LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2010-112 (kernel kernel-pae)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-112] Kernel: Multiple Vulnerabilities 


Date:
    	      Thu, 12 Aug 2010 23:05:44 +0300 (EEST)


Message-ID:
    	      <20100812200544.832F5A7AC43@lider.pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-112           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-12
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in kernel 


Description
===========

CVE-2010-2226: 

A flaw was found in the handling of the  SWAPEXT  IOCTL  in  the  Linux 
kernel XFS file system implementation. A local user could use this flaw 
to read write-only files, that they do not own, on an XFS file  system. 
This could lead to unintended information disclosure. 



CVE-2010-2248: 

A flaw was found in the CIFSSMBWrite() function  in  the  Linux  kernel 
Common Internet File System (CIFS) implementation.  A  remote  attacker 
could send a specially-crafted SMB response packet  to  a  target  CIFS 
client, resulting in a kernel panic (denial of service) 



CVE-2010-2495: 

A flaw was found in the pppol2tp_xmit() function in  the  Linux  kernel 
l2tp implementation. When transmitting L2TP frames, outgoing interface's
UDP checksum hardware assist capabilities can  be  NULL,  causing  NULL 
pointer dereference. 



CVE-2010-2521: 

A buffer overflow flaws were found in the Linux kernel's implementation 
of the server-side External Data Representation (XDR) for  the  Network 
File System (NFS) version 4. An attacker on the local network could send
a specially-crafted large compound request to the NFSv4  server,  which 
could possibly result  in  a  kernel  panic  (denial  of  service)  or, 
potentially, code execution. 



CVE-2010-2537: 

The  BTRFS_IOC_CLONE and  BTRFS_IOC_CLONE_RANGE  ioctls  should  check  
whether the donor file is append-only before writing to it. 



CVE-2010-2538: 

The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer overflow that
allows a user to specify an out-of-bounds range to copy from the source 
file (if off + len wraps around). 



CVE-2010-2798: 

The problem was in the way the gfs2 directory code was trying to re-use 
sentinel directory entries. A local, unprivileged user on a gfs2 mounted
directory  can trigger  this  issue,  resulting  in  a  NULL   pointer  
dereference. 


Affected packages:

  Pardus 2009:
    kernel, all before 2.6.31.13-131-47
    kernel-pae, all before 2.6.31.13-131-28



Resolution
==========

There are update(s) for kernel, kernel-pae. You  can  update  them  via 
Package Manager or with a single command from console: 

    pisi up kernel kernel-pae

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=13528
  * http://bugs.pardus.org.tr/show_bug.cgi?id=13648
  * http://bugs.pardus.org.tr/show_bug.cgi?id=13750
  * http://bugs.pardus.org.tr/show_bug.cgi?id=13753
  * http://bugs.pardus.org.tr/show_bug.cgi?id=13895
  * http://bugs.pardus.org.tr/show_bug.cgi?id=13903

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds