kernel security and bug fix update

2.6.9-78.0.17.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon wit...

CVE-2009-0746

The CVE-2009-0746 entry concerns the Linux kernel ext4 code: make_indexed_dir in fs/ext4/namei.c fails to validate a rec_len field, allowing a local attacker to trigger a denial of service (OOPS) by mounting a crafted ext4 filesystem. Affected is kernel 2.6.27 up to 2.6.27.19 and 2.6.28 up to 2.6...

CVE-2009-0748

CVE-2009-0748 affects the Linux kernel: ext4_fill_super in fs/ext4/super.c fails to validate the superblock configuration, enabling a local attacker to trigger a NULL pointer dereference/OOPS when mounting a crafted ext4 filesystem. Impact is local denial of service. Affected ranges: Linux kernel...

CVE-2009-0745

CVE-2009-0745 concerns the Linux kernel ext4 resize path. The ext4_group_add function in fs/ext4/resize.c fails to properly initialize the group descriptor during a resize (resize2fs), which can allow a local attacker to trigger a denial of service (OOPS) by manipulating crafted values in memory....

Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure

/ cve-2008-4113.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113 The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the...

kernel security and bug fix update

2.6.9-78.0.8.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with...

Null pointer dereference

The chipcommand function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service NULL function pointer dereference and OOPS via unknown vectors...

CVE-2008-5033

The chipcommand function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service NULL function pointer dereference and OOPS via unknown vectors...

Fedora 8 : bluez-libs-3.35-1.fc8 / bluez-utils-3.35-3.fc8 (2008-6140)

The remote Fedora host is missing one or more security updates : bluez-utils-3.35-3.fc8 : - Thu Jul 10 2008 - Will Woods - 3.35-3 - Re-add hid2hci - Fri Jul 4 2008 - Bastien Nocera - 3.35-2 - Re-add hidd - Thu Jul 3 2008 - Bastien Nocera - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocer...

Code injection

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

CVE-2008-4576

CVE-2008-4576 affects the Linux kernel SCTP implementation prior to 2.6.25.18. A remote attacker can trigger a denial of service by sending an INIT-ACK that states the peer does not support AUTH, causing sctp_process_init to clean up active transports and, when the T1-Init timer expires, to trigg...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Gentoo Security Advisory GLSA 200505-02 (oops)

The remote host is missing updates announced in advisory GLSA 200505-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Design/Logic Flaw

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service OOPS, as demonstrated by a certain fio test...

CVE-2007-6716

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service OOPS, as demonstrated by a certain fio test...

CVE-2007-6716

CVE-2007-6716 affects the Linux kernel before 2.6.23, where in the dio subsystem the file system’s direct-io path (fs/direct-io.c) may fail to zero out the dio struct. This can allow a local user to cause a denial of service (OOPS), as demonstrated by a fio test. The connected documents confirm t...

FreeBSD Ports: oops

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: oops

The remote host is missing an update to the system as announced in the referenced advisory. VID 1033750f-cab4-11d9-9aed-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

kernel security and bug fix update

2.6.9-67.0.22.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon wit...

Race condition

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux RHEL 4, allows local users to cause a denial of service oops via a long series of PTRACEATTACH ptrace calls to another user's process that trigger a conflict between...