-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:214 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : October 29, 2010 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in the Linux 2.6 kernel: A vulnerability in Linux kernel caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the compat_alloc_user_space method with an arbitrary length input. (CVE-2010-3081) To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 https://qa.mandriva.com/61447 _______________________________________________________________________ Updated Packages: Corporate 4.0: fabca395b39b6ed6d458799eb412572e corporate/4.0/i586/kernel-2.6.12.42mdk-1-1mdk.i586.rpm 3077f89b0ee23364826844a7d9a83dcb corporate/4.0/i586/kernel-BOOT-2.6.12.42mdk-1-1mdk.i586.rpm c3e963bcd59b676adf367224c8580998 corporate/4.0/i586/kernel-doc-2.6.12.42mdk-1-1mdk.i586.rpm 3fda402572a9ca2a6f3a2cce8a927ef5 corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.42mdk-1-1mdk.i586.rpm 74671054d68dd70b88042554a09dc70e corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.42mdk-1-1mdk.i586.rpm e5fbee70a2318efbae909957653f0d21 corporate/4.0/i586/kernel-smp-2.6.12.42mdk-1-1mdk.i586.rpm aaf581038c6cebb9d748d4503ce37af7 corporate/4.0/i586/kernel-source-2.6.12.42mdk-1-1mdk.i586.rpm c694977b8e08fa592ce384a4f4a77eff corporate/4.0/i586/kernel-source-stripped-2.6.12.42mdk-1-1mdk.i586.rpm 52d63e629865ff6501d0c766c234f1ad corporate/4.0/i586/kernel-xbox-2.6.12.42mdk-1-1mdk.i586.rpm a5a3649d10977f5c637043ac1efdb144 corporate/4.0/i586/kernel-xen0-2.6.12.42mdk-1-1mdk.i586.rpm a2f59640dbaa4d566ad41eb6512c4e63 corporate/4.0/i586/kernel-xenU-2.6.12.42mdk-1-1mdk.i586.rpm 0c316f3efcbaff64fea607cdc9e0a085 corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm Corporate 4.0/X86_64: c471d4337b179919823bc63588a27e47 corporate/4.0/x86_64/kernel-2.6.12.42mdk-1-1mdk.x86_64.rpm 0bef4a498595c2df1d6d8c5d5be6f0c2 corporate/4.0/x86_64/kernel-BOOT-2.6.12.42mdk-1-1mdk.x86_64.rpm 582eae8d7a9d12fbf85d3c2a08ff9824 corporate/4.0/x86_64/kernel-doc-2.6.12.42mdk-1-1mdk.x86_64.rpm d76674127a48f49db5647c9b007872f8 corporate/4.0/x86_64/kernel-smp-2.6.12.42mdk-1-1mdk.x86_64.rpm 36d9743d4ff644c74a33b9cee2adec05 corporate/4.0/x86_64/kernel-source-2.6.12.42mdk-1-1mdk.x86_64.rpm 6d077ef61b3438888da3ec9f901e3ad8 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.42mdk-1-1mdk.x86_64.rpm ad64ebbf54fa5ecf30e1da88eaacf540 corporate/4.0/x86_64/kernel-xen0-2.6.12.42mdk-1-1mdk.x86_64.rpm 1311e12d6c8ab1d93a6eb9623cd11aea corporate/4.0/x86_64/kernel-xenU-2.6.12.42mdk-1-1mdk.x86_64.rpm 0c316f3efcbaff64fea607cdc9e0a085 corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMyw/EmqjQ0CJFipgRAomrAJ0bZKR+DXaG5gd78VowqmVVdtp07ACfaoFQ v6b4gKMa6SKoMRovnQ3bI+k= =ENEg -----END PGP SIGNATURE-----