<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:008
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : January 11, 2008
 Affected: Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Some vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 The CIFS filesystem, when Unix extension support is enabled, does
 not honor the umask of a process, which allows local users to gain
 privileges. (CVE-2007-3740)
 
 The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
 in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
 certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
 units, which allows local users to cause a denial of service (panic)
 via unspecified vectors. (CVE-2007-4133)
 
 The IA32 system call emulation functionality in Linux kernel 2.4.x
 and 2.6.x before 2.6.22.7, when running on the x86_64 architecture,
 does not zero extend the eax register after the 32bit entry path to
 ptrace is used, which might allow local users to gain privileges by
 triggering an out-of-bounds access to the system call table using
 the %RAX register. (CVE-2007-4573)
 
 Integer underflow in the ieee80211_rx function in
 net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before
 2.6.23 allows remote attackers to cause a denial of service (crash)
 via a crafted SKB length value in a runt IEEE 802.11 frame when
 the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two
 error. (CVE-2007-4997)
 
 The disconnect method in the Philips USB Webcam (pwc) driver in Linux
 kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
 which allows user-assisted local attackers to cause a denial of service
 (USB subsystem hang and CPU consumption in khubd) by not closing the
 device after the disconnect is invoked.  NOTE: this rarely crosses
 privilege boundaries, unless the attacker can convince the victim to
 unplug the affected device. (CVE-2007-5093)
 
 The wait_task_stopped function in the Linux kernel before 2.6.23.8
 checks a TASK_TRACED bit instead of an exit_state value, which
 allows local users to cause a denial of service (machine crash) via
 unspecified vectors.  NOTE: some of these details are obtained from
 third party information. (CVE-2007-5500)
 
 The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and
 possibly other versions, allows local users to cause a denial of
 service (hang) via a malformed minix file stream that triggers an
 infinite loop in the minix_bmap function. NOTE: this issue might be
 due to an integer overflow or signedness error. (CVE-2006-6058)
 
 Buffer overflow in the isdn_net_setcfg function in isdn_net.c in
 Linux kernel 2.6.23 allows local users to have an unknown impact via
 a crafted argument to the isdn_ioctl function. (CVE-2007-6063)
 
 Additionaly, support for Promise 4350 controller was added (stex
 module).
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4133
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5500
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 4.0:
 07fa3648c4fcad266094de58ee5f7976  
corporate/4.0/i586/kernel-2.6.12.33mdk-1-1mdk.i586.rpm
 e252e134fca461feeee210bc85fe0b66  
corporate/4.0/i586/kernel-BOOT-2.6.12.33mdk-1-1mdk.i586.rpm
 2364ec022ffd41f61ef19aa4da196584  
corporate/4.0/i586/kernel-doc-2.6.12.33mdk-1-1mdk.i586.rpm
 56b9c725e2370594ea37bff83bec8adf  
corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.33mdk-1-1mdk.i586.rpm
 ac5b435ab4b230da799b12b06054e3e5  
corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.33mdk-1-1mdk.i586.rpm
 4bd260613b29981fd3b0a742707c6785  
corporate/4.0/i586/kernel-smp-2.6.12.33mdk-1-1mdk.i586.rpm
 4111453b8da035fa44428f7d79b77c64  
corporate/4.0/i586/kernel-source-2.6.12.33mdk-1-1mdk.i586.rpm
 c31d879b0becf2c84569ad18615fbe7c  
corporate/4.0/i586/kernel-source-stripped-2.6.12.33mdk-1-1mdk.i586.rpm
 9e8f1b4d991c1b144b5e999b647bbce6  
corporate/4.0/i586/kernel-xbox-2.6.12.33mdk-1-1mdk.i586.rpm
 895efcf862e5e8428ceec714f29666da  
corporate/4.0/i586/kernel-xen0-2.6.12.33mdk-1-1mdk.i586.rpm
 bab9c0071d482b0e3c03c181b8cca71a  
corporate/4.0/i586/kernel-xenU-2.6.12.33mdk-1-1mdk.i586.rpm 
 877a5d94905829128211ecc1dd538138  
corporate/4.0/SRPMS/kernel-2.6.12.33mdk-1-1mdk.src.rpm

 Corporate 4.0/X86_64:
 d2e4070842e4a6ea4d9e029a5977d929  
corporate/4.0/x86_64/kernel-2.6.12.33mdk-1-1mdk.x86_64.rpm
 bf3014e8afe93ab0a8877e1d80d921e4  
corporate/4.0/x86_64/kernel-BOOT-2.6.12.33mdk-1-1mdk.x86_64.rpm
 ac4c529077ff74e82362c1b7d4404233  
corporate/4.0/x86_64/kernel-doc-2.6.12.33mdk-1-1mdk.x86_64.rpm
 fe2963758a2fbef0ed561dd41741f1f0  
corporate/4.0/x86_64/kernel-smp-2.6.12.33mdk-1-1mdk.x86_64.rpm
 f8ea4d85518c1e2e6a8b163febbb39f8  
corporate/4.0/x86_64/kernel-source-2.6.12.33mdk-1-1mdk.x86_64.rpm
 773dd4eb7e4ebbe76c49817399bdfb23  
corporate/4.0/x86_64/kernel-source-stripped-2.6.12.33mdk-1-1mdk.x86_64.rpm
 83c8eb396798958d3a0581f7610973e8  
corporate/4.0/x86_64/kernel-xen0-2.6.12.33mdk-1-1mdk.x86_64.rpm
 e3a4fc8ac6984d283aebcbf8c733942f  
corporate/4.0/x86_64/kernel-xenU-2.6.12.33mdk-1-1mdk.x86_64.rpm 
 877a5d94905829128211ecc1dd538138  
corporate/4.0/SRPMS/kernel-2.6.12.33mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHh8nGmqjQ0CJFipgRAmkIAJ94GfjCcBcizfHDPBZrHQEmHmu5TQCgxfMx
1VPoB3XA6iDs9X0H11l20I0=
=S6Bk
-----END PGP SIGNATURE-----