A vulnerability that could be exploited to cause a denial-of-service attack has been reported in SUSE Linux Enterprise Server. SUSE has also released an update for various vulnerabilities found in the kernel.
The vulnerability is caused due to an error when processing dynamic DNS update requests. This can be exploited to crash the "named" process via a GSS-TSIG request.
This vulnerability is reported in Novell SUSE Linux Enterprise Server 10 SP1 and can be rectified by updating libgssapi package to version 0.6-13.7 or later.
In addition, SUSE has issued an update for the kernel. This update fixes some vulnerabilities that can be exploited by local users to gain escalated privileges as well as cause a DoS. For a list of the patches, check out the Secunia advisory.
Related Topics:Open Source Software Security Developer Enterprise Software Innovation
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.