SUSE CVE-2009-4141

Use-after-free vulnerability in the fasynchelper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling OASYNC aka FASYNC or FIOASYNC on a locked file, and then closing this file...

Oracle Linux 5 : kernel (ELSA-2010-0046)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0046 advisory. - firewire ohci: handle receive packets with zero data Jay Fenlason 547241 547242 CVE-2009-4138 - fs respect flag in docoredump Danny Feng 544188 54418...

Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)

Kernel security update for Fedora 11: CVE-2009-4141 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0307 Bugs: 559100 kernel: tty-pgrp races 521265 oops in VIA padlock driver Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates

a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286,...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Fedora Update for kernel FEDORA-2010-1500

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for kernel FEDORA-2010-1804

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 5 : kernel (CESA-2010:0046)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

CVE-2009-4141

CVE-2009-4141 is a local-privilege escalation in the Linux kernel (fs/fcntl.c: fasync_helper) where enabling O_ASYNC on a locked file and closing it can grant privileges. Affected: Linux kernel before 2.6.33-rc4-git1. Root cause: use-after-free in fasync_helper. Mitigation: apply the upstream pat...

Linux Kernel 'fasync_helper()'本地特权提升漏洞

Bugraq ID: 37806 CVE ID：CVE-2009-4141 Linux是一款开放源代码的操作系统。 Linux内核处理锁定fasync文件描述符存在安全漏洞，允许攻击者以内核特权执行任意代码或使系统崩溃。 根据Linus分析，“问题是相同文件描述符可在多个fasync列表上，它可以在特定fasync列表上存在一次，但是文件锁定比较特殊，会使用 'fl-flfasync'列表无视在什么底层设备驱动或其他的情况下增加任意文件到它所属的fasync列表中。" 这个问题是因为它不正确假定某个文件只能在一个fasync列表中，所以fasynchelper会清除FASYNC标记。...