[Security Announce] [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability

news · April 15, 2008

This is a multi-part message in MIME format...

------------=_1208292644-11275-2707

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:086

http://www.mandriva.com/security/

_______________________________________________________________________

Package : kernel

Date : April 15, 2008

Affected: Corporate 4.0

_______________________________________________________________________

Problem Description:

The isdn_ioctl function in isdn_common.c in the Linux kernel prior to

2.6.23 allows local users to cause a denial of service via a crafted

ioctl struct in which iocts is not null terminated, which trigger a

buffer overflow (CVE-2007-6151).

The do_corefump function in fs/exec.c in the Linux kernel prior to

2.6.24-rc3 did not change the UID of a core dump file if it exists

before a root process creates a core dump in the same location, which

could possibly allow local users to obtain sensitive information

(CVE-2007-6206).

The shmem_getpage function in mm/shmem.c in the Linux kernel versions

2.6.11 through 2.6.23 did not properly clear allocated memory in

certain rare circumstances related to tmps, which could possibly

allow local users to read sensitive kernel data or cause a crash

(CVE-2007-6417).

Additionally, this kernel provides a fix for megaraid_sas and updates

it to version 3.13, updates mptsas to version 3.12.19, and updates

e1000-ng to version 7.6.12, as well as adds igb version 1.0.8.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6417

_______________________________________________________________________

Updated Packages:

Corporate 4.0:

4ecd928352ae1a0e37af030841e1daca corporate/4.0/i586/kernel-2.6.12.34mdk-1-1mdk.i586.rpm

e25d7be22e3e194dd1f50409d0e71b90 corporate/4.0/i586/kernel-BOOT-2.6.12.34mdk-1-1mdk.i586.rpm

e42a62385fd608bf8d9b3ec62d6684e8 corporate/4.0/i586/kernel-doc-2.6.12.34mdk-1-1mdk.i586.rpm

0522dc2efc14a6fb456bed196e5ef87e corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.34mdk-1-1mdk.i586.rpm

723df91e8a94e9e4654a30875fe9de94 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.34mdk-1-1mdk.i586.rpm

b276ba8700f7e611bfdf02b3b26c4796 corporate/4.0/i586/kernel-smp-2.6.12.34mdk-1-1mdk.i586.rpm

0a369c5c6e085596c2fa579074e0eed0 corporate/4.0/i586/kernel-source-2.6.12.34mdk-1-1mdk.i586.rpm

53e34bb761dbf927ec911248aee1f23b corporate/4.0/i586/kernel-source-stripped-2.6.12.34mdk-1-1mdk.i586.rpm

c10f59cf9d289f0e9e8cdeb4e7fb3f0e corporate/4.0/i586/kernel-xbox-2.6.12.34mdk-1-1mdk.i586.rpm

90a86dd0e5fb9d62edd9682f5a86f978 corporate/4.0/i586/kernel-xen0-2.6.12.34mdk-1-1mdk.i586.rpm

af3beaab8bf06f0beef21158e5d6878e corporate/4.0/i586/kernel-xenU-2.6.12.34mdk-1-1mdk.i586.rpm

5137cdde7b33a50562d783ee93bfa608 corporate/4.0/SRPMS/kernel-2.6.12.34mdk-1-1mdk.src.rpm

Corporate 4.0/X86_64:

371f8a2b038bbe058dea1666b3b186da corporate/4.0/x86_64/kernel-2.6.12.34mdk-1-1mdk.x86_64.rpm

c7c9bfe79048fb2f94ca600ddd2da911 corporate/4.0/x86_64/kernel-BOOT-2.6.12.34mdk-1-1mdk.x86_64.rpm

a27a0da5b9e28ce0193a83a75e6e73c8 corporate/4.0/x86_64/kernel-doc-2.6.12.34mdk-1-1mdk.x86_64.rpm

7615a2c0aee3363886f159f4bfc5f538 corporate/4.0/x86_64/kernel-smp-2.6.12.34mdk-1-1mdk.x86_64.rpm

0e896d19f066f836fcfb7dd470522d0c corporate/4.0/x86_64/kernel-source-2.6.12.34mdk-1-1mdk.x86_64.rpm

b09194d6e8a07b1ae836be6335808464 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.34mdk-1-1mdk.x86_64.rpm

6845355d4579b2f2933935c88567981b corporate/4.0/x86_64/kernel-xen0-2.6.12.34mdk-1-1mdk.x86_64.rpm

f0e8c8777c6da9db4dbea6de1b0fc920 corporate/4.0/x86_64/kernel-xenU-2.6.12.34mdk-1-1mdk.x86_64.rpm

5137cdde7b33a50562d783ee93bfa608 corporate/4.0/SRPMS/kernel-2.6.12.34mdk-1-1mdk.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIBMMImqjQ0CJFipgRAlhAAKCSx+207LFEtYh4kv4BwVKttP9FZgCg7HQy

WUkAh0LkTzVi1oZruujVLWk=

=oS67

-----END PGP SIGNATURE-----

------------=_1208292644-11275-2707

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1208292644-11275-2707--

Sign In

[Security Announce] [ MDVSA-2008:086 ] - Updated kernel packages fix vulnerability

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity