[Full-disclosure] [ MDVSA-2008:044 ] - Updated kernel packages fix multiple vulnerabilities and bugs




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:044
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : February 12, 2008
Affected: 2008.0
_______________________________________________________________________

Problem Description:

The wait_task_stopped function in the Linux kernel before 2.6.23.8
checks a TASK_TRACED bit instead of an exit_state value, which
allows local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third party information. (CVE-2007-5500)

The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through
2.6.23.7 allowed remote attackers to cause a denial of service (crash)
via crafted ACK responses that trigger a NULL pointer dereference
(CVE-2007-5501).

The do_corefump function in fs/exec.c in the Linux kernel prior to
2.6.24-rc3 did not change the UID of a core dump file if it exists
before a root process creates a core dump in the same location, which
could possibly allow local users to obtain sensitive information
(CVE-2007-6206).

VFS in the Linux kernel before 2.6.22.16 performed tests of access
mode by using the flag variable instead of the acc_mode variable,
which could possibly allow local users to bypass intended permissions
and remove directories (CVE-2008-0001).

The Linux kernel prior to 2.6.22.17, when using certain drivers
that register a fault handler that does not perform range checks,
allowed local users to access kernel memory via an out-of-range offset
(CVE-2008-0007).

A flaw in the vmsplice system call did not properly verify address
arguments passed by user-space processes, which allowed local
attackers to overwrite arbitrary kernel memory and gain root privileges
(CVE-2008-0600).

Mandriva urges all users to upgrade to these new kernels immediately
as the CVE-2008-0600 flaw is being actively exploited. This issue
only affects 2.6.17 and newer Linux kernels, so neither Corporate
3.0 nor Corporate 4.0 are affected.

Additionally, this kernel updates the version from 2.6.22.12 to
2.6.22.18 and fixes numerous other bugs, including:

- fix freeze when ejecting a cm40x0 PCMCIA card
- fix crash on unloading netrom
- fixes alsa-related sound issues on Dell XPS M1210 and M1330 models
- the HZ value was increased on the laptop kernel to increase
interactivity and reduce latency
- netfilter ipset, psd, and ifwlog support was re-enabled
- unionfs was reverted to a working 1.4 branch that is less buggy

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600
http://qa.mandriva.com/show_bug.cgi?id=26376
http://qa.mandriva.com/show_bug.cgi?id=29800
http://qa.mandriva.com/show_bug.cgi?id=29982
http://qa.mandriva.com/show_bug.cgi?id=30172
http://qa.mandriva.com/show_bug.cgi?id=31402
http://qa.mandriva.com/show_bug.cgi?id=32399
http://qa.mandriva.com/show_bug.cgi?id=33069
http://qa.mandriva.com/show_bug.cgi?id=32518
http://qa.mandriva.com/show_bug.cgi?id=33821
http://qa.mandriva.com/show_bug.cgi?id=34281
http://qa.mandriva.com/show_bug.cgi?id=34382
http://qa.mandriva.com/show_bug.cgi?id=34473
http://qa.mandriva.com/show_bug.cgi?id=34555
http://qa.mandriva.com/show_bug.cgi?id=34545
http://qa.mandriva.com/show_bug.cgi?id=34586
http://qa.mandriva.com/show_bug.cgi?id=34669
http://qa.mandriva.com/show_bug.cgi?id=34672
http://qa.mandriva.com/show_bug.cgi?id=35739
http://qa.mandriva.com/show_bug.cgi?id=35887
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
7b5ceca8ce64708f377eeb71c0e10e23 2008.0/i586/kernel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
55a44ed6c80c19aefa92cb24c778151b 2008.0/i586/kernel-desktop-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
c90ef43a4399b90601f4ce83d000c912 2008.0/i586/kernel-desktop-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
ba4506fa31394301727cdec372dd11eb 2008.0/i586/kernel-desktop-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm
9767bf67321d55a35472e47500cf9bef 2008.0/i586/kernel-desktop-latest-2.6.22.18-1mdv2008.0.i586.rpm
eef0f77e0ce9097e04ff83d767d185cc 2008.0/i586/kernel-desktop586-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
6faffa5511ee8b5e91e741936dc8a454 2008.0/i586/kernel-desktop586-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
53e7bee334003b342a15132bed12023b 2008.0/i586/kernel-desktop586-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm
394a534e170c43d1b55b6708a924f95d 2008.0/i586/kernel-desktop586-latest-2.6.22.18-1mdv2008.0.i586.rpm
003f0d7e3b64edaac3ae3dede01e4e87 2008.0/i586/kernel-doc-2.6.22.18-1mdv2008.0.i586.rpm
3410c9d62fb9f2364f159f519ddc9ef1 2008.0/i586/kernel-laptop-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
3a8426442dbb91d18c6684f4ef22efa8 2008.0/i586/kernel-laptop-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
958f4be00ad9df4466629774fa926887 2008.0/i586/kernel-laptop-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm
7bb1033745587e8b9a5069b61c316c76 2008.0/i586/kernel-laptop-latest-2.6.22.18-1mdv2008.0.i586.rpm
ebe2489f7f1357e246563fabea2401ae 2008.0/i586/kernel-server-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
a6be151dbc9c40b4e3ca181e64f76475 2008.0/i586/kernel-server-devel-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
c70a9e6846d383ada63d65730d5bbf5a 2008.0/i586/kernel-server-devel-latest-2.6.22.18-1mdv2008.0.i586.rpm
3c80910bc870474990439b2a24a2ccf1 2008.0/i586/kernel-server-latest-2.6.22.18-1mdv2008.0.i586.rpm
9be418acd2c39224c341f4c0fcd9c3ce 2008.0/i586/kernel-source-2.6.22.18-1mdv-1-1mdv2008.0.i586.rpm
a616addeb5cf234668b26ccf4a4cc7bd 2008.0/i586/kernel-source-latest-2.6.22.18-1mdv2008.0.i586.rpm
d3419624d951fbdb358849a60639efbf 2008.0/SRPMS/kernel-2.6.22.18-1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
a043c2596652edf905109924045103da 2008.0/x86_64/kernel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
f8921ac78c1acfc6bbd9b03a9676d315 2008.0/x86_64/kernel-desktop-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
61a39804f6460a7f087c6ae7695aacce 2008.0/x86_64/kernel-desktop-devel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
505d6b320b4f9feef2d40f1c8e537035 2008.0/x86_64/kernel-desktop-devel-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
bb8a829cd780094992161f92d94bd2c8 2008.0/x86_64/kernel-desktop-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
23bb1b9557c46cbc52770a20c8ba81b1 2008.0/x86_64/kernel-doc-2.6.22.18-1mdv2008.0.x86_64.rpm
f7edfd597fc01cef7c0bfdf3bf0e7315 2008.0/x86_64/kernel-laptop-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
208f863d0cce2262ee099daa250605e2 2008.0/x86_64/kernel-laptop-devel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
cbe57c60ec79096f9f2b9ae3ebb26ab5 2008.0/x86_64/kernel-laptop-devel-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
add09ce293fd8c7605c3b49c5990ab92 2008.0/x86_64/kernel-laptop-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
b8125bfe9b765e8281e30a667a2c501c 2008.0/x86_64/kernel-server-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
dfaa2aedd25d8f9f91939c9e1e0247d6 2008.0/x86_64/kernel-server-devel-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
cb703b65dd2b935737183562509130a6 2008.0/x86_64/kernel-server-devel-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
27e6fd0a49b49952aa164be304a491b3 2008.0/x86_64/kernel-server-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
38644d73897d971d4bdca8e8a71ac962 2008.0/x86_64/kernel-source-2.6.22.18-1mdv-1-1mdv2008.0.x86_64.rpm
f21aef3923cdd51c3444add2e97fc0d6 2008.0/x86_64/kernel-source-latest-2.6.22.18-1mdv2008.0.x86_64.rpm
d3419624d951fbdb358849a60639efbf 2008.0/SRPMS/kernel-2.6.22.18-1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHsUIOmqjQ0CJFipgRAp5kAKDDJWsqKNEFNrMda0AF9KQY7Glt3ACffY6G
8qA8TQpDH/TNXmq0c51Wqhw=
=wL/x
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages