CVE-2008-1673

Name of the Vulnerable Software and Affected Versions openSUSE kernel-rt debug-debuginfo versions (affected versions not specified) openSUSE kernel-rt-debugsource versions (affected versions not specified) Linux kernel versions prior to 2.4.36.6 and prior to 2.6.25.5

Description The issue concerns multiple vulnerabilities in the kernel packages of the openSUSE operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The asn1 implementation in the Linux kernel does not properly validate length values during decoding of ASN.1 BER data, allowing remote attackers to cause a denial of service or execute arbitrary code via various methods, including a length greater than the working buffer, an oid length of zero, or an indefinite length for a primitive encoding.

Recommendations For openSUSE kernel-rt debug-debuginfo, kernel-rt-debugsource, and kernel-rt debug-debugsource: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.4.36.6 and prior to 2.6.25.5: Update to version 2.4.36.6 or 2.6.25.5 or later to resolve the issue.