The Mandriva Security Team published a new security update: MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: kernel
Advisory ID: MDKSA-2005:171
Date: October 3rd, 2005

Affected versions: Corporate 3.0, Multi Network Firewall 2.0
______________________________________________________________________

Problem Description:

A number of vulnerabilities in the 2.6 Linux kernel have been corrected
with these updated packages:

An array index overflow in the xfrm_sk_policy_insert function could
allow a local user to cause a Denial of Service (oops or deadlock) and
possibly execute arbitrary code (CAN-2005-2456).

The zlib routines in the Linux 2.6 kernel before 2.6.12.5 allowed a
remote attacker to cause a DoS (crash) via a compressed file with
"improper tables" (CAN-2005-2458).

The huft_build function in the zlib routines in Linux 2.6 kernels prior
to 2.6.12.5 returned the wrong value, allowing remote attackers to
cause a DoS (crash) via a certain compressed file (CAN-2005-2459).

A stack-based buffer overflow in the sendmsg function call in Linux 2.6
kernels prior to 2.6.13.1 allow local users to execute arbitrary code by
calling sendmsg and modifying the message contents in another thread
(CAN-2005-2490).

xattr.c in the ext2 and ext3 file system code in the 2.6 Linux kernel
did not properly compare the name_index fields when sharing xattr
blocks which would prevent default ACLs from being applied
(CAN-2005-2801).

The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 when
running on 64-bit processors allowed remote attackers to cause a DoS
(kernel panic) via certain attacks such as SSH brute force
(CAN-2005-2872).

The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 did
not properly perform certain time tests when the jiffies value is
greater than LONG_MAX which could cause ipt_recent netfilter rules to
block too early (CAN-2005-2873).

The updated packages have been patched to address these issues and all
users are urged to upgrade immediately.

Updated kernels for Mandrivalinux 10.1 and later will be made available
soon.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2873
______________________________________________________________________

Updated Packages:

Multi Network Firewall 2.0:
f7468b4d253251b7c7a5ee84571193c5 mnf/2.0/RPMS/kernel-2.6.3.28mdk-1-1mdk.i586.rpm
a9d37454e919b348a708922d2aece2ca mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.28mdk-1-1mdk.i586.rpm
790766354d63b081ce608ee769b73574 mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.28mdk-1-1mdk.i586.rpm
c5a5e24e5cc9b8c9cc17867966a3d70b mnf/2.0/RPMS/kernel-secure-2.6.3.28mdk-1-1mdk.i586.rpm
7cdb6d2c133e02457229ef6eb2a7b405 mnf/2.0/RPMS/kernel-smp-2.6.3.28mdk-1-1mdk.i586.rpm
9c8a3b678f7a51be86a3555542a59188 mnf/2.0/SRPMS/kernel-2.6.3.28mdk-1-1mdk.src.rpm

Corporate 3.0:
0f6c6ac828beca090b72d4f25b34ded2 corporate/3.0/RPMS/kernel-2.6.3.28mdk-1-1mdk.i586.rpm
8b228ab0567e6f8cae1e15fe44261f97 corporate/3.0/RPMS/kernel-enterprise-2.6.3.28mdk-1-1mdk.i586.rpm
4177dbd5341d41d1605b83546b1b419b corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.28mdk-1-1mdk.i586.rpm
543e310e249819d29d19354cac294376 corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.28mdk-1-1mdk.i586.rpm
0a6fd8b7c3434a6e903fa2183e5ef23c corporate/3.0/RPMS/kernel-secure-2.6.3.28mdk-1-1mdk.i586.rpm
fccb12c9f27dc1b72e4d1ff212ae29d0 corporate/3.0/RPMS/kernel-smp-2.6.3.28mdk-1-1mdk.i586.rpm
15a9d0b1914ca4b47dc49d694ede1c33 corporate/3.0/RPMS/kernel-source-2.6.3-28mdk.i586.rpm
a62fc25d549523e00efa006644543dda corporate/3.0/RPMS/kernel-source-stripped-2.6.3-28mdk.i586.rpm
9c8a3b678f7a51be86a3555542a59188 corporate/3.0/SRPMS/kernel-2.6.3.28mdk-1-1mdk.src.rpm

Corporate 3.0/X86_64:
8ad1a6656bc68149b775b6012b4b3d10 x86_64/corporate/3.0/RPMS/kernel-2.6.3.28mdk-1-1mdk.x86_64.rpm
aced128f099513e241f79bceaff13733 x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.28mdk-1-1mdk.x86_64.rpm
c67c7c76be4a011de9a6e2c26bd22af6 x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.28mdk-1-1mdk.x86_64.rpm
aef5ccc688591da64d004c4eb50a8ad4 x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-28mdk.x86_64.rpm
2436bca0b07afefecdba53f24a9c8f73 x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-28mdk.x86_64.rpm
9c8a3b678f7a51be86a3555542a59188 x86_64/corporate/3.0/SRPMS/kernel-2.6.3.28mdk-1-1mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFDQYqfmqjQ0CJFipgRAtX1AJdFRzM+/cDxTBJOqggaWYJRnx7qAJ9X2Vj+
/YNgKCYAG4fmgHqcRWxRcQ==
=CaUY
-----END PGP SIGNATURE-----