lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IharI-00027o-6b@artemis.annvix.ca>
Date: Mon, 15 Oct 2007 19:04:26 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:196 ] - Updated kernel packages fix
 multiple vulnerabilities and bugs


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:196
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : October 15, 2007
 Affected: Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Some vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 The compat_sys_mount function in fs/compat.c allowed local users
 to cause a denial of service (NULL pointer dereference and oops)
 by mounting a smbfs file system in compatibility mode (CVE-2006-7203).
 
 The nf_conntrack function in netfilter did not set nfctinfo during
 reassembly of fragmented packets, which left the default value as
 IP_CT_ESTABLISHED and could allow remote attackers to bypass certain
 rulesets using IPv6 fragments (CVE-2007-1497).
 
 A typo in the Linux kernel caused RTA_MAX to be used as an array size
 instead of RTN_MAX, which lead to an out of bounds access by certain
 functions (CVE-2007-2172).
 
 The IPv6 protocol allowed remote attackers to cause a denial of
 service via crafted IPv6 type 0 route headers that create network
 amplification between two routers (CVE-2007-2242).
 
 The random number feature did not properly seed pools when there was
 no entropy, or used an incorrect cast when extracting entropy, which
 could cause the random number generator to provide the same values
 after reboots on systems without an entropy source (CVE-2007-2453).
 
 A memory leak in the PPPoE socket implementation allowed local users
 to cause a denial of service (memory consumption) by creating a
 socket using connect, and releasing it before the PPPIOCGCHAN ioctl
 is initialized (CVE-2007-2525).
 
 An integer underflow in the cpuset_tasks_read function, when the cpuset
 filesystem is mounted, allowed local users to obtain kernel memory
 contents by using a large offset when reading the /dev/cpuset/tasks
 file (CVE-2007-2875).
 
 The sctp_new function in netfilter allowed remote attackers to cause
 a denial of service by causing certain invalid states that triggered
 a NULL pointer dereference (CVE-2007-2876).
 
 A stack-based buffer overflow in the random number generator could
 allow local root users to cause a denial of service or gain privileges
 by setting the default wakeup threshold to a value greater than the
 output pool size (CVE-2007-3105).
 
 The lcd_write function did not limit the amount of memory used by
 a caller, which allows local users to cause a denial of service
 (memory consumption) (CVE-2007-3513).
 
 The Linux kernel allowed local users to send arbitrary signals
 to a child process that is running at higher privileges by
 causing a setuid-root parent process to die which delivered an
 attacker-controlled parent process death signal (PR_SET_PDEATHSIG)
 (CVE-2007-3848).
 
 The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer
 ioctl patch in aacraid did not check permissions for ioctls, which
 might allow local users to cause a denial of service or gain privileges
 (CVE-2007-4308).
 
 The IA32 system call emulation functionality, when running on the
 x86_64 architecture, did not zero extend the eax register after the
 32bit entry path to ptrace is used, which could allow local users to
 gain privileges by triggering an out-of-bounds access to the system
 call table using the %RAX register (CVE-2007-4573).
 
 In addition to these security fixes, other fixes have been included
 such as:
 
   - The 3w-9xxx module was updated to version 9.4.1.2, adding support
   for 9650SE
   - Fixed the build of e1000-ng
   - Added NIC support for MCP55
   - Added LSI Logic MegaRAID SAS 8300XLP support
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1497
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2453
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2875
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 4.0:
 3657c208eeb3c079d9ff0a4ca55a9b03  corporate/4.0/i586/kernel-2.6.12.32mdk-1-1mdk.i586.rpm
 0cd8fd1c504f3365fe503c4fd627b6ea  corporate/4.0/i586/kernel-BOOT-2.6.12.32mdk-1-1mdk.i586.rpm
 fbabe3497810452a0052bc67a5fb4f29  corporate/4.0/i586/kernel-doc-2.6.12.32mdk-1-1mdk.i586.rpm
 02edfc1bbb2bd826c4a9152d670cc2cc  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.32mdk-1-1mdk.i586.rpm
 88b0876de92beff866bb91ba57be0a70  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.32mdk-1-1mdk.i586.rpm
 e813926dc184e911deb62a1e34cff8ed  corporate/4.0/i586/kernel-smp-2.6.12.32mdk-1-1mdk.i586.rpm
 a8011ebbe529551463f87cc22f3da22f  corporate/4.0/i586/kernel-source-2.6.12.32mdk-1-1mdk.i586.rpm
 813ba955a1e9b5ff9834aeebbe477a93  corporate/4.0/i586/kernel-source-stripped-2.6.12.32mdk-1-1mdk.i586.rpm
 be08ad30fbc3988f654c1532e73fc330  corporate/4.0/i586/kernel-xbox-2.6.12.32mdk-1-1mdk.i586.rpm
 5894ac0216cf38203d2002a19db70c15  corporate/4.0/i586/kernel-xen0-2.6.12.32mdk-1-1mdk.i586.rpm
 62d5b93083df571edbf8785bc754dd6e  corporate/4.0/i586/kernel-xenU-2.6.12.32mdk-1-1mdk.i586.rpm 
 423fe3296a56ff845fd643890663cdee  corporate/4.0/SRPMS/kernel-2.6.12.32mdk-1-1mdk.src.rpm

 Corporate 4.0/X86_64:
 a51bd78ce00e65f7521625c8c67605f0  corporate/4.0/x86_64/kernel-2.6.12.32mdk-1-1mdk.x86_64.rpm
 8d407ed81be714537c2c957918cedfed  corporate/4.0/x86_64/kernel-BOOT-2.6.12.32mdk-1-1mdk.x86_64.rpm
 730c0bae9b443e5f9d8cb3c8a3486488  corporate/4.0/x86_64/kernel-doc-2.6.12.32mdk-1-1mdk.x86_64.rpm
 06391bd475945e8a8b76dcb33989fc83  corporate/4.0/x86_64/kernel-smp-2.6.12.32mdk-1-1mdk.x86_64.rpm
 bc9c9a881f18b5c2f892684aaeee84cf  corporate/4.0/x86_64/kernel-source-2.6.12.32mdk-1-1mdk.x86_64.rpm
 b0240b751985babe1aabda9c9e231a92  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.32mdk-1-1mdk.x86_64.rpm
 b1b4750de7daf9cb12ed0057a8851f32  corporate/4.0/x86_64/kernel-xen0-2.6.12.32mdk-1-1mdk.x86_64.rpm
 915a8eb87a9fc0c0deab5e696f27c59b  corporate/4.0/x86_64/kernel-xenU-2.6.12.32mdk-1-1mdk.x86_64.rpm 
 423fe3296a56ff845fd643890663cdee  corporate/4.0/SRPMS/kernel-2.6.12.32mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHE+PimqjQ0CJFipgRAprEAKCoEfNhoDZrxQng2IYqYumR/3zVvACeOoJQ
51R6ymKyEZNBb9xnSWE/E64=
=QWz7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ