[ MDVSA-2015:057 ] kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:057
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : March 10, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The Crypto API in the Linux kernel before 3.18.5 allows local users
 to load arbitrary kernel modules via a bind system call for an
 AF_ALG socket with a parenthesized module template expression in
 the salg_name field, as demonstrated by the vfat(aes) expression,
 a different vulnerability than CVE-2013-7421 (CVE-2014-9644).
 
 net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before
 3.18 generates incorrect conntrack entries during handl

007 Software

[ MDVSA-2015:057 ] kernel

Leave a Reply Cancel reply

Software and Security Information