7.2 - MDVSA-2010:247

A vulnerability was discovered and corrected in the Linux 2.6 kernel:

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a stack pointer underflow issue, as exploited in the wild in September 2010. (CVE-2010-3081)

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. (CVE-2010-3301)

Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. (CVE-2010-3015)

Additionally, the kernel has been updated to the stable version 2.6.31.14. A timeout bug in bnx2 has been fixed. Muting and unmuting on VT1812/VT2002P now should work correctly. A fix for ACL decoding on NFS was added. Rebooting on Dell Precision WorkStation T7400 was corrected. Read balancing with RAID0 and RAID1 on drives larger then 2TB was also fixed. A more detailed description is available in the package changelog and related tickets.

Thanks to Thomas Backlund and Herton Ronaldo Krzesinski for contributions in this update.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate