| |||||||||||||||||||
Pardus alert 2010-36 (module-alsa-driver module-pae-alsa-driver)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-36 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-02-25 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in Kernel, which can be exploited by malicious people to crash kernel due to divide by zero in azx_position_ok Description =========== Using mp3blaster-3.2.5 (latest version) to play MP3 audio, the reporter was able to crash the kernel by stopping and restarting playback using the "5" key repeatedly. This happens as a normal user, not only as root. Kernel backtrace points to azx_position_ok() dividing by zero, so he wrote a tiny patch to investigate which reported via printk() values of pos and azx_dev->period_bytes; on crash, both were 0. The offending operation does: if (pos % azx_dev->period_bytes > azx_dev->period_bytes / 2) which obviously is the source of the crash. Affected packages: Pardus 2009: module-alsa-driver, all before 1.0.22_20100222-57-33 module-pae-alsa-driver, all before 1.0.22_20100222-57-15 Resolution ========== There are update(s) for module-alsa-driver, module-pae-alsa-driver. You can update them via Package Manager or with a single command from console: pisi up module-alsa-driver module-pae-alsa-driver References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12341 * https://bugzilla.redhat.com/show_bug.cgi?id=567168 * http://lkml.org/lkml/2010/2/6/40 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||