Paketname
kernel
Datum
2008-01-11
Advisory ID
MDVSA-2008:008
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The CIFS filesystem, when Unix extension support is enabled, does
not honor the umask of a process, which allows local users to gain
privileges. (CVE-2007-3740)

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors. (CVE-2007-4133)

The IA32 system call emulation functionality in Linux kernel 2.4.x
and 2.6.x before 2.6.22.7, when running on the x86_64 architecture,
does not zero extend the eax register after the 32bit entry path to
ptrace is used, which might allow local users to gain privileges by
triggering an out-of-bounds access to the system call table using the
%RAX register. This issue was already fixed in the regular kernel,
it is now being fixed also in the Xen kernel. (CVE-2007-4573)

Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before
2.6.23 allows remote attackers to cause a denial of service (crash)
via a crafted SKB length value in a runt IEEE 802.11 frame when
the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two
error. (CVE-2007-4997)

The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. (CVE-2007-5093)

The wait_task_stopped function in the Linux kernel before 2.6.23.8
checks a TASK_TRACED bit instead of an exit_state value, which
allows local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third party information. (CVE-2007-5500)

The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and
possibly other versions, allows local users to cause a denial of
service (hang) via a malformed minix file stream that triggers an
infinite loop in the minix_bmap function. NOTE: this issue might be
due to an integer overflow or signedness error. (CVE-2006-6058)

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in
Linux kernel 2.6.23 allows local users to have an unknown impact via
a crafted argument to the isdn_ioctl function. (CVE-2007-6063)

Additionaly, support for Promise 4350 controller was added (stex
module).

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Aktualisierte Pakete

CS4.0 x86_64

 d2e4070842e4a6ea4d9e029a5977d929  corporate/4.0/x86_64/kernel-2.6.12.33mdk-1-1mdk.x86_64.rpm
 bf3014e8afe93ab0a8877e1d80d921e4  corporate/4.0/x86_64/kernel-BOOT-2.6.12.33mdk-1-1mdk.x86_64.rpm
 ac4c529077ff74e82362c1b7d4404233  corporate/4.0/x86_64/kernel-doc-2.6.12.33mdk-1-1mdk.x86_64.rpm
 fe2963758a2fbef0ed561dd41741f1f0  corporate/4.0/x86_64/kernel-smp-2.6.12.33mdk-1-1mdk.x86_64.rpm
 f8ea4d85518c1e2e6a8b163febbb39f8  corporate/4.0/x86_64/kernel-source-2.6.12.33mdk-1-1mdk.x86_64.rpm
 773dd4eb7e4ebbe76c49817399bdfb23  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.33mdk-1-1mdk.x86_64.rpm
 83c8eb396798958d3a0581f7610973e8  corporate/4.0/x86_64/kernel-xen0-2.6.12.33mdk-1-1mdk.x86_64.rpm
 e3a4fc8ac6984d283aebcbf8c733942f  corporate/4.0/x86_64/kernel-xenU-2.6.12.33mdk-1-1mdk.x86_64.rpm 
 877a5d94905829128211ecc1dd538138  corporate/4.0/SRPMS/kernel-2.6.12.33mdk-1-1mdk.src.rpm

CS4.0 i586

 07fa3648c4fcad266094de58ee5f7976  corporate/4.0/i586/kernel-2.6.12.33mdk-1-1mdk.i586.rpm
 e252e134fca461feeee210bc85fe0b66  corporate/4.0/i586/kernel-BOOT-2.6.12.33mdk-1-1mdk.i586.rpm
 2364ec022ffd41f61ef19aa4da196584  corporate/4.0/i586/kernel-doc-2.6.12.33mdk-1-1mdk.i586.rpm
 56b9c725e2370594ea37bff83bec8adf  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.33mdk-1-1mdk.i586.rpm
 ac5b435ab4b230da799b12b06054e3e5  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.33mdk-1-1mdk.i586.rpm
 4bd260613b29981fd3b0a742707c6785  corporate/4.0/i586/kernel-smp-2.6.12.33mdk-1-1mdk.i586.rpm
 4111453b8da035fa44428f7d79b77c64  corporate/4.0/i586/kernel-source-2.6.12.33mdk-1-1mdk.i586.rpm
 c31d879b0becf2c84569ad18615fbe7c  corporate/4.0/i586/kernel-source-stripped-2.6.12.33mdk-1-1mdk.i586.rpm
 9e8f1b4d991c1b144b5e999b647bbce6  corporate/4.0/i586/kernel-xbox-2.6.12.33mdk-1-1mdk.i586.rpm
 895efcf862e5e8428ceec714f29666da  corporate/4.0/i586/kernel-xen0-2.6.12.33mdk-1-1mdk.i586.rpm
 bab9c0071d482b0e3c03c181b8cca71a  corporate/4.0/i586/kernel-xenU-2.6.12.33mdk-1-1mdk.i586.rpm 
 877a5d94905829128211ecc1dd538138  corporate/4.0/SRPMS/kernel-2.6.12.33mdk-1-1mdk.src.rpm

Referenzen