-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:044 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : February 12, 2008 Affected: 2008.0 _______________________________________________________________________ Problem Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2007-5500) The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through 2.6.23.7 allowed remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference (CVE-2007-5501). The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information (CVE-2007-6206). VFS in the Linux kernel before 2.6.22.16 performed tests of access mode by using the flag variable instead of the acc_mode variable, which could possibly allow local users to bypass intended permissions and remove directories (CVE-2008-0001). The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset (CVE-2008-0007). A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges (CVE-2008-0600). Mandriva urges all users to upgrade to these new kernels immediately as the CVE-2008-0600 flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected. Additionally, this kernel updates the version from 2.6.22.12 to 2.6.22.18 and fixes numerous other bugs, including: - fix freeze when ejecting a cm40x0 PCMCIA card - fix crash on unloading netrom - fixes alsa-related sound issues on Dell XPS M1210 and M1330 models - the HZ value was increased on the laptop kernel to increase interactivity and reduce latency - netfilter ipset, psd, and ifwlog support was re-enabled - unionfs was reverted to a working 1.4 branch that is less buggy To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 http://qa.mandriva.com/show_bug.cgi?id=26376 http://qa.mandriva.com/show_bug.cgi?id=29800 http://qa.mandriva.com/show_bug.cgi?id=29982 http://qa.mandriva.com/show_bug.cgi?id=30172 http://qa.mandriva.com/show_bug.cgi?id=31402 http://qa.mandriva.com/show_bug.cgi?id=32399 http://qa.mandriva.com/show_bug.cgi?id=33069 http://qa.mandriva.com/show_bug.cgi?id=32518 http://qa.mandriva.com/show_bug.cgi?id=33821 http://qa.mandriva.com/show_bug.cgi?id=34281 http://qa.mandriva.com/show_bug.cgi?id=34382 http://qa.mandriva.com/show_bug.cgi?id=34473 http://qa.mandriva.com/show_bug.cgi?id=34555 http://qa.mandriva.com/show_bug.cgi?id=34545 http://qa.mandriva.com/show_bug.cgi?id=34586 http://qa.mandriva.com/show_bug.cgi?id=34669 http://qa.mandriva.com/show_bug.cgi?id=34672 http://qa.mandriva.com/show_bug.cgi?id=35739 http://qa.mandriva.com/show_bug.cgi?id=35887 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 7b5ceca8ce64708f377eeb71c0e10e23 2008.0/i586/kernel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm 55a44ed6c80c19aefa92cb24c778151b 2008.0/i586/kernel-desktop-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm c90ef43a4399b90601f4ce83d000c912 2008.0/i586/kernel-desktop-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm ba4506fa31394301727cdec372dd11eb 2008.0/i586/kernel-desktop-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm 9767bf67321d55a35472e47500cf9bef 2008.0/i586/kernel-desktop-latest-2.6.22.18-1mdv2008.0.i586.rpm eef0f77e0ce9097e04ff83d767d185cc 2008.0/i586/kernel-desktop586-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm 6faffa5511ee8b5e91e741936dc8a454 2008.0/i586/kernel-desktop586-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm 53e7bee334003b342a15132bed12023b 2008.0/i586/kernel-desktop586-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm 394a534e170c43d1b55b6708a924f95d 2008.0/i586/kernel-desktop586-latest-2.6.22.18-1mdv2008.0.i586.rpm 003f0d7e3b64edaac3ae3dede01e4e87 2008.0/i586/kernel-doc-2.6.22.18-1mdv2008.0.i586.rpm 3410c9d62fb9f2364f159f519ddc9ef1 2008.0/i586/kernel-laptop-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm 3a8426442dbb91d18c6684f4ef22efa8 2008.0/i586/kernel-laptop-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm 958f4be00ad9df4466629774fa926887 2008.0/i586/kernel-laptop-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm 7bb1033745587e8b9a5069b61c316c76 2008.0/i586/kernel-laptop-latest-2.6.22.18-1mdv2008.0.i586.rpm ebe2489f7f1357e246563fabea2401ae 2008.0/i586/kernel-server-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm a6be151dbc9c40b4e3ca181e64f76475 2008.0/i586/kernel-server-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm c70a9e6846d383ada63d65730d5bbf5a 2008.0/i586/kernel-server-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm 3c80910bc870474990439b2a24a2ccf1 2008.0/i586/kernel-server-latest-2.6.22.18-1mdv2008.0.i586.rpm 9be418acd2c39224c341f4c0fcd9c3ce 2008.0/i586/kernel-source-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm a616addeb5cf234668b26ccf4a4cc7bd 2008.0/i586/kernel-source-latest-2.6.22.18-1mdv2008.0.i586.rpm d3419624d951fbdb358849a60639efbf 2008.0/SRPMS/kernel-2.6.22.18-1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a043c2596652edf905109924045103da 2008.0/x86_64/kernel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm f8921ac78c1acfc6bbd9b03a9676d315 2008.0/x86_64/kernel-desktop-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm 61a39804f6460a7f087c6ae7695aacce 2008.0/x86_64/kernel-desktop-devel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm 505d6b320b4f9feef2d40f1c8e537035 2008.0/x86_64/kernel-desktop-devel-latest-2.6.22.18-1mdv2008.0.x86_64.rpm bb8a829cd780094992161f92d94bd2c8 2008.0/x86_64/kernel-desktop-latest-2.6.22.18-1mdv2008.0.x86_64.rpm 23bb1b9557c46cbc52770a20c8ba81b1 2008.0/x86_64/kernel-doc-2.6.22.18-1mdv2008.0.x86_64.rpm f7edfd597fc01cef7c0bfdf3bf0e7315 2008.0/x86_64/kernel-laptop-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm 208f863d0cce2262ee099daa250605e2 2008.0/x86_64/kernel-laptop-devel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm cbe57c60ec79096f9f2b9ae3ebb26ab5 2008.0/x86_64/kernel-laptop-devel-latest-2.6.22.18-1mdv2008.0.x86_64.rpm add09ce293fd8c7605c3b49c5990ab92 2008.0/x86_64/kernel-laptop-latest-2.6.22.18-1mdv2008.0.x86_64.rpm b8125bfe9b765e8281e30a667a2c501c 2008.0/x86_64/kernel-server-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm dfaa2aedd25d8f9f91939c9e1e0247d6 2008.0/x86_64/kernel-server-devel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm cb703b65dd2b935737183562509130a6 2008.0/x86_64/kernel-server-devel-latest-2.6.22.18-1mdv2008.0.x86_64.rpm 27e6fd0a49b49952aa164be304a491b3 2008.0/x86_64/kernel-server-latest-2.6.22.18-1mdv2008.0.x86_64.rpm 38644d73897d971d4bdca8e8a71ac962 2008.0/x86_64/kernel-source-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm f21aef3923cdd51c3444add2e97fc0d6 2008.0/x86_64/kernel-source-latest-2.6.22.18-1mdv2008.0.x86_64.rpm d3419624d951fbdb358849a60639efbf 2008.0/SRPMS/kernel-2.6.22.18-1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHsUIOmqjQ0CJFipgRAp5kAKDDJWsqKNEFNrMda0AF9KQY7Glt3ACffY6G 8qA8TQpDH/TNXmq0c51Wqhw= =wL/x -----END PGP SIGNATURE-----