Jump to content

Advisories MDVSA-2010:088: kernel


paul
 Share

Recommended Posts

Some vulnerabilities were discovered and corrected in the Linux

2.6 kernel:

 

The ATI Rage 128 (aka r128) driver in the Linux kernel before

2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)

state initialization, which allows local users to cause a denial of

service (NULL pointer dereference and system crash) or possibly gain

privileges via unspecified ioctl calls. (CVE-2009-3620)

 

fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always

follow NFS automount symlinks, which allows attackers to have an

unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)

 

The wake_futex_pi function in kernel/futex.c in the Linux kernel

before 2.6.33-rc7 does not properly handle certain unlock operations

for a Priority Inheritance (PI) futex, which allows local users to

cause a denial of service (OOPS) and possibly have unspecified other

impact via vectors involving modification of the futex value from

user space. (CVE-2010-0622)

 

drivers/connector/connector.c in the Linux kernel before 2.6.32.8

allows local users to cause a denial of service (memory consumption

and system crash) by sending the kernel many NETLINK_CONNECTOR

messages. (CVE-2010-0410)

 

The futex_lock_pi function in kernel/futex.c in the Linux kernel before

2.6.33-rc7 does not properly manage a certain reference count, which

allows local users to cause a denial of service (OOPS) via vectors

involving an unmount of an ext3 filesystem. (CVE-2010-0623)

 

Aditionally, the kernel was updated to the 2.6.31.13 stable release,

it was added support for Cirrus Logic CS420x HDA codec, Wacom driver

was updated to version 0.8.5-12 and there is a fix in the driver for

backlight on Eee PC 1201HA.

 

To update your kernel, please follow the directions located at:

 

http://www.mandriva.com/en/security/kernelupdate

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...