Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 546
Alerts This Week
Warning Icon 1 546

Debian: DSA-2012-1 Critical: Linux 2.6.26 Privilege Escalation

debian
Calendar Grey March 11, 2010
Scroller Debian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets

Summary


Two vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-3725

Philipp Reisner reported an issue in the connector subsystem
which allows unprivileged users to send netlink packets. This
allows local users to manipulate settings for uvesafb devices
which are normally reserved for privileged users.

CVE-2010-0622

Jermome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).

This update also includes fixes for regressions introduced by previous
updates. See the referenced Debian bug pages for details.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-21lenny4.

We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.

The following matrix lists additional sourc...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: linux-2.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.