Suse Linux Enterprise Server vulnerabilities

CVE-2010-2066 [MEDIUM] CVE-2010-2066: The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

CVE-2010-2297 [CRITICAL] CWE-94 CVE-2010-2297: rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

CVE-2010-2302 [CRITICAL] CVE-2010-2302: Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote a Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.

CVE-2010-2301 [MEDIUM] CVE-2010-2301: Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.

CVE-2010-1770 [CRITICAL] CWE-94 CVE-2010-1770: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption

CVE-2009-3547 [HIGH] CWE-362 CVE-2009-3547: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cau Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

CVE-2009-3621 [MEDIUM] CWE-400 CVE-2009-3621: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

CVE-2009-3289 [HIGH] CWE-732 CVE-2009-3289: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a s The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

CVE-2007-6716 [MEDIUM] CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

CVE-2008-3275 [MEDIUM] CWE-120 CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the L The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within dele

CVE-2008-2812 [HIGH] CWE-476 CVE-2008-2812: The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.