Debian Linux Security Advisory 2264-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
4651fa67004a9e7d7332ee7abc2daad2af631e68a48c132d8217d95854217ba6Ubuntu Security Notice 1083-1 - Multiple vulnerabilities have been discovered and addressed in the Linux 2.6 kernel. Al Viro discovered a race condition in the TTY driver. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. Suresh Jayaraman discovered that CIFS did not correctly validate certain response packats. Many other issues have also been addressed.
54cb1f4aa7b55d1d5bede6d79988ac926e5fd1c698bb4ab072e98146004d10c9Ubuntu Security Notice 1074-2 - USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 10.04. Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.
4e15776b2f435c92a453d8aac2203f207e854e4b3f906900fe4b4f17ed2e2a0cUbuntu Security Notice 1074-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.
f173020807305076d904d843200bcb5d00acee46687f271c4a2338df4358536bUbuntu Security Notice 1000-1 - Various image updates have been provided. Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. Suresh Jayaraman discovered that CIFS did not correctly validate certain response packets. Various other issues have also been addressed.
6b36ec4068d40a47c3a69616c6e9e4c23c26d91d6ae30534472022bde895c2ccMandriva Linux Security Advisory 2010-172 - Some vulnerabilities were discovered and corrected in the Linux kernel. Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service via unspecified vectors. The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a cache stuffing issue and MS-DFS referrals. The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service via a write operation on the last block of a large file, followed by a sync operation.
0270ee39ecc23658fc44a57fdd5c09faa6452958070bb6def481339131293b2f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed