| |||||||||||||||||||
Pardus alert 2010-48 (kernel)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-48 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-04-09 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability and a security issue have been fixed, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. Description =========== CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0623: The futex_lock_pi function in kernel/futex.c in the Linux kernel does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. Affected packages: Pardus 2008: kernel, all before 2.6.25.20-114-58 Resolution ========== There are update(s) for kernel. You can update them via Package Manager or with a single command from console: pisi up kernel References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12311 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0623 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||