According to a German IT service provider, users running 1&1 servers with openSUSE 11 as their distribution should check the version number of their Linux kernel. In order to guarantee full support for the hardware it uses, for openSUSE, 1&1 installs its own homemade kernel. Unfortunately this kernel disables the YAST auto-update function, with the result that, despite regular updates, the kernel (2.6.27.21) remains several months old
Users relying on auto-updates could be in for an unpleasant surprise. At present it is not confirmed that this is also problem with 1&1 servers running English language versions of openSUSE, although it seems likely that it is.

IT services provider Markus Manze stumbled on the problem when compiling an overview of Linux distributions and the null pointer dereference bugs they contain. According to Manke's German language report on the problem, in view of the availability of exploits, an unpatched kernel turns security vulnerabilities in other applications, such as web servers, PHP applications and other network services, into potentially system-compromising vulnerabilities. Furthermore, the mmap_min_addr system variable, which is able to frustrate NPD exploits, is set to 0 in openSUSE 11.0.

The link for this article located at H Security is no longer available.