December 4, 2009

Ubuntu Security Notice 864-1: Linux kernel vulnerabilities

Article Source Ubuntu Security Notices
December 4, 2009, 6:44 pm

It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-2909)

Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. A local attacker could run a specially crafted binary to read register values from an earlier process, leading to a loss of privacy. (CVE-2009-2910)...

Read More

Click Here!