Mandriva 1274 Published by

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:123
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : July 13, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The kernel did not clear sockaddr_in.sin_zero before returning IPv4
socket names for the getsockopt function, which could allow a local
user to obtain portions of potentially sensitive memory if getsockopt()
is called with SO_ORIGINAL_DST (CVE-2006-1343).

Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS
implementation could allow a remote attacker to cause a Denial of
Service via a remote NDIS response (CVE-2006-1368).

Prior to 2.6.13, local users could cause a Denial of Service (crash)
via a dio transfer from the sg driver to memory mapped IO space
(CVE-2006-1528).

Prior to and including 2.6.16, the kernel did not add the appropriate
LSM file_permission hooks to the readv and writev functions, which
could allow an attacker to bypass intended access restrictions
(CVE-2006-1856).

Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote
attacker to cause a DoS (crash) and possibly execute arbitrary code
via a malformed HB-ACK chunk (CVE-2006-1857).

Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS
(crash) and possibly execute arbitrary code via a chunk length that is
inconsistent with the actual length of provided parameters
(CVE-2006-1858).

Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an attacker
to cause a DoS (memory consumption) via unspecified actions
(CVE-2006-1859).

Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker to
cause a DoS (fcntl_setlease lockup) via certain actions (CVE-2006-1860).

Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS (infinite
recursion and crash) via a packet that contains two or more DATA
fragments (CVE-2006-2274).

Prior to 2.6.16.21, a race condition in run_posix_cpu timers could allow
a local user to cause a DoS (BUG_ON crash) by causing one CPU to attach
a timer to a process that is exiting (CVE-2006-2445).

Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to cause
a DoS (infinite loop) via an SCTP chunk with a 0 length (CVE-2006-3085).

As well, an issue where IPC could hit an unmapped vmalloc page when
near the page boundary has been corrected.

In addition to these security fixes, other fixes have been included
such as:

- avoid automatic update of kernel-source without updating the kernel
- fix USB EHCI handoff code, which made some machines hang while
booting
- disable USB_BANDWIDTH which corrects a known problem in some USB
sound devices
- fix a bluetooth refcounting bug which could hang the machine
- fix a NULL pointer dereference in USB-Serial's serial_open()
function
- add missing wakeup in pl2303 TIOCMIWAIT handling
- fix a possible user-after-free in USB-Serial core
- suspend/resume fixes
- HPET timer fixes
- prevent fixed button event to reach userspace on S3 resume
- add sysfs support in ide-tape
- fix ASUS P5S800 reboot

Finally, a new drbd-utils package is provided that is a required
upgrade with this new kernel due to a logic bug in the previously
shipped version of drbd-utils that could cause a kernel panic on
the master when a slave went offline.

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3085
http://qa.mandriva.com/show_bug.cgi?id=22860
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
6deeff1b4604a7423cd0836bb47cf22c 2006.0/RPMS/drbd-utils-0.7.19-2.1.20060mdk.i586.rpm
e0a9422ea0372348d0e7f9bf643321dd 2006.0/RPMS/drbd-utils-heartbeat-0.7.19-2.1.20060mdk.i586.rpm
1f31130ae26f66e224148bcb0afa3b82 2006.0/RPMS/kernel-2.6.12.23mdk-1-1mdk.i586.rpm
c257931ad599d5c3a59a3f5c5444496e 2006.0/RPMS/kernel-BOOT-2.6.12.23mdk-1-1mdk.i586.rpm
5212cd3d7c4dcc8da030fc20bdeecd29 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.23mdk-1-1mdk.i586.rpm
b8a96e33ad5df3198c60f7302c695a1f 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.23mdk-1-1mdk.i586.rpm
ffb0b1c7e4919b28b89d7636b3d27c52 2006.0/RPMS/kernel-smp-2.6.12.23mdk-1-1mdk.i586.rpm
e5caf57af026af95b40151e31206c512 2006.0/RPMS/kernel-source-2.6.12.23mdk-1-1mdk.i586.rpm
27d1b92bd2cb4ca83c543888e4897288 2006.0/RPMS/kernel-source-stripped-2.6.12.23mdk-1-1mdk.i586.rpm
3dae8ba1445aac17ddcba810a1b6d4b3 2006.0/RPMS/kernel-xbox-2.6.12.23mdk-1-1mdk.i586.rpm
94ec749ac32122a16d3af409ee55f257 2006.0/RPMS/kernel-xen0-2.6.12.23mdk-1-1mdk.i586.rpm
867f834703a5699000beffc31de57de4 2006.0/RPMS/kernel-xenU-2.6.12.23mdk-1-1mdk.i586.rpm
291c47123a499c37d927cc18906eef93 2006.0/SRPMS/drbd-utils-0.7.19-2.1.20060mdk.src.rpm
008cf4d555bc98e67b6bb04a1a7fdfd8 2006.0/SRPMS/kernel-2.6.12.23mdk-1-1mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2665fcbebbbc1b8d3b111e4175b69ca5 x86_64/2006.0/RPMS/drbd-utils-0.7.19-2.1.20060mdk.x86_64.rpm
2b44612405e4424d7775f4c6ce20df6a x86_64/2006.0/RPMS/drbd-utils-heartbeat-0.7.19-2.1.20060mdk.x86_64.rpm
79a0d55afacadebc94f81b14d21f1a5c x86_64/2006.0/RPMS/kernel-2.6.12.23mdk-1-1mdk.x86_64.rpm
2fa6c0023710d65de429dd6d0e759817 x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.23mdk-1-1mdk.x86_64.rpm
de9bef05e34a3e539bcb1aceb8c713bc x86_64/2006.0/RPMS/kernel-smp-2.6.12.23mdk-1-1mdk.x86_64.rpm
ffa4baaa5a96eb88e0655559da2622f7 x86_64/2006.0/RPMS/kernel-source-2.6.12.23mdk-1-1mdk.x86_64.rpm
6b5b62941bf2c34a975b9aaf1a9efa1f x86_64/2006.0/RPMS/kernel-source-stripped-2.6.12.23mdk-1-1mdk.x86_64.rpm
291c47123a499c37d927cc18906eef93 x86_64/2006.0/SRPMS/drbd-utils-0.7.19-2.1.20060mdk.src.rpm
008cf4d555bc98e67b6bb04a1a7fdfd8 x86_64/2006.0/SRPMS/kernel-2.6.12.23mdk-1-1mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEtmw/mqjQ0CJFipgRAt2LAJ9eOFAilZ1BDQiGpb4p3YYnuhfSlACgnpC+
ngqd/ZvspcOB9n+Tm3jIC40=
=DPwm
-----END PGP SIGNATURE-----