kernel: multiple vulnerabilities [LWN.net]

Package(s):

linux-2.6

CVE #(s):

CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849

Created:

August 25, 2009

Updated:

October 8, 2010

Description:

From the Debian advisory:

Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. (CVE-2009-2846)

Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. (CVE-2009-2847)

Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). (CVE-2009-2848)

Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). (CVE-2009-2849)

Alerts:

Mandriva	MDVSA-2010:188	2010-09-23
Mandriva	MDVSA-2010:198	2010-10-07
SuSE	SUSE-SA:2010:012	2010-02-15
Red Hat	RHSA-2009:1455-01	2009-09-29
Red Hat	RHSA-2009:1466-01	2009-09-29
CentOS	CESA-2009:1243	2009-09-15
CentOS	CESA-2009:1438	2009-09-15
Red Hat	RHSA-2009:1438-01	2009-09-15
SuSE	SUSE-SA:2009:056	2009-11-16
Red Hat	RHSA-2009:1540-01	2009-11-03
Red Hat	RHSA-2009:1243-02	2009-09-02
Red Hat	RHSA-2009:1239-02	2009-09-01
Red Hat	RHSA-2009:1239-01	2009-09-01
Fedora	FEDORA-2009-9044	2009-08-27
Debian	DSA-1872-1	2009-08-24
Ubuntu	USN-852-1	2009-10-22
SuSE	SUSE-SA:2009:054	2009-11-11
CentOS	CESA-2009:1455	2009-10-30
Fedora	FEDORA-2009-10639	2009-10-21
CentOS	CESA-2009:1550	2009-11-04
Red Hat	RHSA-2009:1550-01	2009-11-03
Debian	DSA-1928-1	2009-11-05
Fedora	FEDORA-2009-10165	2009-10-03

(Log in to post comments)