From Secunia:
http://secunia.com/advisories/41650/
Description
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
The vulnerability is caused due to an integer overflow error when allocating memory within the "snd_ctl_new()" function in sound/core/control.c, which can be exploited to cause a heap-based buffer overflow.
Criticality: Less Critical
OSG Recommendation:
If you think your systems may have this vulnerability you can consider removing or limiting access to the sound (or audio) subsystem.
Wednesday, September 29, 2010
Wednesday, September 22, 2010
Kernel updates for CVE-2010-3081
The OSG security team announced last week an important kernel vulnerabilitythat affected 64 bit systems (announcement OSG-SEC-2010-09-16). Most of the vendors have now come out with patched kernels and the OSG security team is encouraging all sites to update any kernels that are currently affected.
Here are the links or instructions to the patched kernels for the following OS versions:
RedHat
https://rhn.redhat.com/errata/RHSA-2010-0704.html
Fedora
https://admin.fedoraproject.org/updates/search/CVE-2010-3081
Scientific Linux
Dear SLC5 x86_64 (64 bit) platform users.
We have released in production a new SLC5 kernel addressing the locally exploitable security issue CVE-2010-3081. This kernel 2.6.18-194.11.4.el5 superseeds the "hotfix" kernel 2.6.18-194.11.3.el5.cve20103081 released last Thursday.
In order to protect your system please apply urgently following update by running as root:
# yum install kernel
and if your system is an Xen virtual machine or hypervisor also run:
# yum install kernel-xen
and reboot your system for the update to take effect.
Ubuntu
https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-September/001159.html
SUSE
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Here are the links or instructions to the patched kernels for the following OS versions:
RedHat
https://rhn.redhat.com/errata/RHSA-2010-0704.html
Fedora
https://admin.fedoraproject.org/updates/search/CVE-2010-3081
Scientific Linux
Dear SLC5 x86_64 (64 bit) platform users.
We have released in production a new SLC5 kernel addressing the locally exploitable security issue CVE-2010-3081. This kernel 2.6.18-194.11.4.el5 superseeds the "hotfix" kernel 2.6.18-194.11.3.el5.cve20103081 released last Thursday.
In order to protect your system please apply urgently following update by running as root:
# yum install kernel
and if your system is an Xen virtual machine or hypervisor also run:
# yum install kernel-xen
and reboot your system for the update to take effect.
Ubuntu
https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-September/001159.html
SUSE
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Subscribe to:
Posts (Atom)