| Descripción: | Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2008:086.
The isdn_ioctl function in isdn_common.c in the Linux kernel prior to
2.6.23 allows local users to cause a denial of service via a crafted
ioctl struct in which iocts is not null terminated, which trigger a
buffer overflow (CVE-2007-6151).
The do_corefump function in fs/exec.c in the Linux kernel prior to
2.6.24-rc3 did not change the UID of a core dump file if it exists
before a root process creates a core dump in the same location, which
could possibly allow local users to obtain sensitive information
(CVE-2007-6206).
The shmem_getpage function in mm/shmem.c in the Linux kernel versions
2.6.11 through 2.6.23 did not properly clear allocated memory in
certain rare circumstances related to tmps, which could possibly
allow local users to read sensitive kernel data or cause a crash
(CVE-2007-6417).
Additionally, this kernel provides a fix for megaraid_sas and updates
it to version 3.13, updates mptsas to version 3.12.19, and updates
e1000-ng to version 7.6.12, as well as adds igb version 1.0.8.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
Affected: Corporate 4.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:086
Risk factor : High
CVSS Score:
7.2
|
