Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2010:214

Package name: kernel
Date: 2010-10-29
Advisory ID: MDVSA-2010:214
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A vulnerability was discovered and corrected in the Linux 2.6 kernel:

A vulnerability in Linux kernel caused by insecure allocation of user
space memory when translating system call inputs to 64-bit. A stack
pointer underflow can occur when using the compat_alloc_user_space
method with an arbitrary length input. (CVE-2010-3081)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Updated packages

CS4.0 x86_64

 c471d4337b179919823bc63588a27e47  corporate/4.0/x86_64/kernel-2.6.12.42mdk-1-1mdk.x86_64.rpm
 0bef4a498595c2df1d6d8c5d5be6f0c2  corporate/4.0/x86_64/kernel-BOOT-2.6.12.42mdk-1-1mdk.x86_64.rpm
 582eae8d7a9d12fbf85d3c2a08ff9824  corporate/4.0/x86_64/kernel-doc-2.6.12.42mdk-1-1mdk.x86_64.rpm
 d76674127a48f49db5647c9b007872f8  corporate/4.0/x86_64/kernel-smp-2.6.12.42mdk-1-1mdk.x86_64.rpm
 36d9743d4ff644c74a33b9cee2adec05  corporate/4.0/x86_64/kernel-source-2.6.12.42mdk-1-1mdk.x86_64.rpm
 6d077ef61b3438888da3ec9f901e3ad8  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.42mdk-1-1mdk.x86_64.rpm
 ad64ebbf54fa5ecf30e1da88eaacf540  corporate/4.0/x86_64/kernel-xen0-2.6.12.42mdk-1-1mdk.x86_64.rpm
 1311e12d6c8ab1d93a6eb9623cd11aea  corporate/4.0/x86_64/kernel-xenU-2.6.12.42mdk-1-1mdk.x86_64.rpm 
 0c316f3efcbaff64fea607cdc9e0a085  corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm

CS4.0 i586

 fabca395b39b6ed6d458799eb412572e  corporate/4.0/i586/kernel-2.6.12.42mdk-1-1mdk.i586.rpm
 3077f89b0ee23364826844a7d9a83dcb  corporate/4.0/i586/kernel-BOOT-2.6.12.42mdk-1-1mdk.i586.rpm
 c3e963bcd59b676adf367224c8580998  corporate/4.0/i586/kernel-doc-2.6.12.42mdk-1-1mdk.i586.rpm
 3fda402572a9ca2a6f3a2cce8a927ef5  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.42mdk-1-1mdk.i586.rpm
 74671054d68dd70b88042554a09dc70e  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.42mdk-1-1mdk.i586.rpm
 e5fbee70a2318efbae909957653f0d21  corporate/4.0/i586/kernel-smp-2.6.12.42mdk-1-1mdk.i586.rpm
 aaf581038c6cebb9d748d4503ce37af7  corporate/4.0/i586/kernel-source-2.6.12.42mdk-1-1mdk.i586.rpm
 c694977b8e08fa592ce384a4f4a77eff  corporate/4.0/i586/kernel-source-stripped-2.6.12.42mdk-1-1mdk.i586.rpm
 52d63e629865ff6501d0c766c234f1ad  corporate/4.0/i586/kernel-xbox-2.6.12.42mdk-1-1mdk.i586.rpm
 a5a3649d10977f5c637043ac1efdb144  corporate/4.0/i586/kernel-xen0-2.6.12.42mdk-1-1mdk.i586.rpm
 a2f59640dbaa4d566ad41eb6512c4e63  corporate/4.0/i586/kernel-xenU-2.6.12.42mdk-1-1mdk.i586.rpm 
 0c316f3efcbaff64fea607cdc9e0a085  corporate/4.0/SRPMS/kernel-2.6.12.42mdk-1-1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081