MDKSA-2006:059

Package name

kernel

Date

2006-03-22

Advisory ID

MDKSA-2006:059

Affected versions

2006.0 i586 , 2006.0 x86_64

Problem description

A number of vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

sysctl.c in the Linux kernel prior to 2.6.14.1 allows local users to
cause a Denial of Service (kernel oops) and possibly execute code by
opening an interface file in /proc/sys/net/ipv4/conf/, waiting until
the interface is unregistered, then obtaining and modifying function
pointers in memory that was used for the ctl_table (CVE-2005-2709).

Multiple vulnerabilities in versions prior to 2.6.13.2 allow local
users to cause a DoS (oops from null dereference) via fput in a 32bit
ioctl on 64-bit x86 systems or sockfd_put in the 32-bit routing_ioctl
function on 64-bit systems (CVE-2005-3044). Note that this was
previously partially corrected in MDKSA-2005:235.

Prior to 2.6.14, the kernel's atm module allows local users to cause a
DoS (panic) via certain socket calls that produce inconsistent reference
counts for loadable protocol modules (CVE-2005-3359).

A race condition in the (1) add_key, (2) request_key, and (3) keyctl
functions in the 2.6.x kernel allows local users to cause a DoS (crash)
or read sensitive kernel memory by modifying the length of a string
argument between the time that the kernel calculates the length and
when it copies the data into kernel memory (CVE-2006-0457).

Prior to 2.6.15.5, the kernel allows local users to obtain sensitive
information via a crafted XFS ftruncate call, which may return stale
data (CVE-2006-0554).

Prior to 2.6.15.5, the kernel allows local users to cause a DoS (NFS
client panic) via unknown attack vectors related to the use of O_DIRECT
(CVE-2006-0555).

Prior to an including kernel 2.6.16, sys_mbind in mempolicy.c does not
sanity check the maxnod variable before making certain computations,
which has an unknown impact and attack vectors (CVE-2006-0557).

Prior to 2.6.15.5, the kernel allows local users to cause a DoS
("endless recursive fault") via unknown attack vectors related to a
"bad elf entry address" on Intel processors (CVE-2006-0741).

Prior to 2.6.15.6, the die_if_kernel function in the kernel can allow
local users to cause a DoS by causing user faults on Itanium systems
(CVE-2006-00742).

A race in the signal-handling code which allows a process to become
unkillable when the race is triggered was also fixed.

In addition to these security fixes, other fixes have been included
such as:

- add ich8 support
- libata locking rewrite
- libata clear ATA_QCFLAG_ACTIVE flag before calling the completion
callback
- support the Acer Aspire 5xxx/3xxx series in the acerhk module
- USB storage: remove info sysfs file as it violates the sysfs one
value per file rule
- fix OOPS in sysfs_hash_and_remove_file()
- pl2303 USB driver fixes; makes pl2303HX chip work correctly
- fix OOPS in IPMI driver which is probably caused when trying to use
ACPI functions when ACPI was not properly initialized
- fix de_thread() racy BUG_ON()

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Please note that users using the LSI Logic 53c1030 dual-channel ultra
320 SCSI card will need to re-create their initrd images manually
prior to rebooting in order to fix a bug that prevents booting. A
future update will correct this problem. To do this, execute:

# rm /boot/initrd-2.6.12-18mdk.img
# mkinitrd /boot/initrd-2.6.12-18mdk.img 2.6.12-18mdk --with-module=mptspi

Updated packages

2006.0 i586

 1b218623b306f20afa82d0016d7f2b02  2006.0/RPMS/kernel-2.6.12.18mdk-1-1mdk.i586.rpm
 a051bd99d550490b0f878e53e68dad2f  2006.0/RPMS/kernel-BOOT-2.6.12.18mdk-1-1mdk.i586.rpm
 2ed8565ec9f4bbf280ee38563cbf5ae9  2006.0/RPMS/kernel-i586-up-1GB-2.6.12.18mdk-1-1mdk.i586.rpm
 93f467fbc20508c7cfcc1291c00883a4  2006.0/RPMS/kernel-i686-up-4GB-2.6.12.18mdk-1-1mdk.i586.rpm
 6d682e1336225bfe35c145a9b735cee2  2006.0/RPMS/kernel-smp-2.6.12.18mdk-1-1mdk.i586.rpm
 e2a7bf396ef80eb13b3b49e49a632d5e  2006.0/RPMS/kernel-source-2.6-2.6.12-18mdk.i586.rpm
 61e26ccfa23888a5e877137565bd2e62  2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-18mdk.i586.rpm
 d6b3b6357df23337584dcf53d17468d3  2006.0/RPMS/kernel-xbox-2.6.12.18mdk-1-1mdk.i586.rpm
 4b6b2309768ff66a5277cd0b2ad6135f  2006.0/RPMS/kernel-xen0-2.6.12.18mdk-1-1mdk.i586.rpm
 6ea381cb538e6f845bdf7dd10f15b623  2006.0/RPMS/kernel-xenU-2.6.12.18mdk-1-1mdk.i586.rpm
 661bf62bc99323115940fd5a088df875  2006.0/SRPMS/kernel-2.6.12.18mdk-1-1mdk.src.rpm

2006.0 x86_64

 f01f7df9165bc18cecef5c306fadd288  x86_64/2006.0/RPMS/kernel-2.6.12.18mdk-1-1mdk.x86_64.rpm
 d1c1a1bd3a95220dbb33dc51a8bf6515  x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.18mdk-1-1mdk.x86_64.rpm
 bab61b2878c55528c09c327e8fdbb444  x86_64/2006.0/RPMS/kernel-smp-2.6.12.18mdk-1-1mdk.x86_64.rpm
 222a970d935dcd178f943e2cedb96091  x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-18mdk.x86_64.rpm
 2a327a55284339a3cec137b10f55b16d  x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-18mdk.x86_64.rpm
 661bf62bc99323115940fd5a088df875  x86_64/2006.0/SRPMS/kernel-2.6.12.18mdk-1-1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3359
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0457
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0554
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0555
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0557
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0741
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0742