lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IQ5hZ-0006lG-Ju@artemis.annvix.ca>
Date: Tue, 28 Aug 2007 12:22:09 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:171 ] - Updated kernel packages fix
 multiple vulnerabilities and bugs


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:171
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : August 28, 2007
 Affected: 2007.0, 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 Some vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 The Linux kernel did not properly save or restore EFLAGS during a
 context switch, or reset the flags when creating new threads, which
 allowed local users to cause a denial of service (process crash)
 (CVE-2006-5755).
 
 The compat_sys_mount function in fs/compat.c allowed local users
 to cause a denial of service (NULL pointer dereference and oops)
 by mounting a smbfs file system in compatibility mode (CVE-2006-7203).
 
 The nfnetlink_log function in netfilter allowed an attacker to cause a
 denial of service (crash) via unspecified vectors which would trigger
 a NULL pointer dereference (CVE-2007-1496).
 
 The nf_conntrack function in netfilter did not set nfctinfo during
 reassembly of fragmented packets, which left the default value as
 IP_CT_ESTABLISHED and could allow remote attackers to bypass certain
 rulesets using IPv6 fragments (CVE-2007-1497).
 
 The netlink functionality did not properly handle NETLINK_FIB_LOOKUP
 replies, which allowed a remote attacker to cause a denial of service
 (resource consumption) via unspecified vectors, probably related to
 infinite recursion (CVE-2007-1861).
 
 A typo in the Linux kernel caused RTA_MAX to be used as an array size
 instead of RTN_MAX, which lead to an out of bounds access by certain
 functions (CVE-2007-2172).
 
 The IPv6 protocol allowed remote attackers to cause a denial of
 service via crafted IPv6 type 0 route headers that create network
 amplification between two routers (CVE-2007-2242).
 
 The random number feature did not properly seed pools when there was
 no entropy, or used an incorrect cast when extracting entropy, which
 could cause the random number generator to provide the same values
 after reboots on systems without an entropy source (CVE-2007-2453).
 
 A memory leak in the PPPoE socket implementation allowed local users
 to cause a denial of service (memory consumption) by creating a
 socket using connect, and releasing it before the PPPIOCGCHAN ioctl
 is initialized (CVE-2007-2525).
 
 An integer underflow in the cpuset_tasks_read function, when the cpuset
 filesystem is mounted, allowed local users to obtain kernel memory
 contents by using a large offset when reading the /dev/cpuset/tasks
 file (CVE-2007-2875).
 
 The sctp_new function in netfilter allowed remote attackers to cause
 a denial of service by causing certain invalid states that triggered
 a NULL pointer dereference (CVE-2007-2876).
 
 In addition to these security fixes, other fixes have been included
 such as:
 
   - Fix crash on netfilter when nfnetlink_log is used on certain
   hooks on packets forwarded to or from a bridge
   - Fixed busy sleep on IPVS which caused high load averages
   - Fixed possible race condition on ext[34]_link
   - Fixed missing braces in condition block that led to wrong behaviour
   in NFS
   - Fixed XFS lock deallocation that resulted in oops when unmounting
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1496
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1497
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2453
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2875
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d811181ab766c637c1f2c66d6e87e8d6  2007.0/i586/kernel-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 1085a0bf3e633334fc89c193d40520c5  2007.0/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 b192fa1b91318b4f821fcd1e9f76a03e  2007.0/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 54e08cecf37cacbfc490ae4a3eb803ba  2007.0/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 60eb7f61d0f91da0396ceb8cc0528a0b  2007.0/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 48bbb8ff51313a61e85562f3f5036832  2007.0/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 d6464e0a4512ae194a884a73d6196fc7  2007.0/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 4264a6f084147f6f401b5320689eab89  2007.0/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.i586.rpm 
 d6845e3410f8f468b2c1e30ce2a4c4de  2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 16c9da0d48ebe6391382921c10ccac97  2007.0/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 56f44a046c471d98d6778153cdee7a80  2007.0/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 dea95558e0ada5af5f05abbc0c79aaca  2007.0/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 de1f522536c1b6615b30269f6824ba18  2007.0/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 6001c99297c562f99c827ee123d9379c  2007.0/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 7534d9a0b31ad88e5191d94dcede38f9  2007.0/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm 
 d6845e3410f8f468b2c1e30ce2a4c4de  2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 7ecc4ad79ff8ba1f28d440aae4bae1e0  2007.1/i586/kernel-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 490f409ed0f979718b4491c79e90ca51  2007.1/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 eb01284da75d113ca144c75bdbf7bbd7  2007.1/i586/kernel-doc-latest-2.6.17-15mdv.i586.rpm
 f62258545c302e8bd6333fb1b22fdd1c  2007.1/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 d22574eaff9ffc7c66a1504bc8f5072e  2007.1/i586/kernel-enterprise-latest-2.6.17-15mdv.i586.rpm
 6721155375ef23a8d7fc6f005acb271e  2007.1/i586/kernel-latest-2.6.17-15mdv.i586.rpm
 93ec8479cf3b047f1d7b4a209641defe  2007.1/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 a2036553e6c5688c2d98041d7f784c96  2007.1/i586/kernel-legacy-latest-2.6.17-15mdv.i586.rpm
 718543542ed69def4d941d9abf51913c  2007.1/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 e808ecec927f34cd276eb0b8d40ae6a8  2007.1/i586/kernel-source-latest-2.6.17-15mdv.i586.rpm
 dfca6b82dc93cf8f8a1042c95e45c279  2007.1/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 a289ed33d6e597e7ddaab03fb7c7d726  2007.1/i586/kernel-source-stripped-latest-2.6.17-15mdv.i586.rpm
 d7302d839d738503b4fb79e187a7144c  2007.1/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 09cdb36a943e21a6e26a34879e8a7b94  2007.1/i586/kernel-xen0-latest-2.6.17-15mdv.i586.rpm
 baf363280921a090134bbe9e8e646f10  2007.1/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 90317de9412ace8f3f5d2d29dde72977  2007.1/i586/kernel-xenU-latest-2.6.17-15mdv.i586.rpm 
 364e7f83e4948ba15c894b4da4642161  2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 4b0a0e1ccbd82e9130243af1bf0a8848  2007.1/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 ef962dd6f6c5c6c0a88bf340701f6ba9  2007.1/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 2611fb6d342c0c57e68199ae9cff1aad  2007.1/x86_64/kernel-doc-latest-2.6.17-15mdv.x86_64.rpm
 002d07f36a0caf770b4e9be713421c1e  2007.1/x86_64/kernel-latest-2.6.17-15mdv.x86_64.rpm
 01a245502f9b0dd70bb03b81ab791951  2007.1/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 cde593c1b74843033072bf39b55aad51  2007.1/x86_64/kernel-source-latest-2.6.17-15mdv.x86_64.rpm
 6c80e89a69737f853a5c28a4ef9c26e8  2007.1/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 f36ca98ce2f577675e864feec1936d95  2007.1/x86_64/kernel-source-stripped-latest-2.6.17-15mdv.x86_64.rpm
 e8f1196c4a6a8c3948327c1fdb2287b3  2007.1/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 01f1acb664885bc6587b6cb96dec3de3  2007.1/x86_64/kernel-xen0-latest-2.6.17-15mdv.x86_64.rpm
 6eb46e2f4045b78d1f89f76a9ce04ee5  2007.1/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 bf51ac4bde7a22fb8c5d40fff840ed58  2007.1/x86_64/kernel-xenU-latest-2.6.17-15mdv.x86_64.rpm 
 364e7f83e4948ba15c894b4da4642161  2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG1D0umqjQ0CJFipgRAkSyAKD019hJJjDWCB8Eqfk0RFyiNCyNcACfUGxE
DeeWjRc5l2br5M4lW8brUtE=
=p1P4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ