|
|
Subscribe / Log in / New account

Pardus alert 2010-36 (module-alsa-driver module-pae-alsa-driver)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-36] Alsa: Denial of Service 


Date:
    	      Thu, 25 Feb 2010 06:47:55 +0200 (EET)


Message-ID:
    	      <20100225044755.B9721A7AB4C@lider.pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-36            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-02-25
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in Kernel, which  can  be  exploited  by 
malicious  people to  crash  kernel  due  to   divide   by   zero   in  
azx_position_ok 


Description
===========

Using mp3blaster-3.2.5 (latest version) to play MP3 audio, the reporter 
was able to crash the kernel by stopping and restarting playback  using 
the "5" key 

repeatedly. This happens as a normal user, not  only  as  root.  Kernel 
backtrace points to azx_position_ok() dividing by zero, so he  wrote  a 
tiny patch to 

investigate  which reported   via   printk()   values   of   pos   and  
azx_dev->period_bytes; on crash, both were 0. The  offending  operation 
does: if (pos % azx_dev->period_bytes > azx_dev->period_bytes / 2) which
obviously is the source of the crash. 


Affected packages:

  Pardus 2009:
    module-alsa-driver, all before 1.0.22_20100222-57-33
    module-pae-alsa-driver, all before 1.0.22_20100222-57-15



Resolution
==========

There are update(s) for module-alsa-driver, module-pae-alsa-driver. You 
can update them via Package Manager  or  with  a  single  command  from 
console: 

    pisi up module-alsa-driver module-pae-alsa-driver

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=12341
  * https://bugzilla.redhat.com/show_bug.cgi?id=567168
  * http://lkml.org/lkml/2010/2/6/40

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds