Mandriva Linux Security Advisory : kernel (MDVSA-2008:246)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

The chip_command function in drivers/media/video/tvaudio.c in the
Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and
2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service
(NULL function pointer dereference and OOPS) via unknown vectors.
(CVE-2008-5033)

Stack-based buffer overflow in the hfs_cat_find_brec function in
fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows
attackers to cause a denial of service (memory corruption or system
crash) via an hfs filesystem image with an invalid catalog namelength
field, a related issue to CVE-2008-4933. (CVE-2008-5025)

Additionally, added enhancements for a newer revision of Nokia models
6300, XpressMusic 5200, 5610 and 7610, the support for the ub USB
module was disabled, added fixes for the Wake On LAN feature of the
r8169 module, added fixes for suspend and resume on the i915 module,
added ALSA fixes for Intel HDA, added workaround for a bug on iwlagn,
added the m5602 driver, fixed a crash on the ppscsi module, added
fixes to the uvcvideo module.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

See also :

https://qa.mandriva.com/41782
https://qa.mandriva.com/44891
https://qa.mandriva.com/44988
https://qa.mandriva.com/45393
https://qa.mandriva.com/45599

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37874 (mandriva_MDVSA-2008-246.nasl)

Bugtraq ID: 32094
32289

CVE ID: CVE-2008-5025
CVE-2008-5033

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now