[linux-source] several local vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Security Team |
Bug Description
Binary package hint: linux-source
References:
DSA-1479-1 (http://
Quoting:
"Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems: [...]
CVE-2007-4571
Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.
Local users could exploit this issue to obtain sensitive information from
the kernel.
CVE-2007-6151
ADLAB discovered a possible memory overrun in the ISDN subsystem that
may permit a local user to overwrite kernel memory leading by issuing
ioctls with unterminated data.
CVE-2008-0001
Bill Roman of Datalight noticed a coding error in the linux VFS subsystem
that, under certain conditions, can allow local users to remove
directories for which they should not have removal privileges."
Hi hk47,
Thank you for the report. I just wanted to give you a quick update. I've spoken with the Ubuntu Security Team and was informed that two of the CVE's are fixed in dapper-gutsy and that they'd be sure to take care of the rest. Thanks!