Suse Linux Enterprise Server vulnerabilities

CVE-2010-3297 [LOW] CWE-909 CVE-2010-3297: The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not pr The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

CVE-2010-3296 [LOW] CWE-200 CVE-2010-3296: The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.3 The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.

CVE-2010-3298 [LOW] CWE-200 CVE-2010-3298: The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not p The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

CVE-2010-2478 [HIGH] CWE-190 CVE-2010-2478: Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability th

CVE-2010-3080 [HIGH] CWE-415 CVE-2010-3080: Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in t Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.

CVE-2010-3067 [MEDIUM] CWE-190 CVE-2010-3067: Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.

CVE-2010-2959 [HIGH] CWE-190 CVE-2010-2959: Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux k Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.

CVE-2010-2803 [LOW] CWE-200 CVE-2010-2803: The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

CVE-2010-2955 [LOW] CWE-193 CVE-2010-2955: The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36- The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel

CVE-2010-2954 [MEDIUM] CWE-476 CVE-2010-2954: The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 doe The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (ak

CVE-2010-2226 [LOW] CWE-200 CVE-2010-2226: The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly c The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

CVE-2010-2753 [HIGH] CWE-190 CVE-2010-2753: Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x be Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.

CVE-2010-1205 [CRITICAL] CWE-120 CVE-2010-1205: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

CVE-2010-2249 [MEDIUM] CWE-401 CVE-2010-2249: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers t Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVE-2010-1634 [MEDIUM] CWE-190 CVE-2010-1634: Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists beca

CVE-2010-1321 [MEDIUM] CWE-476 CVE-2010-1321: The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (a The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash)

CVE-2010-1437 [HIGH] CWE-362 CVE-2010-1437: Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2 Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_c

CVE-2010-0205 [MEDIUM] CWE-400 CVE-2010-0205: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang)

CVE-2010-0013 [HIGH] CWE-22 CVE-2010-0013: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 a Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerabilit

CVE-2009-3080 [HIGH] CWE-129 CVE-2009-3080: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.