[Frugalware-security] [ FSA-602 ] kernel

Miklos Vajna vmiklos at frugalware.org
Thu May 14 12:48:29 CEST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-602

Date: 2009-05-14
Package: kernel
Vulnerable versions: <= 2.6.28-5
Unaffected versions: >= 2.6.28-6anacreon1
Related bugreport: http://bugs.frugalware.org/task/3767
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1265
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676

Description
===========

1) The exit_notify function in kernel/exit.c does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
2) drivers/char/agp/generic.c in the agp subsystem does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
3) Integer overflow in rose_sendmsg (sys/net/af_rose.c) might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent (DoS from local network).
4) The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
5) The sock_getsockopt function in net/core/sock.c does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request (local privilege escalation).

Updated Packages
================

Check if you have kernel installed:

	# pacman-g2 -Q kernel

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy kernel

Availability
============

The latest revision of this advisory is available at
http://frugalware.org/security/602

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iEYEARECAAYFAkoL9vwACgkQZ7NElSD1Vhl/jwCghIn/z/1expjoriXvbWqr9ckH
aoYAn1Fnvxd27vkyX/tUB4DM4skHvRru
=KpJ3
-----END PGP SIGNATURE-----

More information about the Frugalware-security mailing list