-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:233 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : September 14, 2009 Affected: 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in the Linux 2.6 kernel: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. (CVE-2009-2692) To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 09f9ce71fb6eaec4ba06acde23ade724 2008.1/i586/kernel-2.6.24.7-3mnb-1-1mnb1.i586.rpm ae602cc8d9699174f7a547bb60e6aded 2008.1/i586/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.i586.rpm 07852147042399185c1854c436206cad 2008.1/i586/kernel-desktop586-2.6.24.7-3mnb-1-1mnb1.i586.rpm d2da36f55db468e58cb000f9f4b9b163 2008.1/i586/kernel-desktop586-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm cdacb4f44b0c88054866e168201af62e 2008.1/i586/kernel-desktop586-devel-latest-2.6.24.7-3mnb1.i586.rpm 5b1e613192c0b43d39e5d1cf44dee7bc 2008.1/i586/kernel-desktop586-latest-2.6.24.7-3mnb1.i586.rpm 8663e4966000f62a9d7e0f73ad0b5adb 2008.1/i586/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm e8fac7b0eb07e205af711bca89b60a28 2008.1/i586/kernel-desktop-devel-latest-2.6.24.7-3mnb1.i586.rpm e5f9266b2244a26c1d90ec87976fc5b0 2008.1/i586/kernel-desktop-latest-2.6.24.7-3mnb1.i586.rpm 0c3d5a8181efe5b10e3afec16691fa4d 2008.1/i586/kernel-doc-2.6.24.7-3mnb1.i586.rpm db1296432ff88aa33410c8d3a1b1a2c0 2008.1/i586/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.i586.rpm 0193271cabdc1f547a3432e8a99986b9 2008.1/i586/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm bdfab6a2386fa89dd250a494e725a5d9 2008.1/i586/kernel-laptop-devel-latest-2.6.24.7-3mnb1.i586.rpm 7ed708045f382289fddddbd0e10a0ae9 2008.1/i586/kernel-laptop-latest-2.6.24.7-3mnb1.i586.rpm 688c23aa32b234d6581a76adbe66ea8c 2008.1/i586/kernel-server-2.6.24.7-3mnb-1-1mnb1.i586.rpm 32f1a47070ee2a7f83a016d001bff014 2008.1/i586/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.i586.rpm 04a464bf850a840fa27f5cf6068dccc4 2008.1/i586/kernel-server-devel-latest-2.6.24.7-3mnb1.i586.rpm f82288c9d9d250d6a01ff44bb98ea3ee 2008.1/i586/kernel-server-latest-2.6.24.7-3mnb1.i586.rpm a05598c1a1b1cef7c98f65b284a86cb5 2008.1/i586/kernel-source-2.6.24.7-3mnb-1-1mnb1.i586.rpm 9ecb21b4c7fc58cc8231fb9979bed563 2008.1/i586/kernel-source-latest-2.6.24.7-3mnb1.i586.rpm 2f39f719d288c36c7600ce1ff3ce98b8 2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm Mandriva Linux 2008.1/X86_64: ee40c52e1e9d7df0ff082c1132f78ca7 2008.1/x86_64/kernel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 62e03fc5353c7091da3f1e3d8684482b 2008.1/x86_64/kernel-desktop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 53e78922ee128c8dd01fb992df712122 2008.1/x86_64/kernel-desktop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 0da13998db3248630fa0da98f9061b2c 2008.1/x86_64/kernel-desktop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm 81b720b2da87dcaa3c9a06522e3f106c 2008.1/x86_64/kernel-desktop-latest-2.6.24.7-3mnb1.x86_64.rpm f72b340ae0e01ed73d64e8f2962b4b4a 2008.1/x86_64/kernel-doc-2.6.24.7-3mnb1.x86_64.rpm 3c9cf5d346d4fc5df58633d4a70abe27 2008.1/x86_64/kernel-laptop-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 8c3c36e81f42d1c2f29c9ed27200a9d8 2008.1/x86_64/kernel-laptop-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 751574973fc2aa889bbd7971bbc61596 2008.1/x86_64/kernel-laptop-devel-latest-2.6.24.7-3mnb1.x86_64.rpm 476b32a7eab657d18185f83f0faed3bc 2008.1/x86_64/kernel-laptop-latest-2.6.24.7-3mnb1.x86_64.rpm acc8e71cda1807fc12ec2c376adfd7e5 2008.1/x86_64/kernel-server-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 3f0dec17ff7636efc8e848bcc2dd5b44 2008.1/x86_64/kernel-server-devel-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm dca5c6a627768b204f01076c4d237e03 2008.1/x86_64/kernel-server-devel-latest-2.6.24.7-3mnb1.x86_64.rpm d450db60670cc44a5bcd1291b6fba03e 2008.1/x86_64/kernel-server-latest-2.6.24.7-3mnb1.x86_64.rpm de4226fc5ba36a84e332f2a5afdf2212 2008.1/x86_64/kernel-source-2.6.24.7-3mnb-1-1mnb1.x86_64.rpm 6e27e3e78a54a1e94e6c12716771c5a5 2008.1/x86_64/kernel-source-latest-2.6.24.7-3mnb1.x86_64.rpm 2f39f719d288c36c7600ce1ff3ce98b8 2008.1/SRPMS/kernel-2.6.24.7-3mnb1.src.rpm Corporate 3.0: 748af5e6897f2e461c61e52c34d80c80 corporate/3.0/i586/kernel-2.6.3.41mdk-1-1mdk.i586.rpm 8fc6a7b3805adecb4a56534f12fcae90 corporate/3.0/i586/kernel-BOOT-2.6.3.41mdk-1-1mdk.i586.rpm 956b447b815899a5db2a23efbd9c0706 corporate/3.0/i586/kernel-doc-2.6.3-41mdk.i586.rpm d3ef79f5b3b0d36d8f090d961a6d7227 corporate/3.0/i586/kernel-enterprise-2.6.3.41mdk-1-1mdk.i586.rpm 99e24b00d352e7dbc0ceef3adb260e24 corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.41mdk-1-1mdk.i586.rpm f5b9b5c5af0289eadc0524fde55f158b corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.41mdk-1-1mdk.i586.rpm 7a28d45cc743da45609294b2845e10dc corporate/3.0/i586/kernel-secure-2.6.3.41mdk-1-1mdk.i586.rpm f4758ba6a1c74188063baedf9e67ac28 corporate/3.0/i586/kernel-smp-2.6.3.41mdk-1-1mdk.i586.rpm 2f000dc2f0618abc8c4d9a0039b223fd corporate/3.0/i586/kernel-source-2.6.3-41mdk.i586.rpm c18f27937a3d4bc01beef22edbfb7db0 corporate/3.0/i586/kernel-source-stripped-2.6.3-41mdk.i586.rpm 05e587fc230c88937cb5944af4a6f046 corporate/3.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm Corporate 3.0/X86_64: 1fc5885f0a82d5f6e6645c2438695cca corporate/3.0/x86_64/kernel-2.6.3.41mdk-1-1mdk.x86_64.rpm bca522e3a26ba842e03f8a11163e0c96 corporate/3.0/x86_64/kernel-BOOT-2.6.3.41mdk-1-1mdk.x86_64.rpm b41ca978accdb24394fef601b1b8dc53 corporate/3.0/x86_64/kernel-doc-2.6.3-41mdk.x86_64.rpm 9134977f58741a8523cbfb4a829516a6 corporate/3.0/x86_64/kernel-secure-2.6.3.41mdk-1-1mdk.x86_64.rpm 2dbd7043da6a8d93be955c70c326d94c corporate/3.0/x86_64/kernel-smp-2.6.3.41mdk-1-1mdk.x86_64.rpm d5a41e708c9d10f423b3b42cb1c468b5 corporate/3.0/x86_64/kernel-source-2.6.3-41mdk.x86_64.rpm 8c3d5430f5271bb78e0d2956dacaf575 corporate/3.0/x86_64/kernel-source-stripped-2.6.3-41mdk.x86_64.rpm 05e587fc230c88937cb5944af4a6f046 corporate/3.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm Corporate 4.0: 601bc40d3e1aee417e84a0ead160a7b0 corporate/4.0/i586/kernel-2.6.12.41mdk-1-1mdk.i586.rpm c063f187ac49fc74f221ad8ab7bf5262 corporate/4.0/i586/kernel-BOOT-2.6.12.41mdk-1-1mdk.i586.rpm b60281d821ea76fdb9675ff6bdaa81c4 corporate/4.0/i586/kernel-doc-2.6.12.41mdk-1-1mdk.i586.rpm 62028f52a661b0bfb74db7f5a448b1bb corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.41mdk-1-1mdk.i586.rpm 6b2a3b620559d0752c25176aecf6e57b corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.41mdk-1-1mdk.i586.rpm 071c3988845e4a4992f111b7339157f3 corporate/4.0/i586/kernel-smp-2.6.12.41mdk-1-1mdk.i586.rpm 74c2b1a2901e50bcad3890af6efcdf2c corporate/4.0/i586/kernel-source-2.6.12.41mdk-1-1mdk.i586.rpm 276dfcf2a9ae0910c8a9be627c0cf07e corporate/4.0/i586/kernel-source-stripped-2.6.12.41mdk-1-1mdk.i586.rpm ba8334270d6b11740292a83fc4252baa corporate/4.0/i586/kernel-xbox-2.6.12.41mdk-1-1mdk.i586.rpm e09627e78d3d6c25527f0e3eaae38ca7 corporate/4.0/i586/kernel-xen0-2.6.12.41mdk-1-1mdk.i586.rpm 1644f80debb044913ad386009a4cc857 corporate/4.0/i586/kernel-xenU-2.6.12.41mdk-1-1mdk.i586.rpm 0661ee7f8519e51a45cd25b5f2161d6a corporate/4.0/SRPMS/kernel-2.6.12.41mdk-1-1mdk.src.rpm Corporate 4.0/X86_64: 9d30033bd14864bf5ee38ba2c9ab099e corporate/4.0/x86_64/kernel-2.6.12.41mdk-1-1mdk.x86_64.rpm a058d1972e00d201d45a42296642309d corporate/4.0/x86_64/kernel-BOOT-2.6.12.41mdk-1-1mdk.x86_64.rpm 129fa378cd061fa034e5cff663231b71 corporate/4.0/x86_64/kernel-doc-2.6.12.41mdk-1-1mdk.x86_64.rpm 37622197500de29d3735b27713c3f0d2 corporate/4.0/x86_64/kernel-smp-2.6.12.41mdk-1-1mdk.x86_64.rpm 1181593c02d069fad2c3b358ac857b3b corporate/4.0/x86_64/kernel-source-2.6.12.41mdk-1-1mdk.x86_64.rpm b010075acfcab9ef7c9d5dce39a77ea0 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.41mdk-1-1mdk.x86_64.rpm 12239493b97086a4f49a7c0b66b99407 corporate/4.0/x86_64/kernel-xen0-2.6.12.41mdk-1-1mdk.x86_64.rpm a014566de60953577fad67048c2fda54 corporate/4.0/x86_64/kernel-xenU-2.6.12.41mdk-1-1mdk.x86_64.rpm 0661ee7f8519e51a45cd25b5f2161d6a corporate/4.0/SRPMS/kernel-2.6.12.41mdk-1-1mdk.src.rpm Multi Network Firewall 2.0: 748af5e6897f2e461c61e52c34d80c80 mnf/2.0/i586/kernel-2.6.3.41mdk-1-1mdk.i586.rpm 8fc6a7b3805adecb4a56534f12fcae90 mnf/2.0/i586/kernel-BOOT-2.6.3.41mdk-1-1mdk.i586.rpm 956b447b815899a5db2a23efbd9c0706 mnf/2.0/i586/kernel-doc-2.6.3-41mdk.i586.rpm d3ef79f5b3b0d36d8f090d961a6d7227 mnf/2.0/i586/kernel-enterprise-2.6.3.41mdk-1-1mdk.i586.rpm 99e24b00d352e7dbc0ceef3adb260e24 mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.41mdk-1-1mdk.i586.rpm f5b9b5c5af0289eadc0524fde55f158b mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.41mdk-1-1mdk.i586.rpm 7a28d45cc743da45609294b2845e10dc mnf/2.0/i586/kernel-secure-2.6.3.41mdk-1-1mdk.i586.rpm f4758ba6a1c74188063baedf9e67ac28 mnf/2.0/i586/kernel-smp-2.6.3.41mdk-1-1mdk.i586.rpm 2f000dc2f0618abc8c4d9a0039b223fd mnf/2.0/i586/kernel-source-2.6.3-41mdk.i586.rpm c18f27937a3d4bc01beef22edbfb7db0 mnf/2.0/i586/kernel-source-stripped-2.6.3-41mdk.i586.rpm 05e587fc230c88937cb5944af4a6f046 mnf/2.0/SRPMS/kernel-2.6.3.41mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKrp/xmqjQ0CJFipgRAjA1AJwMnryyeZQDX35q8ti4c9R+rerqwwCgsfVU HAazQp7JoMOduywRS/LC0SQ= =iCPs -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/