Please Install the Updated Packages.

A vulnerability was discovered and corrected in the Linux 2.6 kernel: The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. (CVE-2010-3858) drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. (CVE-2010-2963) Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. (CVE-2010-3067) Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. (CVE-2010-3442) A kernel stack overflow, a bad pointer dereference and a missing permission check were corrected in the econet implementation (CVE-2010-3848) (CVE-2010-3849) (CVE-2010-3850). Additionally, the kernel has been updated to the stable upstream version 2.6.27.56. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate

kernel on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64