-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:012 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : January 12, 2007 Affected: 2006.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The __block_prepate_write function in the 2.6 kernel before 2.6.13 does not properly clear buffers during certain error conditions, which allows users to read portions of files that have been unlinked (CVE-2006-4813). The clip_mkip function of the ATM subsystem in the 2.6 kernel allows remote attackers to dause a DoS (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (CVE-2006-4997). The NFS lockd in the 2.6 kernel before 2.6.16 allows remote attackers to cause a DoS (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops and a deadlock (CVE-2006-5158). The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users to cause a DoS (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels (CVE-2006-5619). A missing call to init_timer() in the isdn_ppp code of the Linux kernel can allow remote attackers to send a special kind of PPP pakcet which may trigger a kernel oops (CVE-2006-5749). An integer overflow in the 2.6 kernel prior to 2.6.18.4 could allow a local user to execute arbitrary code via a large maxnum value in an ioctl request (CVE-2006-5751). A race condition in the ISO9660 filesystem handling could allow a local user to cause a DoS (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures (CVE-2006-5757). A vulnerability in the bluetooth support could allow for overwriting internal CMTP and CAPI data structures via malformed packets (CVE-2006-6106). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as: - __bread oops fix - added e1000_ng (nineveh support) - added sata_svw (Broadcom SATA support) - added Marvell PATA chipset support - disabled mmconf on some broken hardware/BIOSes - use GENERICARCH and enable bigsmp apic model for tulsa machines To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 216001d652fabd832ececf7cf9c95c06 2006.0/i586/kernel-2.6.12.29mdk-1-1mdk.i586.rpm cdbd68f744d8d3ee6f0a0ed06b026009 2006.0/i586/kernel-BOOT-2.6.12.29mdk-1-1mdk.i586.rpm 7d2a30c05269de7665eeb4e7cf70c331 2006.0/i586/kernel-doc-2.6.12.29mdk-1-1mdk.i586.rpm bcc0dbbdb3fab97b48ba7e8f8222726d 2006.0/i586/kernel-i586-up-1GB-2.6.12.29mdk-1-1mdk.i586.rpm 4e5f28170ff06990ebd5161628768788 2006.0/i586/kernel-i686-up-4GB-2.6.12.29mdk-1-1mdk.i586.rpm e2b082f507336f699b15a7b9ac6ab690 2006.0/i586/kernel-smp-2.6.12.29mdk-1-1mdk.i586.rpm 5340dc709650361a7e00aa348650dffb 2006.0/i586/kernel-source-2.6.12.29mdk-1-1mdk.i586.rpm 2816a03b52913c6e49cb0624b16818e4 2006.0/i586/kernel-source-stripped-2.6.12.29mdk-1-1mdk.i586.rpm 280c941e5a443928475e7a2bdb6dafc2 2006.0/i586/kernel-xbox-2.6.12.29mdk-1-1mdk.i586.rpm d8dac00da6f9404192d080f9afa121ec 2006.0/i586/kernel-xen0-2.6.12.29mdk-1-1mdk.i586.rpm 9f82a34d60c3eee2b3346f5613de8118 2006.0/i586/kernel-xenU-2.6.12.29mdk-1-1mdk.i586.rpm 428e0b597e1aeeb045a809b610678276 2006.0/SRPMS/kernel-2.6.12.29mdk-1-1mdk.src.rpm Mandriva Linux 2006.0/X86_64: f7f2e8ee35b0110a43c9d1efab28c64f 2006.0/x86_64/kernel-2.6.12.29mdk-1-1mdk.x86_64.rpm 8b7b2786b0b41ddc8184e89cbc19040b 2006.0/x86_64/kernel-BOOT-2.6.12.29mdk-1-1mdk.x86_64.rpm 2be165973d0f5aae26a0c1648858bd1b 2006.0/x86_64/kernel-doc-2.6.12.29mdk-1-1mdk.x86_64.rpm bf7e5235f52befa60c7593f8d3a586ea 2006.0/x86_64/kernel-smp-2.6.12.29mdk-1-1mdk.x86_64.rpm 2578c75a975945e0dd4b6d851f847c6a 2006.0/x86_64/kernel-source-2.6.12.29mdk-1-1mdk.x86_64.rpm 40bcc0d30d9966a6ee6d25bf2ae16956 2006.0/x86_64/kernel-source-stripped-2.6.12.29mdk-1-1mdk.x86_64.rpm 1692695d617d9d7bd6449e5ac2008b67 2006.0/x86_64/kernel-xen0-2.6.12.29mdk-1-1mdk.x86_64.rpm ed3afd03e76be23d0cda2e7f9e181993 2006.0/x86_64/kernel-xenU-2.6.12.29mdk-1-1mdk.x86_64.rpm 428e0b597e1aeeb045a809b610678276 2006.0/SRPMS/kernel-2.6.12.29mdk-1-1mdk.src.rpm Corporate 4.0: 216001d652fabd832ececf7cf9c95c06 corporate/4.0/i586/kernel-2.6.12.29mdk-1-1mdk.i586.rpm cdbd68f744d8d3ee6f0a0ed06b026009 corporate/4.0/i586/kernel-BOOT-2.6.12.29mdk-1-1mdk.i586.rpm 7d2a30c05269de7665eeb4e7cf70c331 corporate/4.0/i586/kernel-doc-2.6.12.29mdk-1-1mdk.i586.rpm bcc0dbbdb3fab97b48ba7e8f8222726d corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.29mdk-1-1mdk.i586.rpm 4e5f28170ff06990ebd5161628768788 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.29mdk-1-1mdk.i586.rpm e2b082f507336f699b15a7b9ac6ab690 corporate/4.0/i586/kernel-smp-2.6.12.29mdk-1-1mdk.i586.rpm 5340dc709650361a7e00aa348650dffb corporate/4.0/i586/kernel-source-2.6.12.29mdk-1-1mdk.i586.rpm 2816a03b52913c6e49cb0624b16818e4 corporate/4.0/i586/kernel-source-stripped-2.6.12.29mdk-1-1mdk.i586.rpm 280c941e5a443928475e7a2bdb6dafc2 corporate/4.0/i586/kernel-xbox-2.6.12.29mdk-1-1mdk.i586.rpm d8dac00da6f9404192d080f9afa121ec corporate/4.0/i586/kernel-xen0-2.6.12.29mdk-1-1mdk.i586.rpm 9f82a34d60c3eee2b3346f5613de8118 corporate/4.0/i586/kernel-xenU-2.6.12.29mdk-1-1mdk.i586.rpm 428e0b597e1aeeb045a809b610678276 corporate/4.0/SRPMS/kernel-2.6.12.29mdk-1-1mdk.src.rpm Corporate 4.0/X86_64: f7f2e8ee35b0110a43c9d1efab28c64f corporate/4.0/x86_64/kernel-2.6.12.29mdk-1-1mdk.x86_64.rpm 8b7b2786b0b41ddc8184e89cbc19040b corporate/4.0/x86_64/kernel-BOOT-2.6.12.29mdk-1-1mdk.x86_64.rpm 2be165973d0f5aae26a0c1648858bd1b corporate/4.0/x86_64/kernel-doc-2.6.12.29mdk-1-1mdk.x86_64.rpm bf7e5235f52befa60c7593f8d3a586ea corporate/4.0/x86_64/kernel-smp-2.6.12.29mdk-1-1mdk.x86_64.rpm 2578c75a975945e0dd4b6d851f847c6a corporate/4.0/x86_64/kernel-source-2.6.12.29mdk-1-1mdk.x86_64.rpm 40bcc0d30d9966a6ee6d25bf2ae16956 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.29mdk-1-1mdk.x86_64.rpm 1692695d617d9d7bd6449e5ac2008b67 corporate/4.0/x86_64/kernel-xen0-2.6.12.29mdk-1-1mdk.x86_64.rpm ed3afd03e76be23d0cda2e7f9e181993 corporate/4.0/x86_64/kernel-xenU-2.6.12.29mdk-1-1mdk.x86_64.rpm 428e0b597e1aeeb045a809b610678276 corporate/4.0/SRPMS/kernel-2.6.12.29mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFp7yYmqjQ0CJFipgRAraMAKDht2apZ9EaWGk0h4a0xXmkdS7A0ACgw+l2 GMbeA7P03YWvktIcJSi2X4s= =zEBo -----END PGP SIGNATURE-----