MDVSA-2008:220

Package name

kernel

Date

2008-10-29

Advisory ID

MDVSA-2008:220

Affected versions

CS4.0 x86_64 , CS4.0 i586

Problem description

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The snd_seq_oss_synth_make_info function in
sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
kernel before 2.6.27-rc2 does not verify that the device number is
within the range defined by max_synthdev before returning certain
data to the caller, which allows local users to obtain sensitive
information. (CVE-2008-3272)

Unspecified vulnerability in the 32-bit and 64-bit emulation in the
Linux kernel 2.6.9, 2.6.18, and probably other versions allows local
users to read uninitialized memory via unknown vectors involving a
crafted binary. (CVE-2008-0598)

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c
in the vfs implementation in the Linux kernel before 2.6.25.15 does
not prevent creation of a child dentry for a deleted (aka S_DEAD)
directory, which allows local users to cause a denial of service
(overflow of the UBIFS orphan area) via a series of attempted file
creations within deleted directories. (CVE-2008-3275)

Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3525)

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23
does not properly zero out the dio struct, which allows local users
to cause a denial of service (OOPS), as demonstrated by a certain
fio test. (CVE-2007-6716)

fs/open.c in the Linux kernel before 2.6.22 does not properly strip
setuid and setgid bits when there is a write to a file, which allows
local users to gain the privileges of a different group, and obtain
sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped
I/O. (CVE-2008-4210)

Additionaly, support for Intel's ICH9 controller was added, and 'tg3'
driver was updated to version 3.71b.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Updated packages

CS4.0 x86_64

 a22b361c0807a66cdad1ac13dd49605a  corporate/4.0/x86_64/kernel-2.6.12.37mdk-1-1mdk.x86_64.rpm
 574e797964205ebabb7c189d76f9d054  corporate/4.0/x86_64/kernel-BOOT-2.6.12.37mdk-1-1mdk.x86_64.rpm
 bbd992c15f04bcfaf7b812455aa9c056  corporate/4.0/x86_64/kernel-doc-2.6.12.37mdk-1-1mdk.x86_64.rpm
 482eb6d9350062f90aec6f83cfad3946  corporate/4.0/x86_64/kernel-smp-2.6.12.37mdk-1-1mdk.x86_64.rpm
 d1c5836b8f094cce7060ed9b643182c5  corporate/4.0/x86_64/kernel-source-2.6.12.37mdk-1-1mdk.x86_64.rpm
 43b494d6b75c09c25d6b7d3ffee1c88a  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.37mdk-1-1mdk.x86_64.rpm
 e2b98128b36fb258737be88e426ec33f  corporate/4.0/x86_64/kernel-xen0-2.6.12.37mdk-1-1mdk.x86_64.rpm
 fda16af31ed711ade480db203401e310  corporate/4.0/x86_64/kernel-xenU-2.6.12.37mdk-1-1mdk.x86_64.rpm 
 5bbf8703855ed2e5e2243e08568f3e82  corporate/4.0/SRPMS/kernel-2.6.12.37mdk-1-1mdk.src.rpm

CS4.0 i586

 18e4f866e828c034bec76ac8d7f26525  corporate/4.0/i586/kernel-2.6.12.37mdk-1-1mdk.i586.rpm
 0bda3e86d35cd861555ca47745923a3a  corporate/4.0/i586/kernel-BOOT-2.6.12.37mdk-1-1mdk.i586.rpm
 eb998b4fbfc4112d1c440d5486478cd8  corporate/4.0/i586/kernel-doc-2.6.12.37mdk-1-1mdk.i586.rpm
 79beddb09c974d8f662a973c2a837014  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.37mdk-1-1mdk.i586.rpm
 29bb1ba0ae3d35ba7dd8bf2cdc6addd2  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.37mdk-1-1mdk.i586.rpm
 1718d610c089332182f4bdc5f5248af3  corporate/4.0/i586/kernel-smp-2.6.12.37mdk-1-1mdk.i586.rpm
 dbb042a1827e3a87285b11a98c93ee61  corporate/4.0/i586/kernel-source-2.6.12.37mdk-1-1mdk.i586.rpm
 919a6e64fd7dee06ad6415296fb93a15  corporate/4.0/i586/kernel-source-stripped-2.6.12.37mdk-1-1mdk.i586.rpm
 9ff3684803d697d89810f2746d458027  corporate/4.0/i586/kernel-xbox-2.6.12.37mdk-1-1mdk.i586.rpm
 06837d6f30639fb58fea1da2cab7097e  corporate/4.0/i586/kernel-xen0-2.6.12.37mdk-1-1mdk.i586.rpm
 c81576048b5b8e7f28a284b342fa7a6a  corporate/4.0/i586/kernel-xenU-2.6.12.37mdk-1-1mdk.i586.rpm 
 5bbf8703855ed2e5e2243e08568f3e82  corporate/4.0/SRPMS/kernel-2.6.12.37mdk-1-1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272