Debian: DSA-2012-1 Critical: Linux 2.6.26 Privilege Escalation
debian
March 11, 2010
CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets
Summary
Two vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-3725
Philipp Reisner reported an issue in the connector subsystem
which allows unprivileged users to send netlink packets. This
allows local users to manipulate settings for uvesafb devices
which are normally reserved for privileged users.
CVE-2010-0622
Jermome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).
This update also includes fixes for regressions introduced by previous
updates. See the referenced Debian bug pages for details.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-21lenny4.
We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.
The following matrix lists additional sourc...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-2.6
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!