kernel: several vulnerabilities [LWN.net]

Package(s):

linux-2.6

CVE #(s):

CVE-2008-1514 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302

Created:

October 14, 2008

Updated:

January 8, 2009

Description:

From the Debian advisory:

Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. (CVE-2008-1514)

The S_ISUID/S_ISGID bits were not being cleared during an inode splice, which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. Mark Fasheh reported this issue. (CVE-2008-3833)

David Watson reported an issue in the open()/creat() system calls which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. (CVE-2008-4210)

A coding error in the splice subsystem allows local users to attempt to unlock a page structure that has not been locked, resulting in a system crash. (CVE-2008-4302)

Alerts:

Red Hat	RHSA-2008:0787-01	2009-01-05
CentOS	CESA-2008:0973	2008-12-17
Red Hat	RHSA-2008:0973-03	2008-12-16
SuSE	SUSE-SA:2008:057	2008-12-04
SuSE	SUSE-SA:2008:056	2008-12-03
Ubuntu	USN-679-1	2008-11-27
Mandriva	MDVSA-2008:220-1	2008-11-19
CentOS	CESA-2008:0972	2008-11-20
Red Hat	RHSA-2008:0972-01	2008-11-19
SuSE	SUSE-SR:2008:025	2008-11-14
Red Hat	RHSA-2009:0001-01	2009-01-08
CentOS	CESA-2008:0957	2008-11-05
Red Hat	RHSA-2008:0957-02	2008-11-04
Mandriva	MDVSA-2008:220	2008-10-29
SuSE	SUSE-SA:2008:051	2008-10-21
Debian	DSA-1655-1	2008-10-16
Debian	DSA-1653-1	2008-10-13

(Log in to post comments)