[ MDVSA-2009:032 ] kernel

[dude67]

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
and earlier allows local users to cause a denial of service (kernel
infinite loop) by making two calls to svc_listen for the same socket,
and then reading a /proc/net/atm/*vc file, related to corruption of
the vcc table. (CVE-2008-5079)

Linux kernel 2.6.28 allows local users to cause a denial of service
(soft lockup and process loss) via a large number of sendmsg function
calls, which does not block during AF_UNIX garbage collection
and triggers an OOM condition, a different vulnerability than
CVE-2008-5029. (CVE-2008-5300)

Additionaly, wireless and hotkeys support for Asus EEE were fixed,
systems with HDA sound needing MSI support were added to the quirks
list to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA
support was enhanced and fixed, support for HDA sound on Acer Aspire
8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS
filesystem should now work with Kerberos, and a few more things. Check
the package changelog for details.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-5300
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-5079
https://qa.mandriva.com/43332
https://qa.mandriva.com/44855
https://qa.mandriva.com/45838
https://qa.mandriva.com/46164
https://qa.mandriva.com/44988
https://qa.mandriva.com/45136
_______________________________________________________________________