MDVSA-2008:223 -- Mandriva kernelID: oval:org.secpod.oval:def:301573 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a SIOCDEVRESINSTATS, SIOCDEVSHWSTATE, SIOCDEVENSLAVE, or SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. Additionaly, fixes for sound on NEC Versa S9100 and others were added, PATA and AHCI support for Intel ICH10 was added, a fix to allow better disk transfer speeds was made for Hercules EC-900 mini-notebook, a cyrus-imapd corruption issue in x86_64 arch was solved, RealTek 8169/8168/8101 support was improved, and a few other things. Check the package changelog for details
Platform: |
Mandriva Linux 2008.1 |