[ MDVSA-2009:119 ] kernel

Mandrivan turvallisuustiedotteiden tuoreimmat
Viestiketju on lukittu

[ MDVSA-2009:119 ] kernel

Uusi viestiKirjoittaja dude67 » 23 Touko 2009, 20:42

_______________________________________________________________________

Package : kernel
Date : May 19, 2009
Affected: 2009.1
_______________________________________________________________________

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The exit_notify function in kernel/exit.c in the Linux kernel
before 2.6.30-rc1 does not restrict exit signals when the
CAP_KILL capability is held, which allows local users to send an
arbitrary signal to a process by running a program that modifies the
exit_signal field and then uses an exec system call to launch a setuid
application. (CVE-2009-1337)

The selinux_ip_postroute_iptables_compat function in
security/selinux/hooks.c in the SELinux subsystem in the Linux kernel
before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is
enabled, omits calls to avc_has_perm for the (1) node and (2) port,
which allows local users to bypass intended restrictions on network
traffic. NOTE: this was incorrectly reported as an issue fixed in
2.6.27.21. (CVE-2009-1184)

drivers/char/agp/generic.c in the agp subsystem in the Linux kernel
before 2.6.30-rc3 does not zero out pages that may later be available
to a user-space process, which allows local users to obtain sensitive
information by reading these pages. (CVE-2009-1192)

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux
kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow
remote attackers to obtain sensitive information via a large length
value, which causes garbage memory to be sent. (CVE-2009-1265)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1184
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1192
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1265
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1337
_______________________________________________________________________
Kuva
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien :)
Avatar
dude67
Site Admin
 
Viestit: 2256
Liittynyt: 27 Syys 2007, 16:58
Paikkakunta: Espoo
Ylös
Viestiketju on lukittu

Paluu Mandrivan turvallisuustiedotteet

Paikallaolijat

Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 45 vierailijaa

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Käännös, Lurttinen, www.phpbbsuomi.com
cron