Mandriva Linux Security Advisory : kernel (MDVSA-2010:172)
High Nessus Plugin ID 49190
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionSome vulnerabilities were discovered and corrected in the Linux 2.6 kernel :
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a cache stuffing issue and MS-DFS referrals. (CVE-2010-2524)
The do_anonymous_page function in mm/memory.c in the Linux kernel before 126.96.36.199, 2.6.32.x before 188.8.131.52, 2.6.34.x before 184.108.40.206, and 2.6.35.x before 220.127.116.11 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. (CVE-2010-2240)
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. (CVE-2010-3015)
To update your kernel, please follow the directions located at :
SolutionUpdate the affected packages.