Linux 2.6.26: Fix Privilege Escalation, Denial of Service, Information Leak Vulnerabilities

Users of Linux 2.6.26 please be advised of a privilege escalation, denial of service, information leak vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

DSA 2126-1: [DSA 2126-1] New Linux 2.6.26 packages fix several issues

Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2963 Kees Cook discovered an issue in the v4l 32-bit compatibility layer for 64-bit systems that allows local users with /dev/video write permission to overwrite arbitrary kernel memory, potentially leading to a privilege escalation. On Debian systems, access to /dev/video devices is restricted to members of the 'video' group by default. CVE-2010-3067 Tavis Ormandy discovered an issue in the io_submit system call. Local users can cause an integer overflow resulting in a denial of service.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fJdNsu