Entries Related to ‘linux_kernel’

Showing Security Notifications Only
Linux Kernel 7 and prior [Low]
By Security Team on Monday, May 24th, 2010 in Security Notifications

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf….

CVE Identifier: CVE-2010-2027
Vulnerability Type(s):
Severity: Low

Read More »
Related Software Packages:
Linux Kernel 2.6.18 [Medium]
By Security Team on Friday, May 21st, 2010 in Security Notifications

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system….

CVE Identifier: CVE-2010-1436
Vulnerability Type(s):
Severity: Medium

Read More »
Related Software Packages:
Linux Kernel 2.6.32.13 and prior [Low]
By Security Team on Friday, May 21st, 2010 in Security Notifications

arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke….

CVE Identifier: CVE-2010-1446
Vulnerability Type(s):
Severity: Low

Read More »
Related Software Packages:
Get open source software support
Linux Kernel 2.6.12 [High]
By Security Team on Friday, February 26th, 2010 in Security Notifications

The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function….

CVE Identifier: CVE-2005-4886
Vulnerability Type(s):
Severity: High

Read More »
Related Software Packages:
Linux Kernel 2.6.12 and prior [High]
By Security Team on Friday, February 26th, 2010 in Security Notifications

The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function….

CVE Identifier: CVE-2005-4886
Vulnerability Type(s):
Severity: High

Read More »
Related Software Packages:
Linux Kernel 2.6.12 and prior [High]
By Security Team on Friday, February 26th, 2010 in Security Notifications

The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function….

CVE Identifier: CVE-2005-4886
Vulnerability Type(s):
Severity: High

Read More »
Related Software Packages:

Open Source Help & Resources

Get support for open source software with commercial-grade SLAs »Get a demo of OpenLogic Exchange (OLEX), a SaaS solution for enterprise open source governance »Register for a demo of the OSS Deep Discovery source code scanning tool »
Linux Kernel 2.6.18 [Medium]
By Security Team on Tuesday, September 22nd, 2009 in Security Notifications

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails…

CVE Identifier: CVE-2009-3286
Vulnerability Type(s):
Severity: Medium

Read More »
Related Software Packages:
Linux Kernel 2.6.31-rc10 and prior [Medium]
By Security Team on Tuesday, September 22nd, 2009 in Security Notifications

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD…

CVE Identifier: CVE-2009-3288
Vulnerability Type(s):
Severity: Medium

Read More »
Related Software Packages:
Linux Kernel 2.6.30 [High]
By Security Team on Tuesday, September 22nd, 2009 in Security Notifications

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified “random addresses.”…

CVE Identifier: CVE-2009-3290
Vulnerability Type(s):
Severity: High

Read More »
Related Software Packages:
Linux Kernel 2.6.18 [Medium]
By Security Team on Tuesday, September 22nd, 2009 in Security Notifications

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails….

CVE Identifier: CVE-2009-3286
Vulnerability Type(s):
Severity: Medium

Read More »
Related Software Packages:

Next Page »
© 2010 OpenLogic, Inc. | Licensing | Privacy Policy | Terms of Use