-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:060 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : March 9, 2007 Affected: 2006.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file (CVE-2006-4538). The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock (CVE-2006-4814). An unspecified vulnerability in the listxattr system call, when a "bad inode" is present, could allow a local user to cause a DoS (data corruption) and possibly gain privileges via unknown vectors (CVE-2006-5753). The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption (CVE-2006-5823). The ext3fs_dirhash function could allow local users to cause a DoS (crash) via an ext3 stream with malformed data structures (CVE-2006-6053). When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece (CVE-2006-6056). The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference (CVE-2007-0006). The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer (CVE-2007-0772). A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073 (CVE-2007-0958). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as: - add PCI IDs for cciss driver (HP ML370G5 / DL360G5) - fixed a mssive SCSI reset on megasas (Dell PE2960) - increased port-reset completion delay for HP controllers (HP ML350) - NUMA rnage fixes for x86_64 - various netfilter fixes To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958 http://qa.mandriva.com/show_bug.cgi?id=28461 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: b7c0334ecb73bb3b14173ef4dcdfa51b 2006.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm 8307e34d54134ab5cb41833d1b9d7742 2006.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm d329fdf03e99dfa15b08bb7c2791ed37 2006.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm 3cf6a4198f43493932ea8251d4ee82dc 2006.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm c03817495740a0e9b1420f0991baf47f 2006.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm 3e96d0ad0b5637d62db5233ca2df7d47 2006.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm 65e1e7c5c155045d52474444870b13d3 2006.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm 9b62d79a9503c6f0db71166409c48c39 2006.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm 553faeda754e6007c592aa5ba5c48ea0 2006.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm 4ee72a08f25d24ee409fdab7c8ec4f17 2006.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm 53304c8f505a4cbac0ac9a2ff01b379b 2006.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm d7a287562aed00fbc8167aa55bbb3bb9 2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Mandriva Linux 2006.0/X86_64: 08d9bfee92615f6bd8b3f71b2756fdaf 2006.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm a750f3e67d9a0d6b07711e08f22e647b 2006.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm 20196c168b6bc40f5bebd3ea2c5c82f6 2006.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm d65bd5fd54715215d957d2fa412cbe79 2006.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm 164d4bb97970b852c88a872a70240e55 2006.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm af11e7ddade582c262d9281c965c25d8 2006.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm 53cdf75192bc3a626ad68f9dfd90769d 2006.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm c9299e6bf5fc41af71fbd03ebd80b151 2006.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm d7a287562aed00fbc8167aa55bbb3bb9 2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Corporate 4.0: 71a9ce7e6ad36f939ae4585a5446e2ce corporate/4.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm b3682d92693d4d7481540b2412128ee3 corporate/4.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm 375a99017c6032af0fbf53c6e2ac0f9e corporate/4.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm 7ef9e2dce86995c5054f0f81587bae14 corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm 8e4861bfc6150a73f331010b242505f5 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm fc5b1a7d5b45e9b6f94d1b75a2b252cd corporate/4.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm f616f5a779f3be6febf27506deea96ca corporate/4.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm 2bc31f06ab60d5f5c09b522ba275c35e corporate/4.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm c450285103a7742c8505cce505b6cb30 corporate/4.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm 16b35579daacc6bef494c140e0332910 corporate/4.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm 957962b563ad39490ac49ee1f328d2d3 corporate/4.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm 20b9766dbaf813ba017fe3884771a80b corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Corporate 4.0/X86_64: 8bdd8e4d2d3ab03ff666b7588ec011f6 corporate/4.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm 7e3081d6804343fcc51a2ce06836081e corporate/4.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm bb6a57a5ad26361394ff00db94f8f5e3 corporate/4.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm 9aae4c3ce22091d4ca787a41a11231ff corporate/4.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm 8ce06bd6a4144757828d29d83a690827 corporate/4.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm 70757f12ac8d99d5881a4c6becbd2503 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm d3e1f96967bf0a5351d51ede84f078ca corporate/4.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm 6931563b47316f8572f0cd4cb0ebd3e1 corporate/4.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm 20b9766dbaf813ba017fe3884771a80b corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFF8au7mqjQ0CJFipgRArTBAKDukKs7sy+BJQ95allpfw6AUlK/agCfe7/+ p50xjYsjtFTmTpvYPbuST5I= =5dq1 -----END PGP SIGNATURE-----