lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PBwOg-0002nK-Bg@titan.mandriva.com>
Date: Fri, 29 Oct 2010 23:22:02 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:214 ] kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:214
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kernel
 Date    : October 29, 2010
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in the Linux 2.6 kernel:
 
 A vulnerability in Linux kernel caused by insecure allocation of user
 space memory when translating system call inputs to 64-bit. A stack
 pointer underflow can occur when using the compat_alloc_user_space
 method with an arbitrary length input. (CVE-2010-3081)
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081
 https://qa.mandriva.com/61447
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 fabca395b39b6ed6d458799eb412572e  corporate/4.0/i586/kernel-2.6.12.42mdk-1-1mdk.i586.rpm
 3077f89b0ee23364826844a7d9a83dcb  corporate/4.0/i586/kernel-BOOT-2.6.12.42mdk-1-1mdk.i586.rpm
 c3e963bcd59b676adf367224c8580998  corporate/4.0/i586/kernel-doc-2.6.12.42mdk-1-1mdk.i586.rpm
 3fda402572a9ca2a6f3a2cce8a927ef5  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.42mdk-1-1mdk.i586.rpm
 74671054d68dd70b88042554a09dc70e  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.42mdk-1-1mdk.i586.rpm
 e5fbee70a2318efbae909957653f0d21  corporate/4.0/i586/kernel-smp-2.6.12.42mdk-1-1mdk.i586.rpm
 aaf581038c6cebb9d748d4503ce37af7  corporate/4.0/i586/kernel-source-2.6.12.42mdk-1-1mdk.i586.rpm
 c694977b8e08fa592ce384a4f4a77eff  corporate/4.0/i586/kernel-source-stripped-2.6.12.42mdk-1-1mdk.i586.rpm
 52d63e629865ff6501d0c766c234f1ad  corporate/4.0/i586/kernel-xbox-2.6.12.42mdk-1-1mdk.i586.rpm
 a5a3649d10977f5c637043ac1efdb144  corporate/4.0/i586/kernel-xen0-2.6.12.42mdk-1-1mdk.i586.rpm
 a2f59640dbaa4d566ad41eb6512c4e63  corporate/4.0/i586/kernel-xenU-2.6.12.42mdk-1-1mdk.i586.rpm 
 0c316f3efcbaff64fea607cdc9e0a085  corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm

 Corporate 4.0/X86_64:
 c471d4337b179919823bc63588a27e47  corporate/4.0/x86_64/kernel-2.6.12.42mdk-1-1mdk.x86_64.rpm
 0bef4a498595c2df1d6d8c5d5be6f0c2  corporate/4.0/x86_64/kernel-BOOT-2.6.12.42mdk-1-1mdk.x86_64.rpm
 582eae8d7a9d12fbf85d3c2a08ff9824  corporate/4.0/x86_64/kernel-doc-2.6.12.42mdk-1-1mdk.x86_64.rpm
 d76674127a48f49db5647c9b007872f8  corporate/4.0/x86_64/kernel-smp-2.6.12.42mdk-1-1mdk.x86_64.rpm
 36d9743d4ff644c74a33b9cee2adec05  corporate/4.0/x86_64/kernel-source-2.6.12.42mdk-1-1mdk.x86_64.rpm
 6d077ef61b3438888da3ec9f901e3ad8  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.42mdk-1-1mdk.x86_64.rpm
 ad64ebbf54fa5ecf30e1da88eaacf540  corporate/4.0/x86_64/kernel-xen0-2.6.12.42mdk-1-1mdk.x86_64.rpm
 1311e12d6c8ab1d93a6eb9623cd11aea  corporate/4.0/x86_64/kernel-xenU-2.6.12.42mdk-1-1mdk.x86_64.rpm 
 0c316f3efcbaff64fea607cdc9e0a085  corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMyw/EmqjQ0CJFipgRAomrAJ0bZKR+DXaG5gd78VowqmVVdtp07ACfaoFQ
v6b4gKMa6SKoMRovnQ3bI+k=
=ENEg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ