Sicherheit: Mehrere Probleme im Kernel

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1266521599-24326-4765

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:034-2
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : February 18, 2010
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Array index error in the gdth_read_event function in
drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows
local users to cause a denial of service or possibly gain privileges
via a negative event index in an IOCTL request. (CVE-2009-3080)

The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the
Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified
impact via a crafted HDLC packet that arrives over ISDN and triggers
a buffer under-read. (CVE-2009-4005)

Additionally, the Linux kernel was updated to the stable release
2.6.27.45.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Update:

The nvidia173-kernel x86_64 packages was missing with MDVSA-2010:034
for the Enterprise 5 product. This advisory provides the missing
packages.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
https://qa.mandriva.com/55826
https://qa.mandriva.com/55823
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5/X86_64:
0779d5654b351427c470e36ffe5248a4
mes5/x86_64/nvidia173-kernel-2.6.27.45-desktop-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
b22dbcfda9d8239460e9a27483e90067
mes5/x86_64/nvidia173-kernel-2.6.27.45-server-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
090ccae6731eedcc2aeef3bb6db41d3b
mes5/x86_64/nvidia173-kernel-desktop-latest-173.14.12-1.20100218.4mdv2009.0.x86_64.rpm
0029c41881af4e801a4355533bc791ca
mes5/x86_64/nvidia173-kernel-server-latest-173.14.12-1.20100218.4mdv2009.0.x86_64.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLfWpymqjQ0CJFipgRAlYsAKCEtyFrNVeKTfMxYjH0qYklGVFg4QCZAR/F
FO/Lp7rufuMni06a06H0mBY=
=SnjB
-----END PGP SIGNATURE-----

------------=_1266521599-24326-4765
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1266521599-24326-4765--