rPSA-2008-0189-1 kernel xen

Issue Tracking System MIT License Previous versions arbitrary code execution Privilege Escalation Severe Exposure buffer overflow systems rPath Updated Versions Exposure Level Classification Appliance Platform Linux Service remote Security Advisory

rPath Security Advisory: 2008-0189-1
Published: 2008-06-11
Products:
    rPath Appliance Platform Linux Service 1
    rPath Linux 1
    rPath Linux 2

Rating: Severe
Exposure Level Classification:
    Remote User Deterministic Privilege Escalation
Updated Versions:
    kernel=conary.rpath.com@rpl:1-vmware/2.6.24.7-0.4-1
    kernel=conary.rpath.com@rpl:1-xen/2.6.16.33-0.5-1
    kernel=conary.rpath.com@rpl:1/2.6.24.7-0.4-1
    kernel=conary.rpath.com@rpl:2-xen/2.6.21.7-4-1
    kernel=conary.rpath.com@rpl:2/2.6.24.7-4-0.1
    kernel=rap.rpath.com@rpath:linux-1/2.6.24.7-3-1
    xen=conary.rpath.com@rpl:2/3.1.2-1.1-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2557
    https://issues.rpath.com/browse/RPL-2599
    https://issues.rpath.com/browse/RPL-2603

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673

Description:
    Previous versions of the kernel package are vulnerable to a buffer
    overflow in the cifs and ip_nat_snmp_basic modules which can allow
    a remote denial of service or possible arbitrary code execution.
    
    In addition, support has been added for newer Intel 10Gb Ethernet
    adapters, and a bug which effects device ordering on certain Dell
    and HP systems has been resolved.
    
    A system reboot is required to resolve these issues.

http://wiki.rpath.com/Advisories:rPSA-2008-0189

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html