logo
DATABASE RESOURCES PRICING ABOUT US

linux-2.6 - several vulnerabilities

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: * [CVE-2009-0029](https://security-tracker.debian.org/tracker/CVE-2009-0029) Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. * [CVE-2009-0031](https://security-tracker.debian.org/tracker/CVE-2009-0031) Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. * [CVE-2009-0065](https://security-tracker.debian.org/tracker/CVE-2009-0065) Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. * [CVE-2009-0269](https://security-tracker.debian.org/tracker/CVE-2009-0269) Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). * [CVE-2009-0322](https://security-tracker.debian.org/tracker/CVE-2009-0322) Pavel Roskin provided a fix for an issue in the dell\_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. * [CVE-2009-0676](https://security-tracker.debian.org/tracker/CVE-2009-0676) Clement LECIGNE discovered a bug in the sock\_getsockopt function that may result in leaking sensitive kernel memory. * [CVE-2009-0675](https://security-tracker.debian.org/tracker/CVE-2009-0675) Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. * [CVE-2009-0745](https://security-tracker.debian.org/tracker/CVE-2009-0745) Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. * [CVE-2009-0746](https://security-tracker.debian.org/tracker/CVE-2009-0746) Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. * [CVE-2009-0747](https://security-tracker.debian.org/tracker/CVE-2009-0747) David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. * [CVE-2009-0748](https://security-tracker.debian.org/tracker/CVE-2009-0748) David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-13lenny2. We recommend that you upgrade your linux-2.6 packages.


Affected Software


CPE Name Name Version
linux-2.6 2.6.26-13
linux-2.6 2.6.26-13lenny2~bpo40+1

Related