Solution
Please Install the Updated Packages.
Insight
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel:
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080)
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005)
Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
Affected
kernel on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64
Severity
Classification
-
CVE CVE-2009-3080, CVE-2009-4005 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities