To: bugtraq@securityfocus.com
Subject: [ MDKSA-2006:040 ] - Updated kernel packages fix multiple vulnerabilities
Date: Fri, 17 Feb 2006 13:29:00 -0700
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1FACDs-0003lw-Ho@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:040
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : February 17, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The udp_v6_get_port function in udp.c, when running IPv6, allows local
users to cause a Denial of Service (infinite loop and crash)
(CVE-2005-2973).
The mq_open system call in certain situations can decrement a counter
twice as a result of multiple calls to the mntput function when the
dentry_open function call fails, allowing a local user to cause a DoS
(panic) via unspecified attack vectors (CVE-2005-3356).
The procfs code allows attackers to read sensitive kernel memory via
unspecified vectors in which a signed value is added to an unsigned
value (CVE-2005-4605).
A buffer overflow in sysctl allows local users to cause a DoS and
possibly execute arbitrary code via a long string, which causes sysctl
to write a zero byte outside the buffer (CVE-2005-4618).
A buffer overflow in the CA-driver for TwinHan DST Frontend/Card allows
local users to cause a DoS (crash) and possibly execute arbitrary code
by reading more than eight bytes into an eight byte long array
(CVE-2005-4639).
dm-crypt does not clear a structure before it is freed, which leads to
a memory disclosure that could allow local users to obtain sensitive
information about a cryptographic key (CVE-2006-0095).
Remote attackers can cause a DoS via unknown attack vectors related to
an "extra dst release when ip_options_echo fails" in icmp.c
(CVE-2006-0454).
In addition to these security fixes, other fixes have been included
such as:
- support for mptsas
- fix for IPv6 with sis190
- a problem with the time progressing twice as fast
- a fix for Audigy 2 ZS Video Editor sample rates
- a fix for a supermount crash when accessing a supermount-ed CD/DVD
drive
- a fix for improperly unloading sbp2 module
The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3356http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4618http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4639http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0095http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0454
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
dcc4059bea4a73009da92ed328e8d9e7 2006.0/RPMS/kernel-2.6.12.17mdk-1-1mdk.i586.rpm
ac45ea6b408ed5030c52ce8314ca9802 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.17mdk-1-1mdk.i586.rpm
5e35fab46c227cc00c93217b529b10fb 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.17mdk-1-1mdk.i586.rpm
df4a6406c8a52283a92fcb57d95eac0d 2006.0/RPMS/kernel-smp-2.6.12.17mdk-1-1mdk.i586.rpm
4239a2d8938361b4d29a8e56d8bd6e8a 2006.0/RPMS/kernel-source-2.6-2.6.12-17mdk.i586.rpm
a4843210cfad80c2e9c38553295d5163 2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-17mdk.i586.rpm
5e7d3446ead2d2fc62724a7d85472aab 2006.0/RPMS/kernel-xbox-2.6.12.17mdk-1-1mdk.i586.rpm
8c7982ea467e1c841608627e0ce2264f 2006.0/RPMS/kernel-xen0-2.6.12.17mdk-1-1mdk.i586.rpm
687140c2bc40e7d58d3edef69781caba 2006.0/RPMS/kernel-xenU-2.6.12.17mdk-1-1mdk.i586.rpm
60f3379dc061180667d38234f6accf18 2006.0/SRPMS/kernel-2.6.12.17mdk-1-1mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
70a4e16212e197a2c0bd06c9ad6d2862 x86_64/2006.0/RPMS/kernel-2.6.12.17mdk-1-1mdk.x86_64.rpm
56a406cd52927ba8c7fb04054baa4cf4 x86_64/2006.0/RPMS/kernel-smp-2.6.12.17mdk-1-1mdk.x86_64.rpm
1650081c68d255b825b493aae30cfaec x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-17mdk.x86_64.rpm
edb8af2127f83d27e6b14ac1d87180d8 x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-17mdk.x86_64.rpm
60f3379dc061180667d38234f6accf18 x86_64/2006.0/SRPMS/kernel-2.6.12.17mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFD9gcOmqjQ0CJFipgRAusjAKC9cDfj/3a9WLo8j/IPgcCJvzIvDACfbj4x
jXqyzrCKABVCHj8edIYaq/4=
=NPEo
-----END PGP SIGNATURE-----
