| Beschreibung: | Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2008:223.
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Buffer overflow in format descriptor parsing in the uvc_parse_format
function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the
video4linux (V4L) implementation in the Linux kernel before 2.6.26.1
has unknown impact and attack vectors. (CVE-2008-3496)
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem in the Linux kernel 2.6.26.3 does not check for the
CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS,
(2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE
ioctl request, which allows local users to bypass intended capability
restrictions. (CVE-2008-3525)
Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3526)
The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not
verify that the identifier index is within the bounds established by
SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive
information via a crafted SCTP_HMAC_IDENT IOCTL request involving
the sctp_getsockopt function, a different vulnerability than
CVE-2008-4113. (CVE-2008-4445)
Additionaly, fixes for sound on NEC Versa S9100 and others were added,
PATA and AHCI support for Intel ICH10 was added, a fix to allow better
disk transfer speeds was made for Hercules EC-900 mini-notebook,
a cyrus-imapd corruption issue in x86_64 arch was solved, RealTek
8169/8168/8101 support was improved, and a few other things. Check
the package changelog for details.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
Affected: 2008.1
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:223
Risk factor : Critical
CVSS Score:
10.0
|
