CVE-2009-0676

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-0676 at MITRE

Description

The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

NVD CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 478002

SUSE Security Advisories:

SUSE-SA:2009:015, published Fri, 03 Apr 2009 11:00:00 +0000
SUSE-SA:2009:017, published Fri, 03 Apr 2009 12:00:00 +0000
SUSE-SA:2009:021, published Thu, 16 Apr 2009 15:00:00 +0000
SUSE-SA:2009:030, published Mon, 08 Jun 2009 18:00:00 +0000
SUSE-SA:2009:031, published Mon, 09 Jun 2009 09:00:00 +0000
SUSE-SA:2009:045, published Thu, 20 Aug 2009 13:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-smp >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d` `kernel-xen >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.x86-64 sles10-sp2-debuginfo.x86-64 sles10-sp2.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6113
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T	`kernel-debug-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-default-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-kdump-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-smp-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-source-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-xen-debuginfo >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.x86-64 sles10-sp2-debuginfo.x86-64 sles10-sp2.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6113
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T	`kernel-debug >= 2.6.16.60-0.37_f594963d` `kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-kdump >= 2.6.16.60-0.37_f594963d` `kernel-smp >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d` `kernel-xen >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.x86-64 sles10-sp2-debuginfo.x86-64 sles10-sp2.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6113
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit	`kernel-default-debuginfo >= 2.6.16.60-0.37_f594963d`	sles10-sp2.s390x sles10-sp2-debuginfo.s390x ZYPP Patch Nr: 6112
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d`	sles10-sp2.s390x sles10-sp2-debuginfo.s390x ZYPP Patch Nr: 6112
SUSE CORE 9 for IBM zSeries 64bit	`kernel-s390x >= 2.6.5-7.316` `kernel-s390x-debug >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316`	core9.s390x YOU Patch Nr: 12372
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-ppc64 >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-ppc64 >= 1.4_2.6.27.21_0.1-4.1.2`	sles11.ppc sle11-debuginfo.ppc SAT Patch Nr: 725
SUSE CORE 9 for IBM S/390 31bit	`kernel-s390 >= 2.6.5-7.316` `kernel-s390-debug >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316`	core9.s390 YOU Patch Nr: 12371
Novell Linux POS 9 SUSE CORE 9 for x86	`kernel-bigsmp >= 2.6.5-7.316` `kernel-debug >= 2.6.5-7.316` `kernel-default >= 2.6.5-7.316` `kernel-smp >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316` `kernel-um >= 2.6.5-7.316` `kernel-xen >= 2.6.5-7.316` `kernel-xenpae >= 2.6.5-7.316` `um-host-install-initrd >= 1.0-48.30` `um-host-kernel >= 2.6.5-7.316`	sles9-nlpos.x86 core9.x86 YOU Patch Nr: 12380
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2`	sle11-debuginfo.ia64 sles11.ia64 SAT Patch Nr: 714
openSUSE 10.3	`kernel-bigsmp >= 2.6.22.19-0.4` `kernel-debug >= 2.6.22.19-0.4` `kernel-default >= 2.6.22.19-0.4` `kernel-kdump >= 2.6.22.19-0.4` `kernel-ppc64 >= 2.6.22.19-0.4` `kernel-source >= 2.6.22.19-0.4` `kernel-syms >= 2.6.22.19-0.4` `kernel-xen >= 2.6.22.19-0.4` `kernel-xenpae >= 2.6.22.19-0.4`
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2`	sle11-debuginfo.s390x sles11.s390x SAT Patch Nr: 716
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-xen >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-xen >= 1.4_2.6.27.21_0.1-4.1.2`	sle11-debuginfo.x86-64 sles11.x86-64 sled11.x86-64 SAT Patch Nr: 715
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER	`kernel-default-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-iseries64-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-kdump-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-ppc64-debuginfo >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.ppc sles10-sp2-debuginfo.ppc sles10-sp2.ppc ZYPP Patch Nr: 6111
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-iseries64 >= 2.6.16.60-0.37_f594963d` `kernel-kdump >= 2.6.16.60-0.37_f594963d` `kernel-ppc64 >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.ppc sles10-sp2-debuginfo.ppc sles10-sp2.ppc ZYPP Patch Nr: 6111
Novell Linux Desktop 9 for x86_64	`kernel-default >= 2.6.5-7.316` `kernel-smp >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316`	sles9-nld.x86-64 YOU Patch Nr: 12366
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-pae >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-xen >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-pae >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-xen >= 1.4_2.6.27.21_0.1-4.1.2`	sled11.x86 sle11-debuginfo.x86 sles11.x86 SAT Patch Nr: 713
SUSE CORE 9 for IBM POWER	`kernel-default >= 2.6.5-7.316` `kernel-iseries64 >= 2.6.5-7.316` `kernel-pmac64 >= 2.6.5-7.316` `kernel-pseries64 >= 2.6.5-7.316` `kernel-smp >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316`	core9.ppc YOU Patch Nr: 12370
openSUSE 10.3	`kernel-bigsmp >= 2.6.22.19-0.3` `kernel-debug >= 2.6.22.19-0.3` `kernel-default >= 2.6.22.19-0.3` `kernel-kdump >= 2.6.22.19-0.3` `kernel-ppc64 >= 2.6.22.19-0.3` `kernel-source >= 2.6.22.19-0.3` `kernel-syms >= 2.6.22.19-0.3` `kernel-xen >= 2.6.22.19-0.3` `kernel-xenpae >= 2.6.22.19-0.3`
SUSE CORE 9 for AMD64 and Intel EM64T	`kernel-default >= 2.6.5-7.329.TDC` `kernel-smp >= 2.6.5-7.329.TDC` `kernel-source >= 2.6.5-7.329.TDC` `kernel-syms >= 2.6.5-7.329.TDC` `xen-kmp >= 3.0.4_2.6.5_7.329.TDC_-0.3`	Builds YOU Patch Nr: 12814
Novell Linux Desktop 9 for x86	`kernel-bigsmp >= 2.6.5-7.316` `kernel-default >= 2.6.5-7.316` `kernel-smp >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316`	sles9-nld.x86 sles9-oes.x86 YOU Patch Nr: 12379
Open Enterprise Server	`kernel-bigsmp >= 2.6.5-7.316` `kernel-debug >= 2.6.5-7.316` `kernel-default >= 2.6.5-7.316` `kernel-smp >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316` `kernel-um >= 2.6.5-7.316` `kernel-xen >= 2.6.5-7.316` `kernel-xenpae >= 2.6.5-7.316` `um-host-install-initrd >= 1.0-48.30` `um-host-kernel >= 2.6.5-7.316`	sles9-nld.x86 sles9-oes.x86 YOU Patch Nr: 12379
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF	`kernel-debug-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-default-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-source-debuginfo >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.ia64 sles10-sp2.ia64 sles10-sp2-debuginfo.ia64 ZYPP Patch Nr: 6110
SUSE Linux Enterprise Server 10 SP2 for IPF	`kernel-debug >= 2.6.16.60-0.37_f594963d` `kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d`	sle10-sp2-sdk.ia64 sles10-sp2.ia64 sles10-sp2-debuginfo.ia64 ZYPP Patch Nr: 6110
SUSE CORE 9 for Itanium Processor Family	`kernel-64k-pagesize >= 2.6.5-7.316` `kernel-debug >= 2.6.5-7.316` `kernel-default >= 2.6.5-7.316` `kernel-sn2 >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316`	core9.ia64 YOU Patch Nr: 12369
SUSE CORE 9 for AMD64 and Intel EM64T	`kernel-default >= 2.6.5-7.316` `kernel-smp >= 2.6.5-7.316` `kernel-source >= 2.6.5-7.316` `kernel-syms >= 2.6.5-7.316` `kernel-xen >= 2.6.5-7.316`	core9.x86-64 YOU Patch Nr: 12373
SUSE Linux Enterprise Desktop 10 SP2 for x86	`kernel-bigsmp >= 2.6.16.60-0.37_f594963d` `kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-smp >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d` `kernel-xen >= 2.6.16.60-0.37_f594963d` `kernel-xenpae >= 2.6.16.60-0.37_f594963d`	sles10-sp2.x86 sled10-sp2.x86 sle10-sp2-sdk.x86 sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 6109
SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`kernel-bigsmp-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-debug-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-default-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-kdump-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-smp-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-source-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-xen-debuginfo >= 2.6.16.60-0.37_f594963d` `kernel-xenpae-debuginfo >= 2.6.16.60-0.37_f594963d`	sles10-sp2.x86 sled10-sp2.x86 sle10-sp2-sdk.x86 sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 6109
SUSE Linux Enterprise Server 10 SP2 for x86	`kernel-bigsmp >= 2.6.16.60-0.37_f594963d` `kernel-debug >= 2.6.16.60-0.37_f594963d` `kernel-default >= 2.6.16.60-0.37_f594963d` `kernel-kdump >= 2.6.16.60-0.37_f594963d` `kernel-smp >= 2.6.16.60-0.37_f594963d` `kernel-source >= 2.6.16.60-0.37_f594963d` `kernel-syms >= 2.6.16.60-0.37_f594963d` `kernel-vmi >= 2.6.16.60-0.37_f594963d` `kernel-vmipae >= 2.6.16.60-0.37_f594963d` `kernel-xen >= 2.6.16.60-0.37_f594963d` `kernel-xenpae >= 2.6.16.60-0.37_f594963d`	sles10-sp2.x86 sled10-sp2.x86 sle10-sp2-sdk.x86 sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 6109

List of products where fixes are in QA

SUSE Linux Enterprise High Availability Extension 11

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute