PACKAGE : kernel
SUMMARY : Fixes for kernel vulnerabilities
DATE : 2004-06-22 10:12:00
ID : CLA-2004:845
RELEVANT RELEASES : 8, 9
The Linux kernel is responsible for handling the basic functions of
the GNU/Linux operating system.
This announcement fixes the following vulnerabilities:
1. Local denial of service vulnerability (CAN-2004-0554)
Stian Skjelstad found a vulnerability in the fpu
controller code that can be used by local attackers to cause a
denial of service (DoS) on the system.
2. Local memory disclosure vulnerability (CAN-2004-0535)
Chris Wright found a vulnerability in the Intel(R) PRO/1000
ethernet card driver that could allow a local attacker to read some
bytes of kernel memory.
3. Sparse vulnerabilities (CAN-2004-0495)
Al Viro, by using Sparse (a code inspection tool), found
several vulnerabilities which, in the worst case, might allow local
attackers to obtain root privileges.
It is recommended that all Conectiva Linux users upgrade the kernel
IMPORTANT: exercise caution and preparation when upgrading the
kernel, since it will require a reboot after the new packages are
installed. In particular, Conectiva Linux 9 will most likely
require an initrd file (which is automatically created in the /boot
directory after the new packages are installed). Generic kernel
update instructions can be obtained in the manuals and in our
updates page. More detailed instructions are also available in
Portuguese at our Moin page.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.