Details ueber
das Speicherlayout eines Prozesses herauszukriegen und
Schutzmechanismem wie Address Space Layout Randomization (ASLR) zu
umgehen.

CVE-2009-2406 / CVE-2009-2407 – Schwachstellen im eCryptfs Dateisystem

Zwei Schwachstellen im eCryptfs Dateisystem erlauben es u.a. den
Inhalt einer eCryptfs Datei zu aendern sowie einen Buffer Overflow
auszuloesen. Ein lokaler Angreifer mit dem Recht ein eCryptfs
Dateisystem zu mounten, kann diese Schwachstellen dazu ausnutzen,
seine Privilegien zu erweitern.

CVE-2009-2692 – Null Pointer Referenzierung im Linux Kernel durch
unvollstaendige proto_ops Initialisierung

Der Linux Kernel initialisiert nicht alle Funktionszeiger in den
“proto_ops” Datenstrukturen, die bei Aufrufen des socket(2)
Systemcalls verwendet werden. Infolge dessen kann bei bestimmten
Operationen die Referenzierung eines NULL Pointers ausgeloest werden.
Lokale Angreifer koennen diese Schwachstelle dazu ausnutzen,
beliebigen Code mit den Rechten des Kernels auszufuehren.

Exploits fuer die Schwachstelle sind frei verfuegbar.

Betroffen sind die folgenden Software Pakete und Plattformen:

Paket kernel

openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SLE SDK 10 SP2
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise 10 SP2 DEBUGINFO
SUSE Linux Enterprise Server 10 SP2
SLE 11 High Availability Extension
SLE 11 SERVER Unsupported Extras
SLES 11 DEBUGINFO
SLE 11 EC2
SLE 11
SLED 11
SLES 11

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://www.novell.com/linux/security/securitysupport.html

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Klaus Moeller, DFN-CERT

– —
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: kernel
Announcement ID: SUSE-SA:2009:045
Date: Thu, 20 Aug 2009 13:00:00 +0000
Affected Products: openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SLE SDK 10 SP2
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise 10 SP2 DEBUGINFO
SUSE Linux Enterprise Server 10 SP2
SLE 11 High Availability Extension
SLE 11 SERVER Unsupported Extras
SLES 11 DEBUGINFO
SLE 11 EC2
SLE 11
SLED 11
SLES 11
Vulnerability Type: local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2008-5033, CVE-2009-0676, CVE-2009-1046
CVE-2009-1385, CVE-2009-1389, CVE-2009-1630
CVE-2009-1758, CVE-2009-1895, CVE-2009-2406
CVE-2009-2407, CVE-2009-2692

Content of This Advisory:
1) Security Vulnerability Resolved:
Linux kernel security issues
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
– see SUSE Security Summary report
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

The Linux kernel update fixes the following security issues:

CVE-2009-2692: A missing NULL pointer check in the socket sendpage
function can be used by local attackers to gain root privileges.
[SLES9, SLES10-SP2, SLE11, openSUSE]

CVE-2009-1389: A crash on r8169 network cards when receiving
large packets was fixed.
[SLES9, SLES10-SP2, SLE11, openSUSE]

CVE-2009-1758: The hypervisor_callback function in Xen allows guest
user applications to cause a denial of service (kernel oops) of the
guest OS by triggering a segmentation fault in certain address
ranges.
[SLES9, SLES10-SP2, SLE11, openSUSE]

CVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the
NFS client implementation in the Linux kernel, when atomic_open is
available, does not check execute (aka EXEC or MAY_EXEC) permission
bits, which allows local users to bypass permissions and execute files,
as demonstrated by files on an NFSv4 fileserver
[SLE10-SP2, SLE11, openSUSE]

CVE-2009-2406: A kernel stack overflow when mounting eCryptfs
filesystems in parse_tag_11_packet() was fixed. Code execution might
be possible if ecryptfs is in use.
[SLE11, openSUSE]

CVE-2009-2407: A kernel heap overflow when mounting eCryptfs
filesystems in parse_tag_3_packet() was fixed. Code execution might
be possible if ecryptfs is in use.
[SLE11, openSUSE]

(no CVE assigned yet): An information leak from using sigaltstack.
[SLES9, SLES10-SP2, SLE11, openSUSE]

CVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket
option
[openSUSE 10.3 only]

CVE-2009-1895: Personality flags on set*id were not cleared
correctly, so ASLR and NULL page protection could be bypassed.
[openSUSE 11.0 only]

CVE-2009-1046: utf-8 console memory corruption that can be used for
local privilege escalation
[openSUSE 11.0 only]

CVE-2008-5033: Oops in video4linux tvaudio
[openSUSE 11.0 only]

CVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq
function in drivers/net/e1000/e1000_main.c in the e1000 driver the
e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka
e1000) before 7.5.5 allows remote attackers to cause a denial of
service (panic) via a crafted frame size.
[openSUSE 11.0 only]

The mmap_min_addr sysctl is now enabled by default to protect
against kernel NULL page exploits.
[SLE11, openSUSE 11.0-11.1]

The -fno-delete-null-pointer-checks compiler option is now used to
build the kernel to avoid gcc optimizing away NULL pointer checks.
Also -fwrapv is now used everywhere.
[SLES9, SLES10-SP2, SLE11, openSUSE]

The kernel update also contains numerous other, non-security
bug fixes. Please refer to the rpm changelog for a detailed list.

2) Solution or Work-Around

There is no known workaround against all of the listed issues,
please install the updated packages.

3) Special Instructions and Notes

Please reboot the machine after installing the update.

Note that the SLES9 update was not released yet at the time this
advisory was sent. Packages are expected to be made available
tomorrow (Friday).

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv

to apply the update, replacing with the filename of the
downloaded RPM package.

x86 Platform:

openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/i586/kernel-bigsmp-2.6.22.19-0.4.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/kernel-debug-2.6.22.19-0.4.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/kernel-default-2.6.22.19-0.4.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/kernel-source-2.6.22.19-0.4.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/kernel-syms-2.6.22.19-0.4.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/kernel-xen-2.6.22.19-0.4.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/kernel-xenpae-2.6.22.19-0.4.i586.rpm

Platform Independent:

openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/noarch/kernel-docs-2.6.3-3.13.46.noarch.rpm

openSUSE 11.0:
http://download.opensuse.org/update/11.0/rpm/noarch/kernel-docs-2.6.25.20-0.5.noarch.rpm

Power PC Platform:

openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/ppc/kernel-default-2.6.22.19-0.4.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/kernel-kdump-2.6.22.19-0.4.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/kernel-ppc64-2.6.22.19-0.4.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/kernel-source-2.6.22.19-0.4.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/kernel-syms-2.6.22.19-0.4.ppc.rpm

x86-64 Platform:

openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/x86_64/kernel-debug-2.6.22.19-0.4.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/kernel-default-2.6.22.19-0.4.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/kernel-source-2.6.22.19-0.4.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/kernel-syms-2.6.22.19-0.4.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/kernel-xen-2.6.22.19-0.4.x86_64.rpm

Sources:

openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/src/kernel-bigsmp-2.6.22.19-0.4.nosrc.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-debug-2.6.22.19-0.4.nosrc.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-default-2.6.22.19-0.4.nosrc.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-kdump-2.6.22.19-0.4.nosrc.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-ppc64-2.6.22.19-0.4.nosrc.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-source-2.6.22.19-0.4.src.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-syms-2.6.22.19-0.4.src.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-xen-2.6.22.19-0.4.nosrc.rpm
http://download.opensuse.org/update/10.3/rpm/src/kernel-xenpae-2.6.22.19-0.4.nosrc.rpm

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:

SLE 11 SERVER Unsupported Extras
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=05f76631eabd3855f111551f51ab13d2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=09b0545deb81e06fa6e4b985a90c0f34
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=974d6162c77e4c04686097bbc340a8f1
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0844fc389fa0754c6d749018876ba285
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=dafb63e21cf40b926282c5b4b988d0c4

SLES 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=125c8b5a7b30fdb1de7b2255eb1649a7
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e37bbd585e257a0da7b25b00ac9c72ef
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=dfbea602689b882f72228d86a5d32316
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=db255a76ea8ba6e688475154d00e78ae
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0522f4d2681968d0e344aad24e0e341b

SLED 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=125c8b5a7b30fdb1de7b2255eb1649a7
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0522f4d2681968d0e344aad24e0e341b

SLE 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=125c8b5a7b30fdb1de7b2255eb1649a7
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0522f4d2681968d0e344aad24e0e341b

SLE 11 High Availability Extension
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=125c8b5a7b30fdb1de7b2255eb1649a7
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e37bbd585e257a0da7b25b00ac9c72ef
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=dfbea602689b882f72228d86a5d32316
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=db255a76ea8ba6e688475154d00e78ae
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0522f4d2681968d0e344aad24e0e341b

SLE 11 EC2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=125c8b5a7b30fdb1de7b2255eb1649a7
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0522f4d2681968d0e344aad24e0e341b

SLES 11 DEBUGINFO
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=125c8b5a7b30fdb1de7b2255eb1649a7
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e37bbd585e257a0da7b25b00ac9c72ef
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=dfbea602689b882f72228d86a5d32316
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=db255a76ea8ba6e688475154d00e78ae
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0522f4d2681968d0e344aad24e0e341b

Novell Linux Desktop 9 for x86_64
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7f8fbb0d03fe1c20b55cd009cabb90dc

Open Enterprise Server
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=fc566820eb8c3318e8f061acd0a9670b

Novell Linux Desktop 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7f8fbb0d03fe1c20b55cd009cabb90dc
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=fc566820eb8c3318e8f061acd0a9670b

Novell Linux Desktop 9 for x86
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=fc566820eb8c3318e8f061acd0a9670b

SUSE CORE 9 for AMD64 and Intel EM64T
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=55cf7e0138fcbca7a1651ad458a632e4

SUSE CORE 9 for IBM zSeries 64bit
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b40d3b95941615ddd4f068e6cb284779

SUSE CORE 9 for IBM S/390 31bit
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2848c72cdea6773ec3fca34ab8d603f3

SUSE CORE 9 for IBM POWER
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=9fc9d5258b53f25591d7a961da953e46

SUSE CORE 9 for Itanium Processor Family
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8915bab99f61e8786e7380572eafc564

Novell Linux POS 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e7b08bc6afb9365905c3fb54c11bd6e3

SUSE SLES 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=55cf7e0138fcbca7a1651ad458a632e4
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b40d3b95941615ddd4f068e6cb284779
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2848c72cdea6773ec3fca34ab8d603f3
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=9fc9d5258b53f25591d7a961da953e46
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8915bab99f61e8786e7380572eafc564
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e7b08bc6afb9365905c3fb54c11bd6e3

SUSE CORE 9 for x86
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e7b08bc6afb9365905c3fb54c11bd6e3

SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7a7a8f331b9706799e3c3bce839e8aa0

SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=067ad9a24bf4487873028983f203cafc

SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b1474c57d5b92c106f1c8e12e5868694

SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5e81623d966649d62e406c2b190b0989

SUSE Linux Enterprise Desktop 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7a7a8f331b9706799e3c3bce839e8aa0
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1488b2feebe11fa2560e9572ac5df8b9

SUSE Linux Enterprise Desktop 10 SP2 for x86
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1488b2feebe11fa2560e9572ac5df8b9

SUSE Linux Enterprise Server 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7a7a8f331b9706799e3c3bce839e8aa0
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=067ad9a24bf4487873028983f203cafc
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b1474c57d5b92c106f1c8e12e5868694
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5e81623d966649d62e406c2b190b0989
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1488b2feebe11fa2560e9572ac5df8b9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=fa262624b0bce42af52b5fe638cb3c07

SLE SDK 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7a7a8f331b9706799e3c3bce839e8aa0
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b1474c57d5b92c106f1c8e12e5868694
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5e81623d966649d62e406c2b190b0989
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1488b2feebe11fa2560e9572ac5df8b9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=fa262624b0bce42af52b5fe638cb3c07

SUSE Linux Enterprise 10 SP2 DEBUGINFO
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7a7a8f331b9706799e3c3bce839e8aa0
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b1474c57d5b92c106f1c8e12e5868694
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5e81623d966649d62e406c2b190b0989
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1488b2feebe11fa2560e9572ac5df8b9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=fa262624b0bce42af52b5fe638cb3c07

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

– see SUSE Security Summary report

______________________________________________________________________________

6) Authenticity Verification and Additional Information

– Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg –verify

replacing with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made using RSA key ID 3D25D3D9
gpg: Good signature from “SuSE Security Team ”

where is replaced by the date the document was signed.

If the security team’s key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg –import gpg-pubkey-3d25d3d9-36e12d04.asc

– Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v –checksig

to verify the signature of the package, replacing with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of ‘root’ during
installation. You can also find it on the first installation CD and at
the end of this announcement.

– SUSE runs two security mailing lists to which any interested party may
subscribe:

opensuse-security@opensuse.org
– General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
.

opensuse-security-announce@opensuse.org
– SUSE’s announce-only mailing list.
Only SUSE’s security announcements are sent to this list.
To subscribe, send an e-mail to
.

=====================================================================
SUSE’s security contact is or .
The public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key

– – —–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
– – —–END PGP PUBLIC KEY BLOCK—–

– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.9 (GNU/Linux)

iQEVAwUBSo04r3ey5gA9JdPZAQL2xQf/R4Bj0AUE/Rzbb0vj+SK9JQdK7UfFEvlG
WWKsO917vrjpFjqj+4qBQUUcJidaCrrDYZ5U9N3VILO8vE6Mft8/HGo3NZlByDUq
OzTxo8L7iTm730FTv2Kacy/2BCYKKWh0nXyZ2b0JxxzY3su0W/mm10gUPkouyiYm
x9NYTqiQ0TgFEbhI/uQPWQnuq/PVrLXKpCvXF6RQ/yy+yblBK3N94WdTHDqUWuGC
baWIFpJCJ4XCMfHJcKpPH99vjVSHsBlK3UvYPBB5vOEW1kXitYFjSXA4wy6Z4Oqq
o+s/3qPuOGAmhHAdC4evdjsIZbbePw2lZ/uUCdAjr1kQVbeqSFlrGg==
=67vi
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFKjl6ek0kIxZMiiQ8RAjVzAJ9FjG2Oooez58zh4wjbZHvnbhfWzwCeLxte
69x/Y9+9RDTl3eC84vRIC2w=
=fY8h
—–END PGP SIGNATURE—–

[SuSE] Schwachstellen im SuSE Linux Kernel - SUSE-SA:2009:045

LMP003 Chemnitzer Linux-Tage 2026

[SuSE] Schwachstellen im SuSE Linux Kernel – SUSE-SA:2009:045

[SuSE] Schwachstellen im SuSE Linux Kernel - SUSE-SA:2009:045