<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:086 ] - Updated kernel packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:086
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : May 18, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 Prior to Linux kernel 2.6.16.5, the kernel does not properly handle
 uncanonical return addresses on Intel EM64T CPUs which causes the
 kernel exception handler to run on the user stack with the wrong GS
 (CVE-2006-0744).
 
 The selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users
 with ptrace permissions to change the tracer SID to an SID of another
 process (CVE-2006-1052).
 
 Prior to 2.6.16, the ip_push_pending_frames function increments the IP
 ID field when sending a RST after receiving unsolicited TCP SYN-ACK
 packets, which allows a remote attacker to conduct an idle scan attack,
 bypassing any intended protection against such an attack
 (CVE-2006-1242).
 
 In kernel 2.6.16.1 and some earlier versions, the sys_add_key function
 in the keyring code allows local users to cause a DoS (OOPS) via keyctl
 requests that add a key to a user key instead of a keyring key, causing
 an invalid dereference (CVE-2006-1522).
 
 Prior to 2.6.16.8, the ip_route_input function allows local users to
 cause a DoS (panic) via a request for a route for a multicast IP
 address, which triggers a null dereference (CVE-2006-1525).
 
 Prior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to
 cause a DoS (infinite loop) via unknown vectors that cause an invalid
 SCTP chunk size to be processed (CVE-2006-1527).
 
 Prior to 2.6.16, local users can bypass IPC permissions and modify a
 read-only attachment of shared memory by using mprotect to give write
 permission to the attachment (CVE-2006-2071).
 
 Prior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows remote
 attackers to cause a DoS (kernel panic) via an unexpected chucnk when
 the session is in CLOSED state (CVE-2006-2271).
 
 Prior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS
 (kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT
 SCTP control chunks (CVE-2006-2272).
 
 In addition to these security fixes, other fixes have been included
 such as:
 
 - fix a scheduler deadlock
 - Yenta oops fix
 - ftdi_sio: adds support for iPlus devices
 - enable kprobes on i386 and x86_64
 - avoid a panic on bind mount of autofs owned directory
 - fix a kernel OOPs when booting with 'console=ttyUSB0' but without a
   USB-serial dongle plugged in
 - make dm-mirror not issue invalid resync requests
 - fix media change detection on scsi removable devices
 - add support for the realtek 8168 chipset
 - update hfsplus driver to 2.6.16 state
 - backport 'Gilgal' support from e1000 7.0.33
 - selected ACPI video fixes
 - update 3w-9xxx to 2.26.02.005 (9550SX support)
 - fix a deadlock in the ext2 filesystem
 - fix usbserial use-after-free bug
 - add i945GM DRI support
 - S3 resume fixes
 - add ECS PF22 hda model support
 - SMP suspend
 - CPU hotplug
 - miscellaneous AGP fixes
 - added sata-suspend patch for 2.6.12 for Napa platform
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 
 As well, updated mkinitrd and bootsplash packages are provided to fix
 minor issues; users should upgrade both packages prior to installing
 a new kernel.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1052
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1242
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1522
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1525
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1527
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2271
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2272
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 7750a216a241ed6af6d22e25cd06a5c2  
2006.0/RPMS/bootsplash-3.1.12-0.2.20060mdk.i586.rpm
 ba0b9bcb350d995590f680add39cbc5b  
2006.0/RPMS/kernel-2.6.12.21mdk-1-1mdk.i586.rpm
 591ab924840be035eba8a94f8d43eb9a  
2006.0/RPMS/kernel-BOOT-2.6.12.21mdk-1-1mdk.i586.rpm
 200c65b3c9a0daf1409f377a6361cd36  
2006.0/RPMS/kernel-i586-up-1GB-2.6.12.21mdk-1-1mdk.i586.rpm
 c131b93ce94dd3f99b5911c9af3a4156  
2006.0/RPMS/kernel-i686-up-4GB-2.6.12.21mdk-1-1mdk.i586.rpm
 3cfdf97e572b8087b3fc695770502fa6  
2006.0/RPMS/kernel-smp-2.6.12.21mdk-1-1mdk.i586.rpm
 9323571a05fc5d281939c83daf84e375  
2006.0/RPMS/kernel-source-2.6-2.6.12-21mdk.i586.rpm
 16fbb0c19f1f2b45e40e6547db813db8  
2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-21mdk.i586.rpm
 a84be259414f8bac67f484b4b02f6a46  
2006.0/RPMS/kernel-xbox-2.6.12.21mdk-1-1mdk.i586.rpm
 e158c0935ca9f812b06372e2071dba17  
2006.0/RPMS/kernel-xen0-2.6.12.21mdk-1-1mdk.i586.rpm
 f0d9631ac5fa2a4e991012e2e51ced5f  
2006.0/RPMS/kernel-xenU-2.6.12.21mdk-1-1mdk.i586.rpm
 728741e920bc860bb6772ed145d3f5c5  
2006.0/RPMS/mkinitrd-4.2.17-17.2.20060mdk.i586.rpm
 a81220042492360e66b2a546810486d9  
2006.0/SRPMS/bootsplash-3.1.12-0.2.20060mdk.src.rpm
 5e2460c3d8da16724a5e70a28f3a6192  
2006.0/SRPMS/kernel-2.6.12.21mdk-1-1mdk.src.rpm
 afc7e77996523c7655fbdcb057da3cff  
2006.0/SRPMS/mkinitrd-4.2.17-17.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a0687b63a2027b3f1c378114ee8776b7  
x86_64/2006.0/RPMS/bootsplash-3.1.12-0.2.20060mdk.x86_64.rpm
 533b60ecaa224ebcf1775da64681c625  
x86_64/2006.0/RPMS/kernel-2.6.12.21mdk-1-1mdk.x86_64.rpm
 ed40189238ba65b1619010c97e71ae09  
x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.21mdk-1-1mdk.x86_64.rpm
 a40edd3cfeb70a705951e05515881a59  
x86_64/2006.0/RPMS/kernel-smp-2.6.12.21mdk-1-1mdk.x86_64.rpm
 2823e60fa1510c2ac269a69921466042  
x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-21mdk.x86_64.rpm
 9cd35f648ca8d30b49b38841cc6766db  
x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-21mdk.x86_64.rpm
 e87787cd3f30034b40cf0e8eb4301437  
x86_64/2006.0/RPMS/mkinitrd-4.2.17-17.2.20060mdk.x86_64.rpm
 a81220042492360e66b2a546810486d9  
x86_64/2006.0/SRPMS/bootsplash-3.1.12-0.2.20060mdk.src.rpm
 5e2460c3d8da16724a5e70a28f3a6192  
x86_64/2006.0/SRPMS/kernel-2.6.12.21mdk-1-1mdk.src.rpm
 afc7e77996523c7655fbdcb057da3cff  
x86_64/2006.0/SRPMS/mkinitrd-4.2.17-17.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEbM4MmqjQ0CJFipgRAgQcAJ9oPTrTPTgfkiDLLTnTkTrSjZGYUQCfaMYj
N45DDhQSdVucqzXbRF7BW60=
=lm8O
-----END PGP SIGNATURE-----