[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MnKdR-0003fJ-0A@titan.mandriva.com>
Date: Tue, 15 Sep 2009 01:07:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:233 ] kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:233
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : September 14, 2009
Affected: 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
does not initialize all function pointers for socket operations
in proto_ops structures, which allows local users to trigger a NULL
pointer dereference and gain privileges by using mmap to map page zero,
placing arbitrary code on this page, and then invoking an unavailable
operation, as demonstrated by the sendpage operation on a PF_PPPOX
socket. (CVE-2009-2692)
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
09f9ce71fb6eaec4ba06acde23ade724 2008.1/i586/kernel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
ae602cc8d9699174f7a547bb60e6aded 2008.1/i586/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.i586.rpm
07852147042399185c1854c436206cad 2008.1/i586/kernel-desktop586-2.6.24.7-3mnb-1-1mnb1.i586.rpm
d2da36f55db468e58cb000f9f4b9b163 2008.1/i586/kernel-desktop586-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
cdacb4f44b0c88054866e168201af62e 2008.1/i586/kernel-desktop586-devel-latest-2.6.24.7-3mnb1.i586.rpm
5b1e613192c0b43d39e5d1cf44dee7bc 2008.1/i586/kernel-desktop586-latest-2.6.24.7-3mnb1.i586.rpm
8663e4966000f62a9d7e0f73ad0b5adb 2008.1/i586/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
e8fac7b0eb07e205af711bca89b60a28 2008.1/i586/kernel-desktop-devel-latest-2.6.24.7-3mnb1.i586.rpm
e5f9266b2244a26c1d90ec87976fc5b0 2008.1/i586/kernel-desktop-latest-2.6.24.7-3mnb1.i586.rpm
0c3d5a8181efe5b10e3afec16691fa4d 2008.1/i586/kernel-doc-2.6.24.7-3mnb1.i586.rpm
db1296432ff88aa33410c8d3a1b1a2c0 2008.1/i586/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.i586.rpm
0193271cabdc1f547a3432e8a99986b9 2008.1/i586/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
bdfab6a2386fa89dd250a494e725a5d9 2008.1/i586/kernel-laptop-devel-latest-2.6.24.7-3mnb1.i586.rpm
7ed708045f382289fddddbd0e10a0ae9 2008.1/i586/kernel-laptop-latest-2.6.24.7-3mnb1.i586.rpm
688c23aa32b234d6581a76adbe66ea8c 2008.1/i586/kernel-server-2.6.24.7-3mnb-1-1mnb1.i586.rpm
32f1a47070ee2a7f83a016d001bff014 2008.1/i586/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm
04a464bf850a840fa27f5cf6068dccc4 2008.1/i586/kernel-server-devel-latest-2.6.24.7-3mnb1.i586.rpm
f82288c9d9d250d6a01ff44bb98ea3ee 2008.1/i586/kernel-server-latest-2.6.24.7-3mnb1.i586.rpm
a05598c1a1b1cef7c98f65b284a86cb5 2008.1/i586/kernel-source-2.6.24.7-3mnb-1-1mnb1.i586.rpm
9ecb21b4c7fc58cc8231fb9979bed563 2008.1/i586/kernel-source-latest-2.6.24.7-3mnb1.i586.rpm
2f39f719d288c36c7600ce1ff3ce98b8 2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm
Mandriva Linux 2008.1/X86_64:
ee40c52e1e9d7df0ff082c1132f78ca7 2008.1/x86_64/kernel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
62e03fc5353c7091da3f1e3d8684482b 2008.1/x86_64/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
53e78922ee128c8dd01fb992df712122 2008.1/x86_64/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
0da13998db3248630fa0da98f9061b2c 2008.1/x86_64/kernel-desktop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm
81b720b2da87dcaa3c9a06522e3f106c 2008.1/x86_64/kernel-desktop-latest-2.6.24.7-3mnb1.x86_64.rpm
f72b340ae0e01ed73d64e8f2962b4b4a 2008.1/x86_64/kernel-doc-2.6.24.7-3mnb1.x86_64.rpm
3c9cf5d346d4fc5df58633d4a70abe27 2008.1/x86_64/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
8c3c36e81f42d1c2f29c9ed27200a9d8 2008.1/x86_64/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
751574973fc2aa889bbd7971bbc61596 2008.1/x86_64/kernel-laptop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm
476b32a7eab657d18185f83f0faed3bc 2008.1/x86_64/kernel-laptop-latest-2.6.24.7-3mnb1.x86_64.rpm
acc8e71cda1807fc12ec2c376adfd7e5 2008.1/x86_64/kernel-server-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
3f0dec17ff7636efc8e848bcc2dd5b44 2008.1/x86_64/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
dca5c6a627768b204f01076c4d237e03 2008.1/x86_64/kernel-server-devel-latest-2.6.24.7-3mnb1.x86_64.rpm
d450db60670cc44a5bcd1291b6fba03e 2008.1/x86_64/kernel-server-latest-2.6.24.7-3mnb1.x86_64.rpm
de4226fc5ba36a84e332f2a5afdf2212 2008.1/x86_64/kernel-source-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm
6e27e3e78a54a1e94e6c12716771c5a5 2008.1/x86_64/kernel-source-latest-2.6.24.7-3mnb1.x86_64.rpm
2f39f719d288c36c7600ce1ff3ce98b8 2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm
Corporate 3.0:
748af5e6897f2e461c61e52c34d80c80 corporate/3.0/i586/kernel-2.6.3.41mdk-1-1mdk.i586.rpm
8fc6a7b3805adecb4a56534f12fcae90 corporate/3.0/i586/kernel-BOOT-2.6.3.41mdk-1-1mdk.i586.rpm
956b447b815899a5db2a23efbd9c0706 corporate/3.0/i586/kernel-doc-2.6.3-41mdk.i586.rpm
d3ef79f5b3b0d36d8f090d961a6d7227 corporate/3.0/i586/kernel-enterprise-2.6.3.41mdk-1-1mdk.i586.rpm
99e24b00d352e7dbc0ceef3adb260e24 corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.41mdk-1-1mdk.i586.rpm
f5b9b5c5af0289eadc0524fde55f158b corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.41mdk-1-1mdk.i586.rpm
7a28d45cc743da45609294b2845e10dc corporate/3.0/i586/kernel-secure-2.6.3.41mdk-1-1mdk.i586.rpm
f4758ba6a1c74188063baedf9e67ac28 corporate/3.0/i586/kernel-smp-2.6.3.41mdk-1-1mdk.i586.rpm
2f000dc2f0618abc8c4d9a0039b223fd corporate/3.0/i586/kernel-source-2.6.3-41mdk.i586.rpm
c18f27937a3d4bc01beef22edbfb7db0 corporate/3.0/i586/kernel-source-stripped-2.6.3-41mdk.i586.rpm
05e587fc230c88937cb5944af4a6f046 corporate/3.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm
Corporate 3.0/X86_64:
1fc5885f0a82d5f6e6645c2438695cca corporate/3.0/x86_64/kernel-2.6.3.41mdk-1-1mdk.x86_64.rpm
bca522e3a26ba842e03f8a11163e0c96 corporate/3.0/x86_64/kernel-BOOT-2.6.3.41mdk-1-1mdk.x86_64.rpm
b41ca978accdb24394fef601b1b8dc53 corporate/3.0/x86_64/kernel-doc-2.6.3-41mdk.x86_64.rpm
9134977f58741a8523cbfb4a829516a6 corporate/3.0/x86_64/kernel-secure-2.6.3.41mdk-1-1mdk.x86_64.rpm
2dbd7043da6a8d93be955c70c326d94c corporate/3.0/x86_64/kernel-smp-2.6.3.41mdk-1-1mdk.x86_64.rpm
d5a41e708c9d10f423b3b42cb1c468b5 corporate/3.0/x86_64/kernel-source-2.6.3-41mdk.x86_64.rpm
8c3d5430f5271bb78e0d2956dacaf575 corporate/3.0/x86_64/kernel-source-stripped-2.6.3-41mdk.x86_64.rpm
05e587fc230c88937cb5944af4a6f046 corporate/3.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm
Corporate 4.0:
601bc40d3e1aee417e84a0ead160a7b0 corporate/4.0/i586/kernel-2.6.12.41mdk-1-1mdk.i586.rpm
c063f187ac49fc74f221ad8ab7bf5262 corporate/4.0/i586/kernel-BOOT-2.6.12.41mdk-1-1mdk.i586.rpm
b60281d821ea76fdb9675ff6bdaa81c4 corporate/4.0/i586/kernel-doc-2.6.12.41mdk-1-1mdk.i586.rpm
62028f52a661b0bfb74db7f5a448b1bb corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.41mdk-1-1mdk.i586.rpm
6b2a3b620559d0752c25176aecf6e57b corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.41mdk-1-1mdk.i586.rpm
071c3988845e4a4992f111b7339157f3 corporate/4.0/i586/kernel-smp-2.6.12.41mdk-1-1mdk.i586.rpm
74c2b1a2901e50bcad3890af6efcdf2c corporate/4.0/i586/kernel-source-2.6.12.41mdk-1-1mdk.i586.rpm
276dfcf2a9ae0910c8a9be627c0cf07e corporate/4.0/i586/kernel-source-stripped-2.6.12.41mdk-1-1mdk.i586.rpm
ba8334270d6b11740292a83fc4252baa corporate/4.0/i586/kernel-xbox-2.6.12.41mdk-1-1mdk.i586.rpm
e09627e78d3d6c25527f0e3eaae38ca7 corporate/4.0/i586/kernel-xen0-2.6.12.41mdk-1-1mdk.i586.rpm
1644f80debb044913ad386009a4cc857 corporate/4.0/i586/kernel-xenU-2.6.12.41mdk-1-1mdk.i586.rpm
0661ee7f8519e51a45cd25b5f2161d6a corporate/4.0/SRPMS/kernel-2.6.12.41mdk-1-1mdk.src.rpm
Corporate 4.0/X86_64:
9d30033bd14864bf5ee38ba2c9ab099e corporate/4.0/x86_64/kernel-2.6.12.41mdk-1-1mdk.x86_64.rpm
a058d1972e00d201d45a42296642309d corporate/4.0/x86_64/kernel-BOOT-2.6.12.41mdk-1-1mdk.x86_64.rpm
129fa378cd061fa034e5cff663231b71 corporate/4.0/x86_64/kernel-doc-2.6.12.41mdk-1-1mdk.x86_64.rpm
37622197500de29d3735b27713c3f0d2 corporate/4.0/x86_64/kernel-smp-2.6.12.41mdk-1-1mdk.x86_64.rpm
1181593c02d069fad2c3b358ac857b3b corporate/4.0/x86_64/kernel-source-2.6.12.41mdk-1-1mdk.x86_64.rpm
b010075acfcab9ef7c9d5dce39a77ea0 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.41mdk-1-1mdk.x86_64.rpm
12239493b97086a4f49a7c0b66b99407 corporate/4.0/x86_64/kernel-xen0-2.6.12.41mdk-1-1mdk.x86_64.rpm
a014566de60953577fad67048c2fda54 corporate/4.0/x86_64/kernel-xenU-2.6.12.41mdk-1-1mdk.x86_64.rpm
0661ee7f8519e51a45cd25b5f2161d6a corporate/4.0/SRPMS/kernel-2.6.12.41mdk-1-1mdk.src.rpm
Multi Network Firewall 2.0:
748af5e6897f2e461c61e52c34d80c80 mnf/2.0/i586/kernel-2.6.3.41mdk-1-1mdk.i586.rpm
8fc6a7b3805adecb4a56534f12fcae90 mnf/2.0/i586/kernel-BOOT-2.6.3.41mdk-1-1mdk.i586.rpm
956b447b815899a5db2a23efbd9c0706 mnf/2.0/i586/kernel-doc-2.6.3-41mdk.i586.rpm
d3ef79f5b3b0d36d8f090d961a6d7227 mnf/2.0/i586/kernel-enterprise-2.6.3.41mdk-1-1mdk.i586.rpm
99e24b00d352e7dbc0ceef3adb260e24 mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.41mdk-1-1mdk.i586.rpm
f5b9b5c5af0289eadc0524fde55f158b mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.41mdk-1-1mdk.i586.rpm
7a28d45cc743da45609294b2845e10dc mnf/2.0/i586/kernel-secure-2.6.3.41mdk-1-1mdk.i586.rpm
f4758ba6a1c74188063baedf9e67ac28 mnf/2.0/i586/kernel-smp-2.6.3.41mdk-1-1mdk.i586.rpm
2f000dc2f0618abc8c4d9a0039b223fd mnf/2.0/i586/kernel-source-2.6.3-41mdk.i586.rpm
c18f27937a3d4bc01beef22edbfb7db0 mnf/2.0/i586/kernel-source-stripped-2.6.3-41mdk.i586.rpm
05e587fc230c88937cb5944af4a6f046 mnf/2.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKrp/xmqjQ0CJFipgRAjA1AJwMnryyeZQDX35q8ti4c9R+rerqwwCgsfVU
HAazQp7JoMOduywRS/LC0SQ=
=iCPs
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists