Please Install the Updated Packages.

A vulnerability was discovered and corrected in the Linux 2.6 kernel: The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. (CVE-2010-3873) The bcm_connect function Broadcast Manager in the Controller Area Network (CAN) implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. (CVE-2010-4565) The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. (CVE-2010-4346) The sk_run_filter function does not check whether a certain memory location has been initialized before executing a BPF_S_LD_MEM or BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. (CVE-2010-4158) Heap-based buffer overflow in the bcm_connect function the Broadcast Manager in the Controller Area Network (CAN)on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. (CVE-2010-3874) The blk_rq_map_user_iov function in block/blk-map.c allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device. (CVE-2010-4163) Multiple integer underflows in the x25_parse_facilities function in allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data. (CVE-2010-4164) Race condition in the do_setlk function allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. (CVE-2009-4307) Multiple integer overflows in fs/bio.c allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. (CVE-2010-4162) Integer overflow in the ext4_ext_get_blocks function in ... Description truncated, for more information please check the Reference URL

kernel on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64