Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The error-reporting functionality in (1) fs/ext2/dir.c, (2)
fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel
2.6.26.5 does not limit the number of printk console messages that
report directory corruption, which allows physically proximate
attackers to cause a denial of service (temporary system hang) by
mounting a filesystem that has corrupted dir->i_size and dir->i_blocks
values and performing (a) read or (b) write operations. NOTE:
there are limited scenarios in which this crosses privilege
boundaries. (CVE-2008-3528)
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel
2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in
OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct
Rendering Manager (DRM) master, which allows local users to cause
a denial of service (memory corruption) via a crafted ioctl call,
related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the
ioctl's configuration. (CVE-2008-3831)
The do_splice_from function in fs/splice.c in the Linux kernel before
2.6.27 does not reject file descriptors that have the O_APPEND flag
set, which allows local users to bypass append mode and make arbitrary
changes to other locations in the file. (CVE-2008-4554)
Additionaly, a problem with TCP options ordering, which could manifest
as connection problems with many websites (bug #43372), was solved, a
number of fixes for Intel HDA were added, another number of fixes for
issues on Asus EEE PC, Panasonic Let's Note, Acer One, Dell XPS, and
others, were also added. Check package changelog for more information.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3528
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3831
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4554
https://qa.mandriva.com/43532
https://qa.mandriva.com/43372
https://qa.mandriva.com/44752
https://qa.mandriva.com/43885
https://qa.mandriva.com/44803
_______________________________________________________________________
[ MDVSA-2008:224 ] kernel
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2008:224 ] kernel
Kirjoittaja dude67 » 05 Marras 2008, 21:10
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 35 vierailijaa