[ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDKSA-2006:151 ] - Updated kernel packages fix multiple vulnerabilities
From: security@xxxxxxxxxxxx
Date: Fri, 25 Aug 2006 12:49:00 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
Sender: QATeam User <qateam@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:151
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : August 25, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 Prior to and including 2.6.16-rc2, when running on x86_64 systems with
 preemption enabled, local users can cause a DoS (oops) via multiple
 ptrace tasks that perform single steps (CVE-2006-1066).
 
 Prior to 2.6.16, a directory traversal vulnerability in CIFS could
 allow a local user to escape chroot restrictions for an SMB-mounted
 filesystem via "..\\" sequences (CVE-2006-1863).
 
 Prior to 2.6.16, a directory traversal vulnerability in smbfs could
 allow a local user to escape chroot restrictions for an SMB-mounted
 filesystem via "..\\" sequences (CVE-2006-1864).
 
 Prior to to 2.6.16.23, SCTP conntrack in netfilter allows remote
 attackers to cause a DoS (crash) via a packet without any chunks,
 causing a variable to contain an invalid value that is later used to
 dereference a pointer (CVE-2006-2934).
 
 The dvd_read_bca function in the DVD handling code assigns the wrong
 value to a length variable, which could allow local users to execute
 arbitrary code via a crafted USB storage device that triggers a buffer
 overflow (CVE-2006-2935).
 
 Prior to 2.6.17, the ftdi_sio driver could allow local users to cause
 a DoS (memory consumption) by writing more data to the serial port than
 the hardware can handle, causing the data to be queued (CVE-2006-2936).
 
 The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers
 to cause a DoS (file system panic) via a crafted UDP packet with a V2
 lookup procedure that specifies a bad file handle (inode number),
 triggering an error and causing an exported directory to be remounted
 read-only (CVE-2006-3468).
 
 The 2.6 kernel's SCTP was found to cause system crashes and allow for
 the possibility of local privilege escalation due to a bug in the
 get_user_iov_size() function that doesn't properly handle overflow when
 calculating the length of iovec (CVE-2006-3745).
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels immediately
 and reboot to effect the fixes.
 
 In addition to these security fixes, other fixes have been included
 such as:
 
 - added support for new devices:
   o Testo products in usb-serial
   o ATI SB600 IDE
   o ULI M-1573 south Bridge
   o PATA and SATA support for nVidia MCP55, MCP61, MCP65, and AMD CS5536
   o Asus W6A motherboard in snd-hda-intel
   o bcm 5780
 - fixed ip_gre module unload OOPS
 - enabled opti621 driver for x86 and x86_64
 - fixed a local DoS introduced by an imcomplete fix for CVE-2006-2445
 - updated to Xen 3.0.1 with selected fixes
 - enable hugetlbfs
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1066
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1863
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2935
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2936
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3468
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3745
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 9b4811892823bfa6ddfa648f029ee500  
2006.0/RPMS/kernel-2.6.12.25mdk-1-1mdk.i586.rpm
 27e6afeac2d98e07cd8a16d2ffa8de28  
2006.0/RPMS/kernel-BOOT-2.6.12.25mdk-1-1mdk.i586.rpm
 dcd2a1843a5f56c286a0e6270c7b1d79  
2006.0/RPMS/kernel-i586-up-1GB-2.6.12.25mdk-1-1mdk.i586.rpm
 477b78d6836d03484a58720f2137e506  
2006.0/RPMS/kernel-i686-up-4GB-2.6.12.25mdk-1-1mdk.i586.rpm
 ab1f7540dbfd41f469f4931a710dbe95  
2006.0/RPMS/kernel-smp-2.6.12.25mdk-1-1mdk.i586.rpm
 ed246f8b552bb26bb8e89c0c0842bbe9  
2006.0/RPMS/kernel-source-2.6.12.25mdk-1-1mdk.i586.rpm
 acb15b08ed7f7d2ad3747c555a07b401  
2006.0/RPMS/kernel-source-stripped-2.6.12.25mdk-1-1mdk.i586.rpm
 ede19a2f7dd7b715c58e9c61ee1c3359  
2006.0/RPMS/kernel-xbox-2.6.12.25mdk-1-1mdk.i586.rpm
 848a9f9725f141077a34affb42088946  
2006.0/RPMS/kernel-xen0-2.6.12.25mdk-1-1mdk.i586.rpm
 d280fd356d01831e6dbe5f0fc73c741b  
2006.0/RPMS/kernel-xenU-2.6.12.25mdk-1-1mdk.i586.rpm
 c0a388efafe83a187a58d582ddf9cafb  
2006.0/SRPMS/kernel-2.6.12.25mdk-1-1mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 54c6b69a3ce44d4dfb217f4b4f620293  
x86_64/2006.0/RPMS/kernel-2.6.12.25mdk-1-1mdk.x86_64.rpm
 0eded734bf839d253c18d4849507a687  
x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.25mdk-1-1mdk.x86_64.rpm
 c379d55bcaee5070b46475b2e1cbce0a  
x86_64/2006.0/RPMS/kernel-smp-2.6.12.25mdk-1-1mdk.x86_64.rpm
 2fad12f6ea68fdd1d000c2602f47a0a3  
x86_64/2006.0/RPMS/kernel-source-2.6.12.25mdk-1-1mdk.x86_64.rpm
 1ae8c5f75d5660e511cfe2db62a02056  
x86_64/2006.0/RPMS/kernel-source-stripped-2.6.12.25mdk-1-1mdk.x86_64.rpm
 160c2425b4be695feaafffdb59cc8fcd  
x86_64/2006.0/RPMS/kernel-xen0-2.6.12.25mdk-1-1mdk.x86_64.rpm
 677a458c0eb70f9f8a5bd9553b96f589  
x86_64/2006.0/RPMS/kernel-xenU-2.6.12.25mdk-1-1mdk.x86_64.rpm
 c0a388efafe83a187a58d582ddf9cafb  
x86_64/2006.0/SRPMS/kernel-2.6.12.25mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE7xpfmqjQ0CJFipgRAio9AKDjb4g8obg5dkOccjQOlFQ6oeIKAQCgkNQ3
ZdXAs/f1g9RsGP1wVlrqg+U=
=TeRg
-----END PGP SIGNATURE-----

Prev by Date: [ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities
Next by Date: CuteNews 1.3.* Remote File Include Vulnerability
Previous by thread: [ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities
Next by thread: CuteNews 1.3.* Remote File Include Vulnerability
Index(es):
- Date
- Thread