[Security Announce] [ MDKSA-2007:171 ] - Updated kernel packages fix multiple vulnerabilities and bugs
Posted on: 08/28/2007 10:25 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:171
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : August 28, 2007
Affected: 2007.0, 2007.1
_______________________________________________________________________

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The Linux kernel did not properly save or restore EFLAGS during a
context switch, or reset the flags when creating new threads, which
allowed local users to cause a denial of service (process crash)
(CVE-2006-5755).

The compat_sys_mount function in fs/compat.c allowed local users
to cause a denial of service (NULL pointer dereference and oops)
by mounting a smbfs file system in compatibility mode (CVE-2006-7203).

The nfnetlink_log function in netfilter allowed an attacker to cause a
denial of service (crash) via unspecified vectors which would trigger
a NULL pointer dereference (CVE-2007-1496).

The nf_conntrack function in netfilter did not set nfctinfo during
reassembly of fragmented packets, which left the default value as
IP_CT_ESTABLISHED and could allow remote attackers to bypass certain
rulesets using IPv6 fragments (CVE-2007-1497).

The netlink functionality did not properly handle NETLINK_FIB_LOOKUP
replies, which allowed a remote attacker to cause a denial of service
(resource consumption) via unspecified vectors, probably related to
infinite recursion (CVE-2007-1861).

A typo in the Linux kernel caused RTA_MAX to be used as an array size
instead of RTN_MAX, which lead to an out of bounds access by certain
functions (CVE-2007-2172).

The IPv6 protocol allowed remote attackers to cause a denial of
service via crafted IPv6 type 0 route headers that create network
amplification between two routers (CVE-2007-2242).

The random number feature did not properly seed pools when there was
no entropy, or used an incorrect cast when extracting entropy, which
could cause the random number generator to provide the same values
after reboots on systems without an entropy source (CVE-2007-2453).

A memory leak in the PPPoE socket implementation allowed local users
to cause a denial of service (memory consumption) by creating a
socket using connect, and releasing it before the PPPIOCGCHAN ioctl
is initialized (CVE-2007-2525).

An integer underflow in the cpuset_tasks_read function, when the cpuset
filesystem is mounted, allowed local users to obtain kernel memory
contents by using a large offset when reading the /dev/cpuset/tasks
file (CVE-2007-2875).

The sctp_new function in netfilter allowed remote attackers to cause
a denial of service by causing certain invalid states that triggered
a NULL pointer dereference (CVE-2007-2876).

In addition to these security fixes, other fixes have been included
such as:

- Fix crash on netfilter when nfnetlink_log is used on certain
hooks on packets forwarded to or from a bridge
- Fixed busy sleep on IPVS which caused high load averages
- Fixed possible race condition on ext[34]_link
- Fixed missing braces in condition block that led to wrong behaviour
in NFS
- Fixed XFS lock deallocation that resulted in oops when unmounting

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
d811181ab766c637c1f2c66d6e87e8d6 2007.0/i586/kernel-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
1085a0bf3e633334fc89c193d40520c5 2007.0/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
b192fa1b91318b4f821fcd1e9f76a03e 2007.0/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
54e08cecf37cacbfc490ae4a3eb803ba 2007.0/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
60eb7f61d0f91da0396ceb8cc0528a0b 2007.0/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
48bbb8ff51313a61e85562f3f5036832 2007.0/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
d6464e0a4512ae194a884a73d6196fc7 2007.0/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
4264a6f084147f6f401b5320689eab89 2007.0/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
d6845e3410f8f468b2c1e30ce2a4c4de 2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
16c9da0d48ebe6391382921c10ccac97 2007.0/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
56f44a046c471d98d6778153cdee7a80 2007.0/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
dea95558e0ada5af5f05abbc0c79aaca 2007.0/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
de1f522536c1b6615b30269f6824ba18 2007.0/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
6001c99297c562f99c827ee123d9379c 2007.0/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
7534d9a0b31ad88e5191d94dcede38f9 2007.0/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
d6845e3410f8f468b2c1e30ce2a4c4de 2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
7ecc4ad79ff8ba1f28d440aae4bae1e0 2007.1/i586/kernel-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
490f409ed0f979718b4491c79e90ca51 2007.1/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
eb01284da75d113ca144c75bdbf7bbd7 2007.1/i586/kernel-doc-latest-2.6.17-15mdv.i586.rpm
f62258545c302e8bd6333fb1b22fdd1c 2007.1/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
d22574eaff9ffc7c66a1504bc8f5072e 2007.1/i586/kernel-enterprise-latest-2.6.17-15mdv.i586.rpm
6721155375ef23a8d7fc6f005acb271e 2007.1/i586/kernel-latest-2.6.17-15mdv.i586.rpm
93ec8479cf3b047f1d7b4a209641defe 2007.1/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
a2036553e6c5688c2d98041d7f784c96 2007.1/i586/kernel-legacy-latest-2.6.17-15mdv.i586.rpm
718543542ed69def4d941d9abf51913c 2007.1/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
e808ecec927f34cd276eb0b8d40ae6a8 2007.1/i586/kernel-source-latest-2.6.17-15mdv.i586.rpm
dfca6b82dc93cf8f8a1042c95e45c279 2007.1/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
a289ed33d6e597e7ddaab03fb7c7d726 2007.1/i586/kernel-source-stripped-latest-2.6.17-15mdv.i586.rpm
d7302d839d738503b4fb79e187a7144c 2007.1/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
09cdb36a943e21a6e26a34879e8a7b94 2007.1/i586/kernel-xen0-latest-2.6.17-15mdv.i586.rpm
baf363280921a090134bbe9e8e646f10 2007.1/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
90317de9412ace8f3f5d2d29dde72977 2007.1/i586/kernel-xenU-latest-2.6.17-15mdv.i586.rpm
364e7f83e4948ba15c894b4da4642161 2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
4b0a0e1ccbd82e9130243af1bf0a8848 2007.1/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
ef962dd6f6c5c6c0a88bf340701f6ba9 2007.1/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
2611fb6d342c0c57e68199ae9cff1aad 2007.1/x86_64/kernel-doc-latest-2.6.17-15mdv.x86_64.rpm
002d07f36a0caf770b4e9be713421c1e 2007.1/x86_64/kernel-latest-2.6.17-15mdv.x86_64.rpm
01a245502f9b0dd70bb03b81ab791951 2007.1/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
cde593c1b74843033072bf39b55aad51 2007.1/x86_64/kernel-source-latest-2.6.17-15mdv.x86_64.rpm
6c80e89a69737f853a5c28a4ef9c26e8 2007.1/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
f36ca98ce2f577675e864feec1936d95 2007.1/x86_64/kernel-source-stripped-latest-2.6.17-15mdv.x86_64.rpm
e8f1196c4a6a8c3948327c1fdb2287b3 2007.1/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
01f1acb664885bc6587b6cb96dec3de3 2007.1/x86_64/kernel-xen0-latest-2.6.17-15mdv.x86_64.rpm
6eb46e2f4045b78d1f89f76a9ce04ee5 2007.1/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
bf51ac4bde7a22fb8c5d40fff840ed58 2007.1/x86_64/kernel-xenU-latest-2.6.17-15mdv.x86_64.rpm
364e7f83e4948ba15c894b4da4642161 2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG1D0umqjQ0CJFipgRAkSyAKD019hJJjDWCB8Eqfk0RFyiNCyNcACfUGxE
DeeWjRc5l2br5M4lW8brUtE=
=p1P4
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007171__updated_kernel_packages_fix_multiple_vulnerabilities_and_bugs.html)