exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-174

Mandriva Linux Security Advisory 2008-174
Posted Aug 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2008-0007, CVE-2008-1673, CVE-2008-1615, CVE-2008-2136, CVE-2008-2826, CVE-2008-2729
SHA-256 | 0c5624a431067b087e027c806e2b0a15c6931e0b219f19ff925a96db06e0cfac

Mandriva Linux Security Advisory 2008-174

Change Mirror Download

Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2008:174

Package : kernel
Date : August 19, 2008
Affected: Corporate 4.0

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Linux kernel before, when using certain drivers that register
a fault handler that does not perform range checks, allows local users
to access kernel memory via an out-of-range offset. (CVE-2008-0007)

The asn1 implementation in (a) the Linux kernel 2.4 before and
2.6 before, as used in the cifs and ip_nat_snmp_basic modules;
and (b) the gxsnmp package; does not properly validate length values
during decoding of ASN.1 BER data, which allows remote attackers
to cause a denial of service (crash) or execute arbitrary code via
(1) a length greater than the working buffer, which can lead to an
unspecified overflow; (2) an oid length of zero, which can lead to
an off-by-one error; or (3) an indefinite length for a primitive
encoding. (CVE-2008-1673)

Linux kernel 2.6.18, and possibly other versions, when running on
AMD64 architectures, allows local users to cause a denial of service
(crash) via certain ptrace calls. (CVE-2008-1615)

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)

Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before allows local users
to cause a denial of service (resource consumption and system outage)
via vectors involving a large addr_num field in an sctp_getaddrs_old
data structure. (CVE-2008-2826)

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on
some AMD64 systems does not erase destination memory locations after
an exception during kernel memory copy, which allows local users to
obtain sensitive information. (CVE-2008-2729)

To update your kernel, please follow the directions located at:




Updated Packages:

Corporate 4.0:
aca649de138ecacc1118ffeb85a8585a corporate/4.0/i586/kernel-
4fe3d387ed0da34cafd6cce37296b105 corporate/4.0/i586/kernel-BOOT-
d1f4ea6bced7542e9ae13fe587550cef corporate/4.0/i586/kernel-doc-
c8981c9817e8f0cb532f33ae7a7f309a corporate/4.0/i586/kernel-i586-up-1GB-
40b1b582f84d04cbbe7d80c03db8caf7 corporate/4.0/i586/kernel-i686-up-4GB-
d215dccb6a76fa5f783397fddbfc6f14 corporate/4.0/i586/kernel-smp-
b64cf23b05ec50253a05d190b7663ef7 corporate/4.0/i586/kernel-source-
9473bec94760af7a36c9a67714363480 corporate/4.0/i586/kernel-source-stripped-
df75cfb33266eb4a18d75e367a9f0c11 corporate/4.0/i586/kernel-xbox-
cb8bbb9f2daff324ec085ac80b146101 corporate/4.0/i586/kernel-xen0-
d8e3b3c456c8ba162b957d22b6313b14 corporate/4.0/i586/kernel-xenU-
cf443a0b3549d4868171933bb6504d03 corporate/4.0/SRPMS/kernel-

Corporate 4.0/X86_64:
181a597366b6c12d437148b9ba4e42da corporate/4.0/x86_64/kernel-
4bc50966cf92867ebe5031a271b2f792 corporate/4.0/x86_64/kernel-BOOT-
f67a89cd2715ab7444803532d9aa9f5c corporate/4.0/x86_64/kernel-doc-
12c6df680e33523ab403d01202e9ffc8 corporate/4.0/x86_64/kernel-smp-
ea697bdc33252e1b7fba82352c91b21b corporate/4.0/x86_64/kernel-source-
8c1d20d6bc3fb30f7b5a51f97af6419a corporate/4.0/x86_64/kernel-source-stripped-
454cafa0ee5243852a1ce9f56f9cfd42 corporate/4.0/x86_64/kernel-xen0-
f52a9f3a0ff8f7f1ad7c043ca1d424c4 corporate/4.0/x86_64/kernel-xenU-
cf443a0b3549d4868171933bb6504d03 corporate/4.0/SRPMS/kernel-

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:


If you want to report vulnerabilities, please contact


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.9 (GNU/Linux)


Login or Register to add favorites

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By