Package name
Advisory ID
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The snd_seq_oss_synth_make_info function in
sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
kernel before 2.6.27-rc2 does not verify that the device number is
within the range defined by max_synthdev before returning certain
data to the caller, which allows local users to obtain sensitive
information. (CVE-2008-3272)

Unspecified vulnerability in the 32-bit and 64-bit emulation in the
Linux kernel 2.6.9, 2.6.18, and probably other versions allows local
users to read uninitialized memory via unknown vectors involving a
crafted binary. (CVE-2008-0598)

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c
in the vfs implementation in the Linux kernel before does
not prevent creation of a child dentry for a deleted (aka S_DEAD)
directory, which allows local users to cause a denial of service
(overflow of the UBIFS orphan area) via a series of attempted file
creations within deleted directories. (CVE-2008-3275)

Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3525)

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23
does not properly zero out the dio struct, which allows local users
to cause a denial of service (OOPS), as demonstrated by a certain
fio test. (CVE-2007-6716)

fs/open.c in the Linux kernel before 2.6.22 does not properly strip
setuid and setgid bits when there is a write to a file, which allows
local users to gain the privileges of a different group, and obtain
sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped
I/O. (CVE-2008-4210)

Additionaly, support for Intel's ICH9 controller was added, and 'tg3'
driver was updated to version 3.71b.

To update your kernel, please follow the directions located at:


Support for Intel's ICH9 controller and the updated 'tg3' driver were
actually missing in the previous update, this new update adds them.

Updated packages

CS4.0 x86_64

 7dd636f428eded3fce2b8bfc438e6a89  corporate/4.0/x86_64/kernel-
 fd0efcb2081d6a71c0d5109ec916a5e0  corporate/4.0/x86_64/kernel-BOOT-
 13ca275d306ed326dba2ff4e967954a3  corporate/4.0/x86_64/kernel-doc-
 74940a6c8b0893c5ced16132549bc7ce  corporate/4.0/x86_64/kernel-smp-
 5a5a541271c4bb7157b6549fdcfa43b9  corporate/4.0/x86_64/kernel-source-
 a2965a018d7cd48727392f15f7c0cc08  corporate/4.0/x86_64/kernel-source-stripped-
 8d7bc5b6c3112988d61da7db64d90e89  corporate/4.0/x86_64/kernel-xen0-
 f7f26d7e6126baf67c53a3476de6da74  corporate/4.0/x86_64/kernel-xenU- 
 a4405a0b20aa4c12bb2ca70f801708b8  corporate/4.0/SRPMS/kernel-

CS4.0 i586

 9f8ef0b687cf2a757be8956e4d546bb4  corporate/4.0/i586/kernel-
 6a187165a2d24afd3cc036496c2fce16  corporate/4.0/i586/kernel-BOOT-
 ccc98a0f3dae3455640b06a84a1e8aa1  corporate/4.0/i586/kernel-doc-
 aedad3957e3db5ba959ccb384ededc31  corporate/4.0/i586/kernel-i586-up-1GB-
 4237b7a724f2e1e4a31b6d4b2bfa3040  corporate/4.0/i586/kernel-i686-up-4GB-
 0a5113e41447386fb793cc5c01f503aa  corporate/4.0/i586/kernel-smp-
 65a067bc2fc12a1c67d0537b6b0385f9  corporate/4.0/i586/kernel-source-
 bceea0d3d936700b34102e632c49725c  corporate/4.0/i586/kernel-source-stripped-
 027fa12058aa65462a8d2d25ead0d486  corporate/4.0/i586/kernel-xbox-
 ca2b5dffac21b0ec374b8e516f39293b  corporate/4.0/i586/kernel-xen0-
 cdcf076659a64f3aaf34f9e58c106b4c  corporate/4.0/i586/kernel-xenU- 
 a4405a0b20aa4c12bb2ca70f801708b8  corporate/4.0/SRPMS/kernel-