Pardus: 2010-112: Kernel: Multiple Vulnerabilities
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in kernel
Pardus Linux Security Advisory 2010-112 
      Date: 2010-08-12
  Severity: 4
      Type: Remote

Multiple vulnerabilities have been fixed in kernel


A flaw was found in the handling of the  SWAPEXT  IOCTL  in  the  Linux
kernel XFS file system implementation. A local user could use this flaw
to read write-only files, that they do not own, on an XFS file  system.
This could lead to unintended information disclosure.


A flaw was found in the CIFSSMBWrite() function  in  the  Linux  kernel
Common Internet File System (CIFS) implementation.  A  remote  attacker
could send a specially-crafted SMB response packet  to  a  target  CIFS
client, resulting in a kernel panic (denial of service)


A flaw was found in the pppol2tp_xmit() function in  the  Linux  kernel
l2tp implementation. When transmitting L2TP frames, outgoing interface's
UDP checksum hardware assist capabilities can  be  NULL,  causing  NULL
pointer dereference.


A buffer overflow flaws were found in the Linux kernel's implementation
of the server-side External Data Representation (XDR) for  the  Network
File System (NFS) version 4. An attacker on the local network could send
a specially-crafted large compound request to the NFSv4  server,  which
could possibly result  in  a  kernel  panic  (denial  of  service)  or,
potentially, code execution.


The  BTRFS_IOC_CLONE and  BTRFS_IOC_CLONE_RANGE  ioctls  should  check
whether the donor file is append-only before writing to it.


The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer overflow that
allows a user to specify an out-of-bounds range to copy from the source
file (if off + len wraps around).


The problem was in the way the gfs2 directory code was trying to re-use
sentinel directory entries. A local, unprivileged user on a gfs2 mounted
directory  can trigger  this  issue,  resulting  in  a  NULL   pointer

Affected packages:

  Pardus 2009:
    kernel, all before
    kernel-pae, all before

There are update(s) for kernel, kernel-pae. You  can  update  them  via
Package Manager or with a single command from console:

    pisi up kernel kernel-pae