paul Posted February 18, 2010 Report Share Posted February 18, 2010 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) Additionally, the Linux kernel was updated to the stable release 2.6.27.45. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Update: The nvidia173-kernel x86_64 packages was missing with MDVSA-2010:034 for the Enterprise 5 product. This advisory provides the missing packages. Link to comment Share on other sites More sharing options...
Recommended Posts