Upstream information

CVE-2009-1046 at MITRE

Description

The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.7
Vector AV:L/AC:M/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 478699 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise SDK 10 SP2
  • kernel-debug >= 2.6.16.60-0.37_f594963d
  • kernel-kdump >= 2.6.16.60-0.37_f594963d
  • kernel-xen >= 2.6.16.60-0.37_f594963d
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.x86-64
sles10-sp2.x86-64
sled10-sp2.x86-64
ZYPP Patch Nr: 6113
SUSE Linux Enterprise SDK 10 SP2
  • kernel-kdump >= 2.6.16.60-0.37_f594963d
sle10-sp2-sdk.ppc
sles10-sp2-debuginfo.ppc
sles10-sp2.ppc
ZYPP Patch Nr: 6111
openSUSE 11.0
  • kernel-debug-debuginfo >= 2.6.25.20-0.5
  • kernel-debug-debugsource >= 2.6.25.20-0.5
  • kernel-default-debuginfo >= 2.6.25.20-0.5
  • kernel-default-debugsource >= 2.6.25.20-0.5
  • kernel-kdump-debuginfo >= 2.6.25.20-0.5
  • kernel-kdump-debugsource >= 2.6.25.20-0.5
  • kernel-pae-debuginfo >= 2.6.25.20-0.5
  • kernel-pae-debugsource >= 2.6.25.20-0.5
  • kernel-ppc64-debuginfo >= 2.6.25.20-0.5
  • kernel-ppc64-debugsource >= 2.6.25.20-0.5
  • kernel-ps3-debuginfo >= 2.6.25.20-0.5
  • kernel-ps3-debugsource >= 2.6.25.20-0.5
  • kernel-source-debuginfo >= 2.6.25.20-0.5
  • kernel-vanilla-debuginfo >= 2.6.25.20-0.5
  • kernel-vanilla-debugsource >= 2.6.25.20-0.5
  • kernel-xen-debuginfo >= 2.6.25.20-0.5
  • kernel-xen-debugsource >= 2.6.25.20-0.5
openSUSE 11.0
  • acerhk-kmp-debug >= 0.5.35_2.6.25.20_0.5-98.1
  • acx-kmp-debug >= 20080210_2.6.25.20_0.5-3.1
  • appleir-kmp-debug >= 1.1_2.6.25.20_0.5-108.1
  • at76_usb-kmp-debug >= 0.17_2.6.25.20_0.5-2.1
  • atl2-kmp-debug >= 2.0.4_2.6.25.20_0.5-4.1
  • aufs-kmp-debug >= cvs20080429_2.6.25.20_0.5-13.3
  • dazuko-kmp-debug >= 2.3.4.4_2.6.25.20_0.5-42.1
  • drbd-kmp-debug >= 8.2.6_2.6.25.20_0.5-0.2
  • gspcav-kmp-debug >= 01.00.20_2.6.25.20_0.5-1.1
  • iscsitarget-kmp-debug >= 0.4.15_2.6.25.20_0.5-63.1
  • ivtv-kmp-debug >= 1.0.3_2.6.25.20_0.5-66.1
  • kernel-debug >= 2.6.25.20-0.5
  • kernel-default >= 2.6.25.20-0.5
  • kernel-docs >= 2.6.25.20-0.5
  • kernel-kdump >= 2.6.25.20-0.5
  • kernel-pae >= 2.6.25.20-0.5
  • kernel-ppc64 >= 2.6.25.20-0.5
  • kernel-ps3 >= 2.6.25.20-0.5
  • kernel-source >= 2.6.25.20-0.5
  • kernel-syms >= 2.6.25.20-0.5
  • kernel-vanilla >= 2.6.25.20-0.5
  • kernel-xen >= 2.6.25.20-0.5
  • kqemu-kmp-debug >= 1.3.0pre11_2.6.25.20_0.5-7.1
  • nouveau-kmp-debug >= 0.10.1.20081112_2.6.25.20_0.5-0.4
  • omnibook-kmp-debug >= 20080313_2.6.25.20_0.5-1.1
  • pcc-acpi-kmp-debug >= 0.9_2.6.25.20_0.5-4.1
  • pcfclock-kmp-debug >= 0.44_2.6.25.20_0.5-207.1
  • tpctl-kmp-debug >= 4.17_2.6.25.20_0.5-189.1
  • uvcvideo-kmp-debug >= r200_2.6.25.20_0.5-2.4
  • virtualbox-ose-kmp-debug >= 1.5.6_2.6.25.20_0.5-33.3
  • vmware-kmp-debug >= 2008.04.14_2.6.25.20_0.5-21.1
  • wlan-ng-kmp-debug >= 0.2.8_2.6.25.20_0.5-107.1
SUSE Linux Enterprise SDK 10 SP2
  • kernel-debug >= 2.6.16.60-0.37_f594963d
sle10-sp2-sdk.ia64
sles10-sp2.ia64
sles10-sp2-debuginfo.ia64
ZYPP Patch Nr: 6110
SUSE Linux Enterprise SDK 10 SP2
  • kernel-debug >= 2.6.16.60-0.37_f594963d
  • kernel-kdump >= 2.6.16.60-0.37_f594963d
  • kernel-xen >= 2.6.16.60-0.37_f594963d
  • kernel-xenpae >= 2.6.16.60-0.37_f594963d
sles10-sp2.x86
sled10-sp2.x86
sle10-sp2-sdk.x86
sles10-sp2-debuginfo.x86
ZYPP Patch Nr: 6109