[Security Announce] [ MDVSA-2008:105 ] - Updated kernel packages fix vulnerabilities

news · May 21, 2008

This is a multi-part message in MIME format...

------------=_1211375441-11275-4828

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:105

http://www.mandriva.com/security/

_______________________________________________________________________

Package : kernel

Date : May 21, 2008

Affected: 2007.1

_______________________________________________________________________

Problem Description:

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix

extension support is enabled, does not honor the umask of a process,

which allows local users to gain privileges. (CVE-2007-3740)

The drm/i915 component in the Linux kernel before 2.6.22.2, when

used with i965G and later chipsets, allows local users with access

to an X11 session and Direct Rendering Manager (DRM) to write

to arbitrary memory locations and gain privileges via a crafted

batchbuffer. (CVE-2007-3851)

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions

in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform

certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE

units, which allows local users to cause a denial of service (panic)

via unspecified vectors. (CVE-2007-4133)

The IA32 system call emulation functionality in Linux kernel 2.4.x

and 2.6.x before 2.6.22.7, when running on the x86_64 architecture,

does not zero extend the eax register after the 32bit entry path to

ptrace is used, which might allow local users to gain privileges by

triggering an out-of-bounds access to the system call table using

the %RAX register. This vulnerability is now being fixed in the Xen

kernel too. (CVE-2007-4573)

Integer underflow in the ieee80211_rx function in

net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before

2.6.23 allows remote attackers to cause a denial of service (crash)

via a crafted SKB length value in a runt IEEE 802.11 frame when

the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two

error. (CVE-2007-4997)

The disconnect method in the Philips USB Webcam (pwc) driver in Linux

kernel 2.6.x before 2.6.22.6 relies on user space to close the device,

which allows user-assisted local attackers to cause a denial of service

(USB subsystem hang and CPU consumption in khubd) by not closing the

device after the disconnect is invoked. NOTE: this rarely crosses

privilege boundaries, unless the attacker can convince the victim to

unplug the affected device. (CVE-2007-5093)

A race condition in the directory notification subsystem (dnotify)

in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1,

allows local users to cause a denial of service (OOPS) and possibly

gain privileges via unspecified vectors. (CVE-2008-1375)

The Linux kernel before 2.6.25.2 does not apply a certain protection

mechanism for fcntl functionality, which allows local users to (1)

execute code in parallel or (2) exploit a race condition to obtain

re-ordered access to the descriptor table. (CVE-2008-1669)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3851

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4133

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:

c4a2d4a2c510a0b264ecc556ae95d9c1 2007.1/i586/kernel-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

8a9067dced69f2a98d84a91b565d53b2 2007.1/i586/kernel-doc-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

3781406fba53b54e10f10c673ad54734 2007.1/i586/kernel-doc-latest-2.6.17-18mdv.i586.rpm

0ab62eecb317efb9f395067acff4f197 2007.1/i586/kernel-enterprise-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

fa94fc4948555ddae5f333e51c1edac5 2007.1/i586/kernel-enterprise-latest-2.6.17-18mdv.i586.rpm

0997abceef3793c25a8fa5fee56af005 2007.1/i586/kernel-latest-2.6.17-18mdv.i586.rpm

02b79be3ea9a145e8e264e2f104c27fb 2007.1/i586/kernel-legacy-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

53e8e4e029f99fede270f4a4e9b1f105 2007.1/i586/kernel-legacy-latest-2.6.17-18mdv.i586.rpm

b38fcb899cd7e473bd07ab296a0edc52 2007.1/i586/kernel-source-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

df638346ea8e84c542b5d54173ef40f7 2007.1/i586/kernel-source-latest-2.6.17-18mdv.i586.rpm

5749113a50606c4f81f1371150c59041 2007.1/i586/kernel-source-stripped-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

bb3e5dddd12bfc05809a83f9c5e5a568 2007.1/i586/kernel-source-stripped-latest-2.6.17-18mdv.i586.rpm

4d4708a7c62727c704db6fa7a244d426 2007.1/i586/kernel-xen0-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

44b7732796ed652fc66034a2e1983f29 2007.1/i586/kernel-xen0-latest-2.6.17-18mdv.i586.rpm

1d6b03aad48cbe295ad461605d234eac 2007.1/i586/kernel-xenU-2.6.17.18mdv-1-1mdv2007.1.i586.rpm

af2a8a7596097a04a22292686da8471f 2007.1/i586/kernel-xenU-latest-2.6.17-18mdv.i586.rpm

327a8315418ff84959418928fc9873a5 2007.1/SRPMS/kernel-2.6.17.18mdv-1-1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:

4b114a0b6712df7b93582805489a0e18 2007.1/x86_64/kernel-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm

fb4214952ca5cc240adaeec74e377181 2007.1/x86_64/kernel-doc-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm

30744081c4e43f608359eea6e201a4cd 2007.1/x86_64/kernel-doc-latest-2.6.17-18mdv.x86_64.rpm

0e8a29bbe26469de5ec6e9ec44b02c13 2007.1/x86_64/kernel-latest-2.6.17-18mdv.x86_64.rpm

1f3a2aa6965565c2db3bb5ca823fb546 2007.1/x86_64/kernel-source-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm

7f3564691ddacf4e8a7d4ce874b8a33e 2007.1/x86_64/kernel-source-latest-2.6.17-18mdv.x86_64.rpm

fe9ecda0a6ea8a0723898ccda5292bc8 2007.1/x86_64/kernel-source-stripped-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm

f7c9adbabba9b8a56fec55715a1e4858 2007.1/x86_64/kernel-source-stripped-latest-2.6.17-18mdv.x86_64.rpm

3e9422670548692022834ac806204fb8 2007.1/x86_64/kernel-xen0-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm

2c18b8148db64d58d2a076b0b0b13d21 2007.1/x86_64/kernel-xen0-latest-2.6.17-18mdv.x86_64.rpm

10f28963d97d785b4bbea94610e4d478 2007.1/x86_64/kernel-xenU-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm

efa8b29e7e3d5907ccdf917514797e07 2007.1/x86_64/kernel-xenU-latest-2.6.17-18mdv.x86_64.rpm

327a8315418ff84959418928fc9873a5 2007.1/SRPMS/kernel-2.6.17.18mdv-1-1mdv2007.1.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIM/QcmqjQ0CJFipgRAua3AKCyF+W5X84EyQ0rcplkQs8m3TeBDQCgvo2f

AEfloFQ4ShfC936g0fSh5vo=

=RHR2

-----END PGP SIGNATURE-----

------------=_1211375441-11275-4828

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1211375441-11275-4828--

Sign In

[Security Announce] [ MDVSA-2008:105 ] - Updated kernel packages fix vulnerabilities

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity