[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 291/06 - Mandriva Linux Security Advisory: MDKSA-2006:072 - Updated kernel packages fix multiple vulnerabilities


- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 291/06 dated 19.04.06  Time: 14:10  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------


 Mandriva Linux Security Advisory: MDKSA-2006:072 - Updated kernel packages fix multiple 


 A number of vulnerabilities were discovered and corrected in the Linux
 2.6 kernel.

Hash: SHA1

 Mandriva Linux Security Advisory                         MDKSA-2006:072
 Package : kernel
 Date    : April 17, 2006
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 Problem Description:
 A number of vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 Prior to Linux kernel 2.6.5, a numeric casting discrepancy in sdla_xfer
 allowed local users to read portions of kernel memory (CVE-2004-2607).
 Prior to 2.6.12, multiple "range checking flaws" in ISO9660 filesystem
 handler could allow attackers to cause a DoS or corrupt memory via a
 crafted filesystem (CVE-2005-0815).
 Prior to 2.6.14-rc5, when running IPv6, the udp_v6_get_port function
 allowed local users to cause a DoS (infinite loop and crash)
 A race condition when threads are sharing memory mapping via CLONE_VM
 could allow local users to cause a DoS (deadlock) by triggering a core
 dump (CVE-2005-3106).
 When one thread is tracing another thread that shares the same memory
 map, could allow local users to cause a DoS (deadlock) by forcing a
 core dump (CVE-2005-3107).
 A race condition in the ebtables netfilter module, when running on an
 SMP system under heavy load, might allow remote attackers to cause a
 DoS (crash) via  series of packets that cause a value to be modified
 after if has been read but before it has been locked (CVE-2005-3110).
 Prior to, the ptrace functionality, using CLONE_THREAD, does
 not use the thread group ID to check whether it is attaching to itself,
 allowing local users to cause a DoS (crash) (CVE-2005-3783).
 Prior to 2.6.14, the IPv6 flow label handling code modified the wrong
 variable in certain circumstances, which allowed local user to corrupt
 kernel memory or cause a DoS (crash) by triggering a free of non-
 allocated memory (CVE-2005-3806).
 Prior to and 2.6.13, a memory leak in the icmp_push_reply
 function allowed remote attackers to cause a DoS (memory consumption)
 via a large number of crafted packets (CVE-2005-3848).
 Prior to 2.6.15-rc3, the time_out_leases function allowed local users
 to cause a DoS (kernel log message consumption) by causing a large
 number of broken leases, which is recorded to the log using the printk
 function (CVE-2005-3857).
 In addition to these security fixes, other fixes have been included
 such as:
 - fix nfs blocksize setting (bk tree)
 - update sata_sil to 0.9
 - update ndiswrapper to 1.0
 - update 3w-9xxx to (9550SX support)
 - update tg3 "ng" (3.6)
 - add support for ATI IXP400 audio (alsa) and ide
 - add support for new sata_sil chipset for RS480 platforms (NEC)
 - add support for MCP51 IDE & NIC (nForce 430)
 - various x86_64 fixes from newer kernels
 - sata_nv: support for MCP51
 - piix: ICH7 support
 - add netcell and piccolo support
 - updated e100 and e1000 drivers from 2006
 - updated aic79xx
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 To update your kernel, please follow the directions located at:

 Updated Packages:
 Corporate 3.0:
 f6616fba9e654a35e4790cc4503d7dc0  corporate/3.0/RPMS/kernel-
 9e435e279b3a2de6bc3b893600d18933  corporate/3.0/RPMS/kernel-BOOT-
 5f74a8004d02ec87b7f12bba021c6f6a  corporate/3.0/RPMS/kernel-enterprise-
 463709928da83f9eaff7347dca277731  corporate/3.0/RPMS/kernel-i686-up-4GB-
 4d623beb36a409f300adb9a2abcb782d  corporate/3.0/RPMS/kernel-p3-smp-64GB-
 ae070db81ce88a70a74e60e6ed0ddd9a  corporate/3.0/RPMS/kernel-secure-
 ed34b5257ddceff31b4e7097c90da9d3  corporate/3.0/RPMS/kernel-smp-
 e2916491b2b1e9e8fcace72656c6c6d8  corporate/3.0/RPMS/kernel-source-2.6.3-31mdk.i586.rpm
 71c1e84859bd10aa13dbfdf38b27107f  corporate/3.0/RPMS/kernel-source-stripped-2.6.3-31mdk.i586.rpm
 e93989bf2e25c73258bf769b8cff61fb  corporate/3.0/SRPMS/kernel-

 Corporate 3.0/X86_64:
 06e84e162e5daaa17121aec16fde8a37  x86_64/corporate/3.0/RPMS/kernel-
 2cca09b2cb90cefe786e7766fa732fa9  x86_64/corporate/3.0/RPMS/kernel-BOOT-
 1f56b193cb6b4412a09243e90595524a  x86_64/corporate/3.0/RPMS/kernel-secure-
 baf7a827f2e0994eac1d93e99060e5b0  x86_64/corporate/3.0/RPMS/kernel-smp-
 85949fefb7e2be8248d843e1977ffa28  x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-31mdk.x86_64.rpm
 3d6bd0850c3dc497d68097a023800593  x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-31mdk.x86_64.rpm
 e93989bf2e25c73258bf769b8cff61fb  x86_64/corporate/3.0/SRPMS/kernel-

 Multi Network Firewall 2.0:
 8f28ce72ba80cfe274f6b874ffd872a7  mnf/2.0/RPMS/kernel-
 d920396687b976d6be02952319a346b9  mnf/2.0/RPMS/kernel-i686-up-4GB-
 8ce1c9bf7091048152723d06cdad7e04  mnf/2.0/RPMS/kernel-p3-smp-64GB-
 5ce744875a7d3e5f29cd8e29c02460e5  mnf/2.0/RPMS/kernel-secure-
 5139ebdc96d687e5ac6f10dc05c87849  mnf/2.0/RPMS/kernel-smp-
 57345c3e2c354da4ddbc11449ceb124c  mnf/2.0/SRPMS/kernel-

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:


 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.2.2 (GNU/Linux)


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

Version: PGP 8.1


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 

This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email