Linux 2.6.26: Fix Privilege Escalation, Denial of Service, Information Leak Vulnerabilities

Users of Linux 2.6.26 please be advised of a privilege escalation, denial of service, information leak vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

DSA 2126-1: [DSA 2126-1] New Linux 2.6.26 packages fix several issues
Package : linux-2.6

Vulnerability : privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead

to a privilege escalation, denial of service or information leak. The Common

Vulnerabilities and Exposures project identifies the following problems:

CVE-2010-2963

Kees Cook discovered an issue in the v4l 32-bit compatibility layer for

64-bit systems that allows local users with /dev/video write permission to

overwrite arbitrary kernel memory, potentially leading to a privilege

escalation. On Debian systems, access to /dev/video devices is restricted to

members of the ‘video’ group by default.

CVE-2010-3067

Tavis Ormandy discovered an issue in the io_submit system call. Local users

can cause an integer overflow resulting in a denial of service.

Read more at http://www.criticalwatch.com

 

Advertisements