Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Debian 5.0: DSA-2095-1 Critical Denial of Service and Escalation Issues

debian
Calendar Grey August 20, 2010
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointer dereference)

Summary


Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-4895

Kyle Bader reported an issue in the tty subsystem that allows local
users to create a denial of service (NULL pointer dereference).

CVE-2010-2226

Dan Rosenberg reported an issue in the xfs filesystem that allows local
users to copy and read a file owned by another user, for which they
only have write permissions, due to a lack of permission checking in the
XFS_SWAPEXT ioctl.

CVE-2010-2240

Rafal Wojtczuk reported an issue that allows users to obtain escalated
privileges. Users must already have sufficient privileges to execute or
connect clients to an Xorg server.

CVE-2010-2248

Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious
file server can set an incorrect "CountHigh" value, resulting in a
d...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: linux-2.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.