linux-2.6 - several issues

2010-03-1100:00:00

Google

osv.dev

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Two vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-3725
Philipp Reisner reported an issue in the connector subsystem
which allows unprivileged users to send netlink packets. This
allows local users to manipulate settings for uvesafb devices
which are normally reserved for privileged users.
CVE-2010-0622
Jerome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).

This update also includes fixes for regressions introduced by previous
updates. See the referenced Debian bug pages for details.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-21lenny4.

We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.

The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:

	Debian 5.0 (lenny)
user-mode-linux	2.6.26-1um-2+21lenny4

CPENameOperatorVersion
linux-2.6eq2.6.26-21
linux-2.6eq2.6.26-13
linux-2.6eq2.6.26-17lenny1
linux-2.6eq2.6.26-13lenny2
linux-2.6eq2.6.26-19lenny2
linux-2.6eq2.6.26-21~bpo40+1
linux-2.6eq2.6.26-20~bpo40+1
linux-2.6eq2.6.26-15lenny1
linux-2.6eq2.6.26-13lenny2~bpo40+1
linux-2.6eq2.6.26-17lenny2

Name	Operator	Version
linux-2.6	eq	2.6.26-21
linux-2.6	eq	2.6.26-13
linux-2.6	eq	2.6.26-17lenny1
linux-2.6	eq	2.6.26-13lenny2
linux-2.6	eq	2.6.26-19lenny2
linux-2.6	eq	2.6.26-21~bpo40+1
linux-2.6	eq	2.6.26-20~bpo40+1
linux-2.6	eq	2.6.26-15lenny1
linux-2.6	eq	2.6.26-13lenny2~bpo40+1
linux-2.6	eq	2.6.26-17lenny2