what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-008

Mandriva Linux Security Advisory 2008-008
Posted Jan 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A ridiculous amount of vulnerabilities have been addressed in the Linux 2.6 kernel for Mandriva.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2006-6058, CVE-2007-6063
SHA-256 | 273dd41aecd87f51b63ff47cc5aa3196118b5111297e3b63b32036740b57e3ce

Mandriva Linux Security Advisory 2008-008

Change Mirror Download

Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2008:008

Package : kernel
Date : January 11, 2008
Affected: Corporate 4.0

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The CIFS filesystem, when Unix extension support is enabled, does
not honor the umask of a process, which allows local users to gain
privileges. (CVE-2007-3740)

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors. (CVE-2007-4133)

The IA32 system call emulation functionality in Linux kernel 2.4.x
and 2.6.x before, when running on the x86_64 architecture,
does not zero extend the eax register after the 32bit entry path to
ptrace is used, which might allow local users to gain privileges by
triggering an out-of-bounds access to the system call table using
the %RAX register. (CVE-2007-4573)

Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before
2.6.23 allows remote attackers to cause a denial of service (crash)
via a crafted SKB length value in a runt IEEE 802.11 frame when
the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two
error. (CVE-2007-4997)

The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. (CVE-2007-5093)

The wait_task_stopped function in the Linux kernel before
checks a TASK_TRACED bit instead of an exit_state value, which
allows local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third party information. (CVE-2007-5500)

The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and
possibly other versions, allows local users to cause a denial of
service (hang) via a malformed minix file stream that triggers an
infinite loop in the minix_bmap function. NOTE: this issue might be
due to an integer overflow or signedness error. (CVE-2006-6058)

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in
Linux kernel 2.6.23 allows local users to have an unknown impact via
a crafted argument to the isdn_ioctl function. (CVE-2007-6063)

Additionaly, support for Promise 4350 controller was added (stex

To update your kernel, please follow the directions located at:




Updated Packages:

Corporate 4.0:
07fa3648c4fcad266094de58ee5f7976 corporate/4.0/i586/kernel-
e252e134fca461feeee210bc85fe0b66 corporate/4.0/i586/kernel-BOOT-
2364ec022ffd41f61ef19aa4da196584 corporate/4.0/i586/kernel-doc-
56b9c725e2370594ea37bff83bec8adf corporate/4.0/i586/kernel-i586-up-1GB-
ac5b435ab4b230da799b12b06054e3e5 corporate/4.0/i586/kernel-i686-up-4GB-
4bd260613b29981fd3b0a742707c6785 corporate/4.0/i586/kernel-smp-
4111453b8da035fa44428f7d79b77c64 corporate/4.0/i586/kernel-source-
c31d879b0becf2c84569ad18615fbe7c corporate/4.0/i586/kernel-source-stripped-
9e8f1b4d991c1b144b5e999b647bbce6 corporate/4.0/i586/kernel-xbox-
895efcf862e5e8428ceec714f29666da corporate/4.0/i586/kernel-xen0-
bab9c0071d482b0e3c03c181b8cca71a corporate/4.0/i586/kernel-xenU-
877a5d94905829128211ecc1dd538138 corporate/4.0/SRPMS/kernel-

Corporate 4.0/X86_64:
d2e4070842e4a6ea4d9e029a5977d929 corporate/4.0/x86_64/kernel-
bf3014e8afe93ab0a8877e1d80d921e4 corporate/4.0/x86_64/kernel-BOOT-
ac4c529077ff74e82362c1b7d4404233 corporate/4.0/x86_64/kernel-doc-
fe2963758a2fbef0ed561dd41741f1f0 corporate/4.0/x86_64/kernel-smp-
f8ea4d85518c1e2e6a8b163febbb39f8 corporate/4.0/x86_64/kernel-source-
773dd4eb7e4ebbe76c49817399bdfb23 corporate/4.0/x86_64/kernel-source-stripped-
83c8eb396798958d3a0581f7610973e8 corporate/4.0/x86_64/kernel-xen0-
e3a4fc8ac6984d283aebcbf8c733942f corporate/4.0/x86_64/kernel-xenU-
877a5d94905829128211ecc1dd538138 corporate/4.0/SRPMS/kernel-

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:


If you want to report vulnerabilities, please contact


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.8 (GNU/Linux)


Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By