-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:025 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : January 23, 2007 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The 2.6 kernel prior to 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets (CVE-2005-3272). Prior to 2.6.15.5, the kernel allows local users to cause a DoS ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address" on Intel processors (CVE-2006-0741). A race condition in the socket buffer handling in the 2.6.9 kernel and earlier versions could allow a remote attacker to cause a DoS (crash) (CVE-2006-2446). Stephane Eranian discovered an issue with permon2.0 where, under certain circumstances, the perfmonctl() system call may not correctly manage the file descriptor reference count, resulting in the system possibly running out of file structure (CVE-2006-3741). Prior to and including 2.6.17, the Universal Disk Format (UDF) filesystem driver allowed local users to cause a DoS (hang and crash) via certain operations involving truncated files (CVE-2006-4145). Various versions of the Linux kernel allowed local users to cause a DoS (crash) via an SCTP socket with a certain SO_LINGER value, which is possibly related to the patch used to correct CVE-2006-3745 (CVE-2006-4535). The __block_prepate_write function in the 2.6 kernel before 2.6.13 does not properly clear buffers during certain error conditions, which allows users to read portions of files that have been unlinked (CVE-2006-4813). The clip_mkip function of the ATM subsystem in the 2.6 kernel allows remote attackers to dause a DoS (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (CVE-2006-4997). The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users to cause a DoS (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels (CVE-2006-5619). A missing call to init_timer() in the isdn_ppp code of the Linux kernel can allow remote attackers to send a special kind of PPP pakcet which may trigger a kernel oops (CVE-2006-5749). The aio_setup_ring() function initializes a variable incorrectly which can be used in error path to free allocated resources which could allow a local user to crash the node (CVE-2006-5754). A vulnerability in the bluetooth support could allow for overwriting internal CMTP and CAPI data structures via malformed packets (CVE-2006-6106). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0741 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3741 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4535 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106 _______________________________________________________________________ Updated Packages: Corporate 3.0: c807857c820dae84bad9beac5ff132c2 corporate/3.0/i586/kernel-2.6.3.36mdk-1-1mdk.i586.rpm 9502a05c5049f394b50a4f2128ca7311 corporate/3.0/i586/kernel-BOOT-2.6.3.36mdk-1-1mdk.i586.rpm 26b4a92d5ed2c1953fb88fd304584281 corporate/3.0/i586/kernel-doc-2.6.3-36mdk.i586.rpm c2f4619bf4b4d9d3952ccad7eb4be16d corporate/3.0/i586/kernel-enterprise-2.6.3.36mdk-1-1mdk.i586.rpm 20970c40ded39599c4ad6bc976447c8c corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.36mdk-1-1mdk.i586.rpm 5856cd990d971667d673216603cc9b1f corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.36mdk-1-1mdk.i586.rpm 0e978fa73922d870b487c2f8d14eaff3 corporate/3.0/i586/kernel-secure-2.6.3.36mdk-1-1mdk.i586.rpm fa9f0cdd42385ec68aa79198d2615617 corporate/3.0/i586/kernel-smp-2.6.3.36mdk-1-1mdk.i586.rpm 8f9766f48b56d6a56333dcec3cfa611d corporate/3.0/i586/kernel-source-2.6.3-36mdk.i586.rpm 841863d5446060606da060acf72afce0 corporate/3.0/i586/kernel-source-stripped-2.6.3-36mdk.i586.rpm 15c7992f878a9ebcf38694d5700d90af corporate/3.0/SRPMS/kernel-2.6.3.36mdk-1-1mdk.src.rpm Corporate 3.0/X86_64: 9f3bb7174878cc5044386356e1c4bc57 corporate/3.0/x86_64/kernel-2.6.3.36mdk-1-1mdk.x86_64.rpm 613608913f5dcb696b26e31ce5c01828 corporate/3.0/x86_64/kernel-BOOT-2.6.3.36mdk-1-1mdk.x86_64.rpm b6daad6d8d1c8bb7b8053935434ccd4b corporate/3.0/x86_64/kernel-doc-2.6.3-36mdk.x86_64.rpm 19857cc0134d55a81cfecf099b5f1715 corporate/3.0/x86_64/kernel-secure-2.6.3.36mdk-1-1mdk.x86_64.rpm b0cc99ea1220b2e3bd7922be994b3aef corporate/3.0/x86_64/kernel-smp-2.6.3.36mdk-1-1mdk.x86_64.rpm 8044690dcbf0a3a0c7b2e09bcc76a8d6 corporate/3.0/x86_64/kernel-source-2.6.3-36mdk.x86_64.rpm b67484105e125306b4dd5fdb5b84d67d corporate/3.0/x86_64/kernel-source-stripped-2.6.3-36mdk.x86_64.rpm 15c7992f878a9ebcf38694d5700d90af corporate/3.0/SRPMS/kernel-2.6.3.36mdk-1-1mdk.src.rpm Multi Network Firewall 2.0: c807857c820dae84bad9beac5ff132c2 mnf/2.0/i586/kernel-2.6.3.36mdk-1-1mdk.i586.rpm 20970c40ded39599c4ad6bc976447c8c mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.36mdk-1-1mdk.i586.rpm 5856cd990d971667d673216603cc9b1f mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.36mdk-1-1mdk.i586.rpm 0e978fa73922d870b487c2f8d14eaff3 mnf/2.0/i586/kernel-secure-2.6.3.36mdk-1-1mdk.i586.rpm fa9f0cdd42385ec68aa79198d2615617 mnf/2.0/i586/kernel-smp-2.6.3.36mdk-1-1mdk.i586.rpm 15c7992f878a9ebcf38694d5700d90af mnf/2.0/SRPMS/kernel-2.6.3.36mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtjLVmqjQ0CJFipgRAh4NAJ9mBphKCqAcJJxFx+Pu93PWLFj2QgCfTU9W Pjt+NcjswOJYQvr5JIMDWzg= =Vm8v -----END PGP SIGNATURE-----