<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:150
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : August 25, 2006
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 Prior to 2.6.15.5, the kerenl allowed local users to obtain sensitive
 information via a crafted XFS ftruncate call (CVE-2006-0554).
 
 Prior to 2.6.15.5, the kernel did not properly handle uncanonical
 return addresses on Intel EM64T CPUs causing the kernel exception
 handler to run on the user stack with the wrong GS (CVE-2006-0744).
 
 ip_conntrack_core.c in the 2.6 kernel, and possibly
 nf_conntrack_l3proto_ipv4.c did not clear sockaddr_in.sin_zero before
 returning IPv4 socket names from the getsockopt function with
 SO_ORIGINAL_DST, which could allow local users to obtain portions of
 potentially sensitive memory (CVE-2006-1343).
 
 Prior to 2.6.16.17, the a buffer overflow in SCTP in the kernel allowed
 remote attackers to cause a Denial of Service (crash) and possibly
 execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857).
 
 Prior to 2.6.16.17, SCTP in the kernel allowed remote attackers to
 cause a DoS (crash) and possibly execute arbitrary code via a chunk
 length that is inconsistent with the actual length of provided
 parameters (CVE-2006-1858).
 
 Prior to 2.6.16, a directory traversal vulnerability in CIFS could
 allow a local user to escape chroot restrictions for an SMB-mounted
 filesystem via "..\\" sequences (CVE-2006-1863).
 
 Prior to 2.6.16, a directory traversal vulnerability in smbfs could
 allow a local user to escape chroot restrictions for an SMB-mounted
 filesystem via "..\\" sequences (CVE-2006-1864).
 
 Prior to 2.6.17, Linux SCTP allowed a remote attacker to cause a DoS
 (infinite recursion and crash) via a packet that contains two or more
 DATA fragments, which caused an skb pointer to refer back to itself
 when the full message is reassembled, leading to an infinite recursion
 in the sctp_skb_pull function (CVE-2006-2274).
 
 The dvd_read_bca function in the DVD handling code assigns the wrong
 value to a length variable, which could allow local users to execute
 arbitrary code via a crafted USB storage device that triggers a buffer
 overflow (CVE-2006-2935).
 
 Prior to 2.6.17, the ftdi_sio driver could allow local users to cause
 a DoS (memory consumption) by writing more data to the serial port than
 the hardware can handle, causing the data to be queued (CVE-2006-2936).
 
 The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers
 to cause a DoS (file system panic) via a crafted UDP packet with a V2
 lookup procedure that specifies a bad file handle (inode number),
 triggering an error and causing an exported directory to be remounted
 read-only (CVE-2006-3468).
 
 The 2.6 kernel's SCTP was found to cause system crashes and allow for
 the possibility of local privilege escalation due to a bug in the
 get_user_iov_size() function that doesn't properly handle overflow when
 calculating the length of iovec (CVE-2006-3745).
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels immediately
 and reboot to effect the fixes.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0554
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1857
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1858
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1863
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2274
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2935
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2936
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3468
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3745
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 9d14c43145beafb4e63fe8cae758d0f6  
corporate/3.0/RPMS/kernel-2.6.3.35mdk-1-1mdk.i586.rpm
 e7331f51ed5cf4edee33efcb01f49243  
corporate/3.0/RPMS/kernel-BOOT-2.6.3.35mdk-1-1mdk.i586.rpm
 dcb027450192d7d73f407f30d3e3e852  
corporate/3.0/RPMS/kernel-enterprise-2.6.3.35mdk-1-1mdk.i586.rpm
 59f29ace5cc862c84cace5d046d6302e  
corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.35mdk-1-1mdk.i586.rpm
 6b062c5059587a927f31fea04fb91a3a  
corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.35mdk-1-1mdk.i586.rpm
 744287198a20913bd38b1c1d37a68bd2  
corporate/3.0/RPMS/kernel-secure-2.6.3.35mdk-1-1mdk.i586.rpm
 17780ad90f4989615baab5f115074f8a  
corporate/3.0/RPMS/kernel-smp-2.6.3.35mdk-1-1mdk.i586.rpm
 4555bac09b7ce50d83b97c47af0b2724  
corporate/3.0/RPMS/kernel-source-2.6.3-35mdk.i586.rpm
 7165754462cdfcd92c894f56623bc8b0  
corporate/3.0/RPMS/kernel-source-stripped-2.6.3-35mdk.i586.rpm
 e59db387f0642f5293dc60283832557b  
corporate/3.0/SRPMS/kernel-2.6.3.35mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 918a70fe836d900b217f442b5208c779  
x86_64/corporate/3.0/RPMS/kernel-2.6.3.35mdk-1-1mdk.x86_64.rpm
 dd1ea77b15bd07c75f5ab7caf00dbde0  
x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.35mdk-1-1mdk.x86_64.rpm
 c8964849f4142c2c51c3ddd298513753  
x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.35mdk-1-1mdk.x86_64.rpm
 7a98664c4ba5f0d50a500c1158a8fb08  
x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.35mdk-1-1mdk.x86_64.rpm
 3c4d5ca4f7a1a91d99fc182e499c9e76  
x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-35mdk.x86_64.rpm
 a25c6705ba2b70c85c1c86e68cb0d3cd  
x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-35mdk.x86_64.rpm
 e59db387f0642f5293dc60283832557b  
x86_64/corporate/3.0/SRPMS/kernel-2.6.3.35mdk-1-1mdk.src.rpm

 Multi Network Firewall 2.0:
 5cab4be7c19a67689f33f01de208879e  
mnf/2.0/RPMS/kernel-2.6.3.35mdk-1-1mdk.i586.rpm
 ee1db88c9010b3a1af0f5ea93ce86505  
mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.35mdk-1-1mdk.i586.rpm
 0e3618eec1dcb5bca817ecec7e912836  
mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.35mdk-1-1mdk.i586.rpm
 ded09245567203340c86b3ddacf21b3a  
mnf/2.0/RPMS/kernel-secure-2.6.3.35mdk-1-1mdk.i586.rpm
 7efdc84f2748f1c2237a72ef94d90b31  
mnf/2.0/RPMS/kernel-smp-2.6.3.35mdk-1-1mdk.i586.rpm
 d12744fdab6bf6606ed13fae69b51f50  
mnf/2.0/SRPMS/kernel-2.6.3.35mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE7xa9mqjQ0CJFipgRAsAAAKC/kOcYUfcUldfx8MGy87CHigyjSgCeJ/43
JsyWup/H/+NRqjHU1SGHaGc=
=8KyZ
-----END PGP SIGNATURE-----