-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:171 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : August 28, 2007 Affected: 2007.0, 2007.1 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service (process crash) (CVE-2006-5755). The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode (CVE-2006-7203). The nfnetlink_log function in netfilter allowed an attacker to cause a denial of service (crash) via unspecified vectors which would trigger a NULL pointer dereference (CVE-2007-1496). The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments (CVE-2007-1497). The netlink functionality did not properly handle NETLINK_FIB_LOOKUP replies, which allowed a remote attacker to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion (CVE-2007-1861). A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172). The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers (CVE-2007-2242). The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source (CVE-2007-2453). A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized (CVE-2007-2525). An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file (CVE-2007-2875). The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference (CVE-2007-2876). In addition to these security fixes, other fixes have been included such as: - Fix crash on netfilter when nfnetlink_log is used on certain hooks on packets forwarded to or from a bridge - Fixed busy sleep on IPVS which caused high load averages - Fixed possible race condition on ext[34]_link - Fixed missing braces in condition block that led to wrong behaviour in NFS - Fixed XFS lock deallocation that resulted in oops when unmounting To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d811181ab766c637c1f2c66d6e87e8d6 2007.0/i586/kernel-2.6.17.15mdv-1-1mdv2007.0.i586.rpm 1085a0bf3e633334fc89c193d40520c5 2007.0/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.i586.rpm b192fa1b91318b4f821fcd1e9f76a03e 2007.0/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0.i586.rpm 54e08cecf37cacbfc490ae4a3eb803ba 2007.0/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.0.i586.rpm 60eb7f61d0f91da0396ceb8cc0528a0b 2007.0/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.0.i586.rpm 48bbb8ff51313a61e85562f3f5036832 2007.0/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.i586.rpm d6464e0a4512ae194a884a73d6196fc7 2007.0/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.i586.rpm 4264a6f084147f6f401b5320689eab89 2007.0/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.i586.rpm d6845e3410f8f468b2c1e30ce2a4c4de 2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 16c9da0d48ebe6391382921c10ccac97 2007.0/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm 56f44a046c471d98d6778153cdee7a80 2007.0/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm dea95558e0ada5af5f05abbc0c79aaca 2007.0/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm de1f522536c1b6615b30269f6824ba18 2007.0/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm 6001c99297c562f99c827ee123d9379c 2007.0/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm 7534d9a0b31ad88e5191d94dcede38f9 2007.0/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm d6845e3410f8f468b2c1e30ce2a4c4de 2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.1: 7ecc4ad79ff8ba1f28d440aae4bae1e0 2007.1/i586/kernel-2.6.17.15mdv-1-1mdv2007.1.i586.rpm 490f409ed0f979718b4491c79e90ca51 2007.1/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.i586.rpm eb01284da75d113ca144c75bdbf7bbd7 2007.1/i586/kernel-doc-latest-2.6.17-15mdv.i586.rpm f62258545c302e8bd6333fb1b22fdd1c 2007.1/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1.i586.rpm d22574eaff9ffc7c66a1504bc8f5072e 2007.1/i586/kernel-enterprise-latest-2.6.17-15mdv.i586.rpm 6721155375ef23a8d7fc6f005acb271e 2007.1/i586/kernel-latest-2.6.17-15mdv.i586.rpm 93ec8479cf3b047f1d7b4a209641defe 2007.1/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.1.i586.rpm a2036553e6c5688c2d98041d7f784c96 2007.1/i586/kernel-legacy-latest-2.6.17-15mdv.i586.rpm 718543542ed69def4d941d9abf51913c 2007.1/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.1.i586.rpm e808ecec927f34cd276eb0b8d40ae6a8 2007.1/i586/kernel-source-latest-2.6.17-15mdv.i586.rpm dfca6b82dc93cf8f8a1042c95e45c279 2007.1/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.i586.rpm a289ed33d6e597e7ddaab03fb7c7d726 2007.1/i586/kernel-source-stripped-latest-2.6.17-15mdv.i586.rpm d7302d839d738503b4fb79e187a7144c 2007.1/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.i586.rpm 09cdb36a943e21a6e26a34879e8a7b94 2007.1/i586/kernel-xen0-latest-2.6.17-15mdv.i586.rpm baf363280921a090134bbe9e8e646f10 2007.1/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.i586.rpm 90317de9412ace8f3f5d2d29dde72977 2007.1/i586/kernel-xenU-latest-2.6.17-15mdv.i586.rpm 364e7f83e4948ba15c894b4da4642161 2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 4b0a0e1ccbd82e9130243af1bf0a8848 2007.1/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ef962dd6f6c5c6c0a88bf340701f6ba9 2007.1/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm 2611fb6d342c0c57e68199ae9cff1aad 2007.1/x86_64/kernel-doc-latest-2.6.17-15mdv.x86_64.rpm 002d07f36a0caf770b4e9be713421c1e 2007.1/x86_64/kernel-latest-2.6.17-15mdv.x86_64.rpm 01a245502f9b0dd70bb03b81ab791951 2007.1/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm cde593c1b74843033072bf39b55aad51 2007.1/x86_64/kernel-source-latest-2.6.17-15mdv.x86_64.rpm 6c80e89a69737f853a5c28a4ef9c26e8 2007.1/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm f36ca98ce2f577675e864feec1936d95 2007.1/x86_64/kernel-source-stripped-latest-2.6.17-15mdv.x86_64.rpm e8f1196c4a6a8c3948327c1fdb2287b3 2007.1/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm 01f1acb664885bc6587b6cb96dec3de3 2007.1/x86_64/kernel-xen0-latest-2.6.17-15mdv.x86_64.rpm 6eb46e2f4045b78d1f89f76a9ce04ee5 2007.1/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm bf51ac4bde7a22fb8c5d40fff840ed58 2007.1/x86_64/kernel-xenU-latest-2.6.17-15mdv.x86_64.rpm 364e7f83e4948ba15c894b4da4642161 2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG1D0umqjQ0CJFipgRAkSyAKD019hJJjDWCB8Eqfk0RFyiNCyNcACfUGxE DeeWjRc5l2br5M4lW8brUtE= =p1P4 -----END PGP SIGNATURE-----