Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Buffer overflow in the hfsplus_find_cat function in
fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows
attackers to cause a denial of service (memory corruption or
system crash) via an hfsplus filesystem image with an invalid
catalog namelength field, related to the hfsplus_cat_build_key_uni
function. (CVE-2008-4933)
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the
Linux kernel before 2.6.28-rc1 does not check a certain return value
from the read_mapping_page function before calling kmap, which allows
attackers to cause a denial of service (system crash) via a crafted
hfsplus filesystem image. (CVE-2008-4934)
The __scm_destroy function in net/core/scm.c in the Linux kernel
2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to
itself through calls to the fput function, which allows local users
to cause a denial of service (panic) via vectors related to sending
an SCM_RIGHTS message through a UNIX domain socket and closing file
descriptors. (CVE-2008-5029)
Additionaly, support for a broadcom bluetooth dongle was added to btusb
driver, an eeepc shutdown hang caused by snd-hda-intel was fixed,
a Realtek auto-mute bug was fixed, the pcspkr driver was reenabled,
an acpi brightness setting issue on some laptops was fixed, sata_nv
(NVidia) driver bugs were fixed, horizontal mousewheel scrolling
with Logitech V150 mouse was fixed, and more. Check the changelog
and related bugs for more details.
This kernel also fixes the driver for Intel G45/GM45 video chipsets,
in a way requiring also an updated Xorg driver, which is also being
provided in this update.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4933
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4934
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-5029
https://qa.mandriva.com/44886
https://qa.mandriva.com/44752
https://qa.mandriva.com/45618
https://qa.mandriva.com/44870
https://qa.mandriva.com/45319
https://qa.mandriva.com/44612
https://qa.mandriva.com/44309
https://qa.mandriva.com/44712
_______________________________________________________________________
[ MDVSA-2008:234 ] kernel
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2008:234 ] kernel
Kirjoittaja dude67 » 23 Marras 2008, 20:47
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 39 vierailijaa