[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PBwOg-0002nK-Bg@titan.mandriva.com>
Date: Fri, 29 Oct 2010 23:22:02 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:214 ] kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:214
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : October 29, 2010
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
A vulnerability in Linux kernel caused by insecure allocation of user
space memory when translating system call inputs to 64-bit. A stack
pointer underflow can occur when using the compat_alloc_user_space
method with an arbitrary length input. (CVE-2010-3081)
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081
https://qa.mandriva.com/61447
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
fabca395b39b6ed6d458799eb412572e corporate/4.0/i586/kernel-2.6.12.42mdk-1-1mdk.i586.rpm
3077f89b0ee23364826844a7d9a83dcb corporate/4.0/i586/kernel-BOOT-2.6.12.42mdk-1-1mdk.i586.rpm
c3e963bcd59b676adf367224c8580998 corporate/4.0/i586/kernel-doc-2.6.12.42mdk-1-1mdk.i586.rpm
3fda402572a9ca2a6f3a2cce8a927ef5 corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.42mdk-1-1mdk.i586.rpm
74671054d68dd70b88042554a09dc70e corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.42mdk-1-1mdk.i586.rpm
e5fbee70a2318efbae909957653f0d21 corporate/4.0/i586/kernel-smp-2.6.12.42mdk-1-1mdk.i586.rpm
aaf581038c6cebb9d748d4503ce37af7 corporate/4.0/i586/kernel-source-2.6.12.42mdk-1-1mdk.i586.rpm
c694977b8e08fa592ce384a4f4a77eff corporate/4.0/i586/kernel-source-stripped-2.6.12.42mdk-1-1mdk.i586.rpm
52d63e629865ff6501d0c766c234f1ad corporate/4.0/i586/kernel-xbox-2.6.12.42mdk-1-1mdk.i586.rpm
a5a3649d10977f5c637043ac1efdb144 corporate/4.0/i586/kernel-xen0-2.6.12.42mdk-1-1mdk.i586.rpm
a2f59640dbaa4d566ad41eb6512c4e63 corporate/4.0/i586/kernel-xenU-2.6.12.42mdk-1-1mdk.i586.rpm
0c316f3efcbaff64fea607cdc9e0a085 corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm
Corporate 4.0/X86_64:
c471d4337b179919823bc63588a27e47 corporate/4.0/x86_64/kernel-2.6.12.42mdk-1-1mdk.x86_64.rpm
0bef4a498595c2df1d6d8c5d5be6f0c2 corporate/4.0/x86_64/kernel-BOOT-2.6.12.42mdk-1-1mdk.x86_64.rpm
582eae8d7a9d12fbf85d3c2a08ff9824 corporate/4.0/x86_64/kernel-doc-2.6.12.42mdk-1-1mdk.x86_64.rpm
d76674127a48f49db5647c9b007872f8 corporate/4.0/x86_64/kernel-smp-2.6.12.42mdk-1-1mdk.x86_64.rpm
36d9743d4ff644c74a33b9cee2adec05 corporate/4.0/x86_64/kernel-source-2.6.12.42mdk-1-1mdk.x86_64.rpm
6d077ef61b3438888da3ec9f901e3ad8 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.42mdk-1-1mdk.x86_64.rpm
ad64ebbf54fa5ecf30e1da88eaacf540 corporate/4.0/x86_64/kernel-xen0-2.6.12.42mdk-1-1mdk.x86_64.rpm
1311e12d6c8ab1d93a6eb9623cd11aea corporate/4.0/x86_64/kernel-xenU-2.6.12.42mdk-1-1mdk.x86_64.rpm
0c316f3efcbaff64fea607cdc9e0a085 corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMyw/EmqjQ0CJFipgRAomrAJ0bZKR+DXaG5gd78VowqmVVdtp07ACfaoFQ
v6b4gKMa6SKoMRovnQ3bI+k=
=ENEg
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists