MDKSA-2007:195

Nom du paquet

kernel

Date

2007-10-15

Advisory ID

MDKSA-2007:195

Affected versions

2007.1 x86_64 , 2007.1 i586 , 2007.0 x86_64 , 2007.0 i586

Problem description

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

A stack-based buffer overflow in the random number generator could
allow local root users to cause a denial of service or gain privileges
by setting the default wakeup threshold to a value greater than the
output pool size (CVE-2007-3105).

The lcd_write function did not limit the amount of memory used by
a caller, which allows local users to cause a denial of service
(memory consumption) (CVE-2007-3513).

The decode_choice function allowed remote attackers to cause a denial
of service (crash) via an encoded out-of-range index value for a choice
field which triggered a NULL pointer dereference (CVE-2007-3642).

The Linux kernel allowed local users to send arbitrary signals
to a child process that is running at higher privileges by
causing a setuid-root parent process to die which delivered an
attacker-controlled parent process death signal (PR_SET_PDEATHSIG)
(CVE-2007-3848).

The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer
ioctl patch in aacraid did not check permissions for ioctls, which
might allow local users to cause a denial of service or gain privileges
(CVE-2007-4308).

The IA32 system call emulation functionality, when running on the
x86_64 architecture, did not zero extend the eax register after the
32bit entry path to ptrace is used, which could allow local users to
gain privileges by triggering an out-of-bounds access to the system
call table using the %RAX register (CVE-2007-4573).

In addition to these security fixes, other fixes have been included
such as:

- More NVidia PCI ids wre added
- The 3w-9xxx module was updated to version 2.26.02.010
- Fixed the map entry for ICH8
- Added the TG3 5786 PCI id
- Reduced the log verbosity of cx88-mpeg

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Updated packages

2007.1 x86_64

 1432d1fbdba194acdcc48a99b9bd4724  2007.1/x86_64/kernel-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
 2d32edff36cedd8e249496cfa82e4719  2007.1/x86_64/kernel-doc-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
 1f0af512f928130e18eafd2e12bd0b15  2007.1/x86_64/kernel-doc-latest-2.6.17-16mdv.x86_64.rpm
 55ff10072e971b7ee826bd5724ce92f6  2007.1/x86_64/kernel-latest-2.6.17-16mdv.x86_64.rpm
 267f256e300350db12399c80c5bd76c7  2007.1/x86_64/kernel-source-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
 c53bb5feb090da9625b0e4c9872c6e25  2007.1/x86_64/kernel-source-latest-2.6.17-16mdv.x86_64.rpm
 cdb950f30f11337728c600a2e99a361a  2007.1/x86_64/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
 2ce0d1ce74d7a87a9cb926aa24d9c68d  2007.1/x86_64/kernel-source-stripped-latest-2.6.17-16mdv.x86_64.rpm
 bafc17acacad6204732b025157495c1a  2007.1/x86_64/kernel-xen0-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
 21f2c70634abce8dd9417d6dbd177207  2007.1/x86_64/kernel-xen0-latest-2.6.17-16mdv.x86_64.rpm
 17078611f2cdbe9ec8a4baa37c7974a1  2007.1/x86_64/kernel-xenU-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
 6f6c78f6156fa5be6a0c9396657df315  2007.1/x86_64/kernel-xenU-latest-2.6.17-16mdv.x86_64.rpm 
 5f4702ebdfed6fbc6a836f08964c911e  2007.1/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.1.src.rpm

2007.1 i586

 03c90fe390f2ae9d7ceedb9dd266cfb2  2007.1/i586/kernel-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 4070fd24952fbcc9e0d8eba63a1a0c22  2007.1/i586/kernel-doc-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 a6585e8a4e5b2aa7e809760bc86be173  2007.1/i586/kernel-doc-latest-2.6.17-16mdv.i586.rpm
 e0b8a91221cb923b0e403770d54ed5c2  2007.1/i586/kernel-enterprise-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 c55e70042ca111ba1a479fab7412b488  2007.1/i586/kernel-enterprise-latest-2.6.17-16mdv.i586.rpm
 e90e9e003a100f28946967838b75a2ac  2007.1/i586/kernel-latest-2.6.17-16mdv.i586.rpm
 deebf4ee45c5c49982b371c616d1d80c  2007.1/i586/kernel-legacy-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 afc7017f980ee6530ad613dbbd657242  2007.1/i586/kernel-legacy-latest-2.6.17-16mdv.i586.rpm
 f568fbb3f175e6a21982c75b3d5d42fa  2007.1/i586/kernel-source-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 2c3eaa1460f8ef5f89457e67a336addf  2007.1/i586/kernel-source-latest-2.6.17-16mdv.i586.rpm
 a4dfaa5eb09bce6067269880bb5e78be  2007.1/i586/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 5aac10bfc905b78a10c1f2bbee5e93c4  2007.1/i586/kernel-source-stripped-latest-2.6.17-16mdv.i586.rpm
 62b77e1b1a8dc2ce3b9b259217f7819b  2007.1/i586/kernel-xen0-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 fa5877ae7b2a6184a44d8f2fc49ff57b  2007.1/i586/kernel-xen0-latest-2.6.17-16mdv.i586.rpm
 eb1c600edc37ea22bcec5332b7a97bbe  2007.1/i586/kernel-xenU-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
 6b7f9b5fe6c0412747fa330a0156f9e8  2007.1/i586/kernel-xenU-latest-2.6.17-16mdv.i586.rpm 
 5f4702ebdfed6fbc6a836f08964c911e  2007.1/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.1.src.rpm

2007.0 x86_64

 6eebbdf78fac9ef6092be3f4f07e0fec  2007.0/x86_64/kernel-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
 b84feb968f88b161efd96711738eabb2  2007.0/x86_64/kernel-doc-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
 24f8db96f8c023208b9d3b5e9d161f5d  2007.0/x86_64/kernel-source-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
 37b99c870cc4e4aaecd17594559a2b04  2007.0/x86_64/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
 f318ae4d1d7f758ceed3c28a28bf0d7f  2007.0/x86_64/kernel-xen0-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
 bd571bf3e47a687fcd114c6c104979c1  2007.0/x86_64/kernel-xenU-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm 
 34cb36342f866a44d34627a809db2ee5  2007.0/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.0.src.rpm

2007.0 i586

 f99dbf1673d8a021cc34846f1638867b  2007.0/i586/kernel-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 50be9069d1764675309639acb2b40d56  2007.0/i586/kernel-doc-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 d21ea9807b3439ac1b5dad14dd079b14  2007.0/i586/kernel-enterprise-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 9580a6361e4d673ac8b0aaf03232007b  2007.0/i586/kernel-legacy-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 ce58edd917bbbd868ef1ce1bb128c8d1  2007.0/i586/kernel-source-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 b9177102e20d0f64b5cbff13cae899c5  2007.0/i586/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 27682940a2c1885df7ada7dd68fe9efa  2007.0/i586/kernel-xen0-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
 f96636a80d0779e84f1caa8b3d92f723  2007.0/i586/kernel-xenU-2.6.17.16mdv-1-1mdv2007.0.i586.rpm 
 34cb36342f866a44d34627a809db2ee5  2007.0/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3642
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573