Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
256b2abcf44db3d9624b76c91305a9d1025841a931c877f3a67a23cc4cc0c716
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:034-2
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : February 18, 2010
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Array index error in the gdth_read_event function in
drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows
local users to cause a denial of service or possibly gain privileges
via a negative event index in an IOCTL request. (CVE-2009-3080)
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the
Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified
impact via a crafted HDLC packet that arrives over ISDN and triggers
a buffer under-read. (CVE-2009-4005)
Additionally, the Linux kernel was updated to the stable release
2.6.27.45.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
Update:
The nvidia173-kernel x86_64 packages was missing with MDVSA-2010:034
for the Enterprise 5 product. This advisory provides the missing
packages.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
https://qa.mandriva.com/55826
https://qa.mandriva.com/55823
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5/X86_64:
0779d5654b351427c470e36ffe5248a4 mes5/x86_64/nvidia173-kernel-2.6.27.45-desktop-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
b22dbcfda9d8239460e9a27483e90067 mes5/x86_64/nvidia173-kernel-2.6.27.45-server-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
090ccae6731eedcc2aeef3bb6db41d3b mes5/x86_64/nvidia173-kernel-desktop-latest-173.14.12-1.20100218.4mdv2009.0.x86_64.rpm
0029c41881af4e801a4355533bc791ca mes5/x86_64/nvidia173-kernel-server-latest-173.14.12-1.20100218.4mdv2009.0.x86_64.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLfWpymqjQ0CJFipgRAlYsAKCEtyFrNVeKTfMxYjH0qYklGVFg4QCZAR/F
FO/Lp7rufuMni06a06H0mBY=
=SnjB
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed