SB2008111801 - Memory corruption in Linux kernel
Published: November 18, 2008
Security Bulletin ID
SB2008111801
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2008-5134)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to memory corruption error. A remote non-authenticated attacker can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- http://article.gmane.org/gmane.linux.kernel.wireless.general/23049
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=48735d8d8bd701b1e0cd3d49c21e5e385ddcb077
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
- http://openwall.com/lists/oss-security/2008/11/11/2
- http://secunia.com/advisories/32998
- http://secunia.com/advisories/33641
- http://secunia.com/advisories/33706
- http://secunia.com/advisories/33854
- http://www.debian.org/security/2008/dsa-1681
- http://www.redhat.com/support/errata/RHSA-2009-0053.html
- http://www.securityfocus.com/bid/32484
- https://bugzilla.redhat.com/show_bug.cgi?id=470761
- https://usn.ubuntu.com/714-1/