Mandriva Linux Security Advisory MDKSA-2006-072: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel:
53f3e6c30c79227d5c9b6fe2f2dbe338cdf819206586028a1793ae1810d81d2c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:072
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : April 17, 2006
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Prior to Linux kernel 2.6.5, a numeric casting discrepancy in sdla_xfer
allowed local users to read portions of kernel memory (CVE-2004-2607).
Prior to 2.6.12, multiple "range checking flaws" in ISO9660 filesystem
handler could allow attackers to cause a DoS or corrupt memory via a
crafted filesystem (CVE-2005-0815).
Prior to 2.6.14-rc5, when running IPv6, the udp_v6_get_port function
allowed local users to cause a DoS (infinite loop and crash)
(CVE-2005-2973).
A race condition when threads are sharing memory mapping via CLONE_VM
could allow local users to cause a DoS (deadlock) by triggering a core
dump (CVE-2005-3106).
When one thread is tracing another thread that shares the same memory
map, could allow local users to cause a DoS (deadlock) by forcing a
core dump (CVE-2005-3107).
A race condition in the ebtables netfilter module, when running on an
SMP system under heavy load, might allow remote attackers to cause a
DoS (crash) via series of packets that cause a value to be modified
after if has been read but before it has been locked (CVE-2005-3110).
Prior to 2.6.14.2, the ptrace functionality, using CLONE_THREAD, does
not use the thread group ID to check whether it is attaching to itself,
allowing local users to cause a DoS (crash) (CVE-2005-3783).
Prior to 2.6.14, the IPv6 flow label handling code modified the wrong
variable in certain circumstances, which allowed local user to corrupt
kernel memory or cause a DoS (crash) by triggering a free of non-
allocated memory (CVE-2005-3806).
Prior to 2.6.12.6 and 2.6.13, a memory leak in the icmp_push_reply
function allowed remote attackers to cause a DoS (memory consumption)
via a large number of crafted packets (CVE-2005-3848).
Prior to 2.6.15-rc3, the time_out_leases function allowed local users
to cause a DoS (kernel log message consumption) by causing a large
number of broken leases, which is recorded to the log using the printk
function (CVE-2005-3857).
In addition to these security fixes, other fixes have been included
such as:
- fix nfs blocksize setting (bk tree)
- update sata_sil to 0.9
- update ndiswrapper to 1.0
- update 3w-9xxx to 2.26.04.007 (9550SX support)
- update tg3 "ng" (3.6)
- add support for ATI IXP400 audio (alsa) and ide
- add support for new sata_sil chipset for RS480 platforms (NEC)
- add support for MCP51 IDE & NIC (nForce 430)
- various x86_64 fixes from newer kernels
- sata_nv: support for MCP51
- piix: ICH7 support
- add netcell and piccolo support
- updated e100 and e1000 drivers from 2006
- updated aic79xx
The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
f6616fba9e654a35e4790cc4503d7dc0 corporate/3.0/RPMS/kernel-2.6.3.31mdk-1-1mdk.i586.rpm
9e435e279b3a2de6bc3b893600d18933 corporate/3.0/RPMS/kernel-BOOT-2.6.3.31mdk-1-1mdk.i586.rpm
5f74a8004d02ec87b7f12bba021c6f6a corporate/3.0/RPMS/kernel-enterprise-2.6.3.31mdk-1-1mdk.i586.rpm
463709928da83f9eaff7347dca277731 corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.31mdk-1-1mdk.i586.rpm
4d623beb36a409f300adb9a2abcb782d corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.31mdk-1-1mdk.i586.rpm
ae070db81ce88a70a74e60e6ed0ddd9a corporate/3.0/RPMS/kernel-secure-2.6.3.31mdk-1-1mdk.i586.rpm
ed34b5257ddceff31b4e7097c90da9d3 corporate/3.0/RPMS/kernel-smp-2.6.3.31mdk-1-1mdk.i586.rpm
e2916491b2b1e9e8fcace72656c6c6d8 corporate/3.0/RPMS/kernel-source-2.6.3-31mdk.i586.rpm
71c1e84859bd10aa13dbfdf38b27107f corporate/3.0/RPMS/kernel-source-stripped-2.6.3-31mdk.i586.rpm
e93989bf2e25c73258bf769b8cff61fb corporate/3.0/SRPMS/kernel-2.6.3.31mdk-1-1mdk.src.rpm
Corporate 3.0/X86_64:
06e84e162e5daaa17121aec16fde8a37 x86_64/corporate/3.0/RPMS/kernel-2.6.3.31mdk-1-1mdk.x86_64.rpm
2cca09b2cb90cefe786e7766fa732fa9 x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.31mdk-1-1mdk.x86_64.rpm
1f56b193cb6b4412a09243e90595524a x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.31mdk-1-1mdk.x86_64.rpm
baf7a827f2e0994eac1d93e99060e5b0 x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.31mdk-1-1mdk.x86_64.rpm
85949fefb7e2be8248d843e1977ffa28 x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-31mdk.x86_64.rpm
3d6bd0850c3dc497d68097a023800593 x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-31mdk.x86_64.rpm
e93989bf2e25c73258bf769b8cff61fb x86_64/corporate/3.0/SRPMS/kernel-2.6.3.31mdk-1-1mdk.src.rpm
Multi Network Firewall 2.0:
8f28ce72ba80cfe274f6b874ffd872a7 mnf/2.0/RPMS/kernel-2.6.3.31mdk-1-1mdk.i586.rpm
d920396687b976d6be02952319a346b9 mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.31mdk-1-1mdk.i586.rpm
8ce1c9bf7091048152723d06cdad7e04 mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.31mdk-1-1mdk.i586.rpm
5ce744875a7d3e5f29cd8e29c02460e5 mnf/2.0/RPMS/kernel-secure-2.6.3.31mdk-1-1mdk.i586.rpm
5139ebdc96d687e5ac6f10dc05c87849 mnf/2.0/RPMS/kernel-smp-2.6.3.31mdk-1-1mdk.i586.rpm
57345c3e2c354da4ddbc11449ceb124c mnf/2.0/SRPMS/kernel-2.6.3.31mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEQ99ImqjQ0CJFipgRAlL0AJ9UH65+gTTsgetXaQxcxfj+AxcYhwCcCYdb
dHNMzJsxQSzxwMR6jK23kv8=
=zDvE
-----END PGP SIGNATURE-----