September 15, 2009

Mandriva Linux Security Advisory 2009:233: kernel

A vulnerability was discovered and corrected in the Linux 2.6 kernel:

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
does not initialize all function pointers for socket operations
in proto_ops structures, which allows local users to trigger a NULL
pointer dereference and gain privileges by using mmap to map page zero,
placing arbitrary code on this page, and then invoking an unavailable
operation, as demonstrated by the sendpage operation on a PF_PPPOX
socket. (CVE-2009-2692)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate...

Read More

Click Here!