*** This bug is a security vulnerability *** Public security bug reported:
CVE-2008-3272 preliminary description: "The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3272 CVE-2008-3496 description: "Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3496 CVE-2008-3534 description: "The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534 CVE-2008-3535 description: "Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3535 ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: linux-source-2.6.15 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3272 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3496 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3534 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3535 -- [CVE-2008-3272, -3496, -3534, -3535] Multiple vulnerabilities in the Linux kernel https://bugs.launchpad.net/bugs/256632 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
