User: Password:
Subscribe / Log in / New account

Mandriva alert MDKSA-2006:150 (kernel)

Subject:  [Security Announce] [ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities
Date:  Fri, 25 Aug 2006 12:33:00 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:150 _______________________________________________________________________ Package : kernel Date : August 25, 2006 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Prior to, the kerenl allowed local users to obtain sensitive information via a crafted XFS ftruncate call (CVE-2006-0554). Prior to, the kernel did not properly handle uncanonical return addresses on Intel EM64T CPUs causing the kernel exception handler to run on the user stack with the wrong GS (CVE-2006-0744). ip_conntrack_core.c in the 2.6 kernel, and possibly nf_conntrack_l3proto_ipv4.c did not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which could allow local users to obtain portions of potentially sensitive memory (CVE-2006-1343). Prior to, the a buffer overflow in SCTP in the kernel allowed remote attackers to cause a Denial of Service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857). Prior to, SCTP in the kernel allowed remote attackers to cause a DoS (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters (CVE-2006-1858). Prior to 2.6.16, a directory traversal vulnerability in CIFS could allow a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1863). Prior to 2.6.16, a directory traversal vulnerability in smbfs could allow a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1864). Prior to 2.6.17, Linux SCTP allowed a remote attacker to cause a DoS (infinite recursion and crash) via a packet that contains two or more DATA fragments, which caused an skb pointer to refer back to itself when the full message is reassembled, leading to an infinite recursion in the sctp_skb_pull function (CVE-2006-2274). The dvd_read_bca function in the DVD handling code assigns the wrong value to a length variable, which could allow local users to execute arbitrary code via a crafted USB storage device that triggers a buffer overflow (CVE-2006-2935). Prior to 2.6.17, the ftdi_sio driver could allow local users to cause a DoS (memory consumption) by writing more data to the serial port than the hardware can handle, causing the data to be queued (CVE-2006-2936). The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers to cause a DoS (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), triggering an error and causing an exported directory to be remounted read-only (CVE-2006-3468). The 2.6 kernel's SCTP was found to cause system crashes and allow for the possibility of local privilege escalation due to a bug in the get_user_iov_size() function that doesn't properly handle overflow when calculating the length of iovec (CVE-2006-3745). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. To update your kernel, please follow the directions located at: _______________________________________________________________________ References: _______________________________________________________________________ Updated Packages: Corporate 3.0: 9d14c43145beafb4e63fe8cae758d0f6 corporate/3.0/RPMS/kernel- e7331f51ed5cf4edee33efcb01f49243 corporate/3.0/RPMS/kernel-BOOT- dcb027450192d7d73f407f30d3e3e852 corporate/3.0/RPMS/kernel-enterprise- 59f29ace5cc862c84cace5d046d6302e corporate/3.0/RPMS/kernel-i686-up-4GB- 6b062c5059587a927f31fea04fb91a3a corporate/3.0/RPMS/kernel-p3-smp-64GB- 744287198a20913bd38b1c1d37a68bd2 corporate/3.0/RPMS/kernel-secure- 17780ad90f4989615baab5f115074f8a corporate/3.0/RPMS/kernel-smp- 4555bac09b7ce50d83b97c47af0b2724 corporate/3.0/RPMS/kernel-source-2.6.3-35mdk.i586.rpm 7165754462cdfcd92c894f56623bc8b0 corporate/3.0/RPMS/kernel-source-stripped-2.6.3-35mdk.i586.rpm e59db387f0642f5293dc60283832557b corporate/3.0/SRPMS/kernel- Corporate 3.0/X86_64: 918a70fe836d900b217f442b5208c779 x86_64/corporate/3.0/RPMS/kernel- dd1ea77b15bd07c75f5ab7caf00dbde0 x86_64/corporate/3.0/RPMS/kernel-BOOT- c8964849f4142c2c51c3ddd298513753 x86_64/corporate/3.0/RPMS/kernel-secure- 7a98664c4ba5f0d50a500c1158a8fb08 x86_64/corporate/3.0/RPMS/kernel-smp- 3c4d5ca4f7a1a91d99fc182e499c9e76 x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-35mdk.x86_64.rpm a25c6705ba2b70c85c1c86e68cb0d3cd x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-35mdk.x86_64.rpm e59db387f0642f5293dc60283832557b x86_64/corporate/3.0/SRPMS/kernel- Multi Network Firewall 2.0: 5cab4be7c19a67689f33f01de208879e mnf/2.0/RPMS/kernel- ee1db88c9010b3a1af0f5ea93ce86505 mnf/2.0/RPMS/kernel-i686-up-4GB- 0e3618eec1dcb5bca817ecec7e912836 mnf/2.0/RPMS/kernel-p3-smp-64GB- ded09245567203340c86b3ddacf21b3a mnf/2.0/RPMS/kernel-secure- 7efdc84f2748f1c2237a72ef94d90b31 mnf/2.0/RPMS/kernel-smp- d12744fdab6bf6606ed13fae69b51f50 mnf/2.0/SRPMS/kernel- _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver 0x22458A98 You can view other update advisories for Mandriva Linux at: If you want to report vulnerabilities, please contact security_(at) _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE7xa9mqjQ0CJFipgRAsAAAKC/kOcYUfcUldfx8MGy87CHigyjSgCeJ/43 JsyWup/H/+NRqjHU1SGHaGc= =8KyZ -----END PGP SIGNATURE----- To unsubscribe, send a email to with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to Join the Club : _______________________________________________________

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds