lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MnKdQ-0003fF-SK@titan.mandriva.com>
Date: Tue, 15 Sep 2009 01:07:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:233 ] kernel


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:233
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kernel
 Date    : September 14, 2009
 Affected: 2008.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in the Linux 2.6 kernel:
 
 The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
 does not initialize all function pointers for socket operations
 in proto_ops structures, which allows local users to trigger a NULL
 pointer dereference and gain privileges by using mmap to map page zero,
 placing arbitrary code on this page, and then invoking an unavailable
 operation, as demonstrated by the sendpage operation on a PF_PPPOX
 socket. (CVE-2009-2692)
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 09f9ce71fb6eaec4ba06acde23ade724  2008.1/i586/kernel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 ae602cc8d9699174f7a547bb60e6aded  2008.1/i586/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 07852147042399185c1854c436206cad  2008.1/i586/kernel-desktop586-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 d2da36f55db468e58cb000f9f4b9b163  2008.1/i586/kernel-desktop586-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 cdacb4f44b0c88054866e168201af62e  2008.1/i586/kernel-desktop586-devel-latest-2.6.24.7-3mnb1.i586.rpm
 5b1e613192c0b43d39e5d1cf44dee7bc  2008.1/i586/kernel-desktop586-latest-2.6.24.7-3mnb1.i586.rpm
 8663e4966000f62a9d7e0f73ad0b5adb  2008.1/i586/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 e8fac7b0eb07e205af711bca89b60a28  2008.1/i586/kernel-desktop-devel-latest-2.6.24.7-3mnb1.i586.rpm
 e5f9266b2244a26c1d90ec87976fc5b0  2008.1/i586/kernel-desktop-latest-2.6.24.7-3mnb1.i586.rpm
 0c3d5a8181efe5b10e3afec16691fa4d  2008.1/i586/kernel-doc-2.6.24.7-3mnb1.i586.rpm
 db1296432ff88aa33410c8d3a1b1a2c0  2008.1/i586/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 0193271cabdc1f547a3432e8a99986b9  2008.1/i586/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 bdfab6a2386fa89dd250a494e725a5d9  2008.1/i586/kernel-laptop-devel-latest-2.6.24.7-3mnb1.i586.rpm
 7ed708045f382289fddddbd0e10a0ae9  2008.1/i586/kernel-laptop-latest-2.6.24.7-3mnb1.i586.rpm
 688c23aa32b234d6581a76adbe66ea8c  2008.1/i586/kernel-server-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 32f1a47070ee2a7f83a016d001bff014  2008.1/i586/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 04a464bf850a840fa27f5cf6068dccc4  2008.1/i586/kernel-server-devel-latest-2.6.24.7-3mnb1.i586.rpm
 f82288c9d9d250d6a01ff44bb98ea3ee  2008.1/i586/kernel-server-latest-2.6.24.7-3mnb1.i586.rpm
 a05598c1a1b1cef7c98f65b284a86cb5  2008.1/i586/kernel-source-2.6.24.7-3mnb-1-1mnb1.i586.rpm
 9ecb21b4c7fc58cc8231fb9979bed563  2008.1/i586/kernel-source-latest-2.6.24.7-3mnb1.i586.rpm 
 2f39f719d288c36c7600ce1ff3ce98b8  2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 ee40c52e1e9d7df0ff082c1132f78ca7  2008.1/x86_64/kernel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 62e03fc5353c7091da3f1e3d8684482b  2008.1/x86_64/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 53e78922ee128c8dd01fb992df712122  2008.1/x86_64/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 0da13998db3248630fa0da98f9061b2c  2008.1/x86_64/kernel-desktop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm
 81b720b2da87dcaa3c9a06522e3f106c  2008.1/x86_64/kernel-desktop-latest-2.6.24.7-3mnb1.x86_64.rpm
 f72b340ae0e01ed73d64e8f2962b4b4a  2008.1/x86_64/kernel-doc-2.6.24.7-3mnb1.x86_64.rpm
 3c9cf5d346d4fc5df58633d4a70abe27  2008.1/x86_64/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 8c3c36e81f42d1c2f29c9ed27200a9d8  2008.1/x86_64/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 751574973fc2aa889bbd7971bbc61596  2008.1/x86_64/kernel-laptop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm
 476b32a7eab657d18185f83f0faed3bc  2008.1/x86_64/kernel-laptop-latest-2.6.24.7-3mnb1.x86_64.rpm
 acc8e71cda1807fc12ec2c376adfd7e5  2008.1/x86_64/kernel-server-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 3f0dec17ff7636efc8e848bcc2dd5b44  2008.1/x86_64/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 dca5c6a627768b204f01076c4d237e03  2008.1/x86_64/kernel-server-devel-latest-2.6.24.7-3mnb1.x86_64.rpm
 d450db60670cc44a5bcd1291b6fba03e  2008.1/x86_64/kernel-server-latest-2.6.24.7-3mnb1.x86_64.rpm
 de4226fc5ba36a84e332f2a5afdf2212  2008.1/x86_64/kernel-source-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
 6e27e3e78a54a1e94e6c12716771c5a5  2008.1/x86_64/kernel-source-latest-2.6.24.7-3mnb1.x86_64.rpm 
 2f39f719d288c36c7600ce1ff3ce98b8  2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm

 Corporate 3.0:
 748af5e6897f2e461c61e52c34d80c80  corporate/3.0/i586/kernel-2.6.3.41mdk-1-1mdk.i586.rpm
 8fc6a7b3805adecb4a56534f12fcae90  corporate/3.0/i586/kernel-BOOT-2.6.3.41mdk-1-1mdk.i586.rpm
 956b447b815899a5db2a23efbd9c0706  corporate/3.0/i586/kernel-doc-2.6.3-41mdk.i586.rpm
 d3ef79f5b3b0d36d8f090d961a6d7227  corporate/3.0/i586/kernel-enterprise-2.6.3.41mdk-1-1mdk.i586.rpm
 99e24b00d352e7dbc0ceef3adb260e24  corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.41mdk-1-1mdk.i586.rpm
 f5b9b5c5af0289eadc0524fde55f158b  corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.41mdk-1-1mdk.i586.rpm
 7a28d45cc743da45609294b2845e10dc  corporate/3.0/i586/kernel-secure-2.6.3.41mdk-1-1mdk.i586.rpm
 f4758ba6a1c74188063baedf9e67ac28  corporate/3.0/i586/kernel-smp-2.6.3.41mdk-1-1mdk.i586.rpm
 2f000dc2f0618abc8c4d9a0039b223fd  corporate/3.0/i586/kernel-source-2.6.3-41mdk.i586.rpm
 c18f27937a3d4bc01beef22edbfb7db0  corporate/3.0/i586/kernel-source-stripped-2.6.3-41mdk.i586.rpm 
 05e587fc230c88937cb5944af4a6f046  corporate/3.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 1fc5885f0a82d5f6e6645c2438695cca  corporate/3.0/x86_64/kernel-2.6.3.41mdk-1-1mdk.x86_64.rpm
 bca522e3a26ba842e03f8a11163e0c96  corporate/3.0/x86_64/kernel-BOOT-2.6.3.41mdk-1-1mdk.x86_64.rpm
 b41ca978accdb24394fef601b1b8dc53  corporate/3.0/x86_64/kernel-doc-2.6.3-41mdk.x86_64.rpm
 9134977f58741a8523cbfb4a829516a6  corporate/3.0/x86_64/kernel-secure-2.6.3.41mdk-1-1mdk.x86_64.rpm
 2dbd7043da6a8d93be955c70c326d94c  corporate/3.0/x86_64/kernel-smp-2.6.3.41mdk-1-1mdk.x86_64.rpm
 d5a41e708c9d10f423b3b42cb1c468b5  corporate/3.0/x86_64/kernel-source-2.6.3-41mdk.x86_64.rpm
 8c3d5430f5271bb78e0d2956dacaf575  corporate/3.0/x86_64/kernel-source-stripped-2.6.3-41mdk.x86_64.rpm 
 05e587fc230c88937cb5944af4a6f046  corporate/3.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm

 Corporate 4.0:
 601bc40d3e1aee417e84a0ead160a7b0  corporate/4.0/i586/kernel-2.6.12.41mdk-1-1mdk.i586.rpm
 c063f187ac49fc74f221ad8ab7bf5262  corporate/4.0/i586/kernel-BOOT-2.6.12.41mdk-1-1mdk.i586.rpm
 b60281d821ea76fdb9675ff6bdaa81c4  corporate/4.0/i586/kernel-doc-2.6.12.41mdk-1-1mdk.i586.rpm
 62028f52a661b0bfb74db7f5a448b1bb  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.41mdk-1-1mdk.i586.rpm
 6b2a3b620559d0752c25176aecf6e57b  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.41mdk-1-1mdk.i586.rpm
 071c3988845e4a4992f111b7339157f3  corporate/4.0/i586/kernel-smp-2.6.12.41mdk-1-1mdk.i586.rpm
 74c2b1a2901e50bcad3890af6efcdf2c  corporate/4.0/i586/kernel-source-2.6.12.41mdk-1-1mdk.i586.rpm
 276dfcf2a9ae0910c8a9be627c0cf07e  corporate/4.0/i586/kernel-source-stripped-2.6.12.41mdk-1-1mdk.i586.rpm
 ba8334270d6b11740292a83fc4252baa  corporate/4.0/i586/kernel-xbox-2.6.12.41mdk-1-1mdk.i586.rpm
 e09627e78d3d6c25527f0e3eaae38ca7  corporate/4.0/i586/kernel-xen0-2.6.12.41mdk-1-1mdk.i586.rpm
 1644f80debb044913ad386009a4cc857  corporate/4.0/i586/kernel-xenU-2.6.12.41mdk-1-1mdk.i586.rpm 
 0661ee7f8519e51a45cd25b5f2161d6a  corporate/4.0/SRPMS/kernel-2.6.12.41mdk-1-1mdk.src.rpm

 Corporate 4.0/X86_64:
 9d30033bd14864bf5ee38ba2c9ab099e  corporate/4.0/x86_64/kernel-2.6.12.41mdk-1-1mdk.x86_64.rpm
 a058d1972e00d201d45a42296642309d  corporate/4.0/x86_64/kernel-BOOT-2.6.12.41mdk-1-1mdk.x86_64.rpm
 129fa378cd061fa034e5cff663231b71  corporate/4.0/x86_64/kernel-doc-2.6.12.41mdk-1-1mdk.x86_64.rpm
 37622197500de29d3735b27713c3f0d2  corporate/4.0/x86_64/kernel-smp-2.6.12.41mdk-1-1mdk.x86_64.rpm
 1181593c02d069fad2c3b358ac857b3b  corporate/4.0/x86_64/kernel-source-2.6.12.41mdk-1-1mdk.x86_64.rpm
 b010075acfcab9ef7c9d5dce39a77ea0  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.41mdk-1-1mdk.x86_64.rpm
 12239493b97086a4f49a7c0b66b99407  corporate/4.0/x86_64/kernel-xen0-2.6.12.41mdk-1-1mdk.x86_64.rpm
 a014566de60953577fad67048c2fda54  corporate/4.0/x86_64/kernel-xenU-2.6.12.41mdk-1-1mdk.x86_64.rpm 
 0661ee7f8519e51a45cd25b5f2161d6a  corporate/4.0/SRPMS/kernel-2.6.12.41mdk-1-1mdk.src.rpm

 Multi Network Firewall 2.0:
 748af5e6897f2e461c61e52c34d80c80  mnf/2.0/i586/kernel-2.6.3.41mdk-1-1mdk.i586.rpm
 8fc6a7b3805adecb4a56534f12fcae90  mnf/2.0/i586/kernel-BOOT-2.6.3.41mdk-1-1mdk.i586.rpm
 956b447b815899a5db2a23efbd9c0706  mnf/2.0/i586/kernel-doc-2.6.3-41mdk.i586.rpm
 d3ef79f5b3b0d36d8f090d961a6d7227  mnf/2.0/i586/kernel-enterprise-2.6.3.41mdk-1-1mdk.i586.rpm
 99e24b00d352e7dbc0ceef3adb260e24  mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.41mdk-1-1mdk.i586.rpm
 f5b9b5c5af0289eadc0524fde55f158b  mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.41mdk-1-1mdk.i586.rpm
 7a28d45cc743da45609294b2845e10dc  mnf/2.0/i586/kernel-secure-2.6.3.41mdk-1-1mdk.i586.rpm
 f4758ba6a1c74188063baedf9e67ac28  mnf/2.0/i586/kernel-smp-2.6.3.41mdk-1-1mdk.i586.rpm
 2f000dc2f0618abc8c4d9a0039b223fd  mnf/2.0/i586/kernel-source-2.6.3-41mdk.i586.rpm
 c18f27937a3d4bc01beef22edbfb7db0  mnf/2.0/i586/kernel-source-stripped-2.6.3-41mdk.i586.rpm 
 05e587fc230c88937cb5944af4a6f046  mnf/2.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKrp/xmqjQ0CJFipgRAjA1AJwMnryyeZQDX35q8ti4c9R+rerqwwCgsfVU
HAazQp7JoMOduywRS/LC0SQ=
=iCPs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ