LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2010-63 (kernel kernel-pae)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-63] Kernel: Multiple Vulnerabilities 


Date:
    	      Tue, 18 May 2010 10:10:58 +0300 (EEST)


Message-ID:
    	      <20100518071058.567EEA7ABB0@lider.pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-63            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-05-18
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in kernel. 


Description
===========

CVE-2010-1083: 

The processcompl_compat function in drivers/usb/core/devio.c  in  Linux 
kernel 2.6.x through 2.6.32, and possibly other versions, does not clear
the transfer buffer before returning to userspace when  a  USB  command 
fails, which might make it easier for physically proximate attackers to 
obtain sensitive information (kernel memory). 



CVE-2010-1084: 

Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows 
remote attackers to cause a denial of service (memory corruption) via a 
large number of Bluetooth sockets, related to the size of sysfs files in
(1)   net/bluetooth/l2cap.c, (2)   net/bluetooth/rfcomm/core.c,   (3)   
net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. 



CVE-2010-1087: 

The nfs_wait_on_request function in fs/nfs/pagelist.c in  Linux  kernel 
2.6.x through 2.6.33-rc5 allows attackers to cause a denial of  service 
(Oops) via unknown vectors related to truncating a file and an operation
that is not interruptible. 



CVE-2010-1146: 

The Linux kernel 2.6.33.2  and  earlier,  when  a  ReiserFS  filesystem 
exists, does not restrict read or write access  to  the  .reiserfs_priv 
directory, which allows local users to gain privileges by modifying (1) 
extended attributes or (2) ACLs, as demonstrated  by  deleting  a  file 
under .reiserfs_priv/xattrs/. 


Affected packages:

  Pardus 2009:
    kernel, all before 2.6.31.13-131-44
    kernel-pae, all before 2.6.31.13-131-25



Resolution
==========

There are update(s) for kernel, kernel-pae. You  can  update  them  via 
Package Manager or with a single command from console: 

    pisi up kernel kernel-pae

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=12620
  * http://bugs.pardus.org.tr/show_bug.cgi?id=12624
  * http://bugs.pardus.org.tr/show_bug.cgi?id=12632
  * http://bugs.pardus.org.tr/show_bug.cgi?id=12641

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds