Nom du paquet
kernel
Date
2007-03-09
Advisory ID
MDKSA-2007:060
Affected versions
CS4.0 x86_64 , 2006.0 i586 , 2006.0 x86_64 , CS4.0 i586

Problem description

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel:

The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms
would allow a local user to cause a DoS (crash) via a malformed ELF file
(CVE-2006-4538).

The mincore function in the Linux kernel did not properly lock access to
user space, which has unspecified impact and attack vectors, possibly
related to a deadlock (CVE-2006-4814).

An unspecified vulnerability in the listxattr system call, when a "bad
inode" is present, could allow a local user to cause a DoS (data
corruption) and possibly gain privileges via unknown vectors
(CVE-2006-5753).

The zlib_inflate function allows local users to cause a crash via a
malformed filesystem that uses zlib compression that triggers memory
corruption (CVE-2006-5823).

The ext3fs_dirhash function could allow local users to cause a DoS
(crash) via an ext3 stream with malformed data structures
(CVE-2006-6053).

When SELinux hooks are enabled, the kernel could allow a local user to
cause a DoS (crash) via a malformed file stream that triggers a NULL
pointer derefernece (CVE-2006-6056).

The key serial number collision avoidance code in the key_alloc_serial
function in kernels 2.6.9 up to 2.6.20 allows local users to cause a
crash via vectors thatr trigger a null dereference (CVE-2007-0006).

The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker
to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that
triggered a free of an incorrect pointer (CVE-2007-0772).

A local user could read unreadable binaries by using the interpreter
(PT_INTERP) functionality and triggering a core dump; a variant of
CVE-2004-1073 (CVE-2007-0958).

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels immediately
and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included
such as:

- add PCI IDs for cciss driver (HP ML370G5 / DL360G5)
- fixed a mssive SCSI reset on megasas (Dell PE2960)
- increased port-reset completion delay for HP controllers (HP ML350)
- NUMA rnage fixes for x86_64
- various netfilter fixes

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Updated packages

CS4.0 x86_64

 8bdd8e4d2d3ab03ff666b7588ec011f6  corporate/4.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm
 7e3081d6804343fcc51a2ce06836081e  corporate/4.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm
 bb6a57a5ad26361394ff00db94f8f5e3  corporate/4.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm
 9aae4c3ce22091d4ca787a41a11231ff  corporate/4.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm
 8ce06bd6a4144757828d29d83a690827  corporate/4.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm
 70757f12ac8d99d5881a4c6becbd2503  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm
 d3e1f96967bf0a5351d51ede84f078ca  corporate/4.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm
 6931563b47316f8572f0cd4cb0ebd3e1  corporate/4.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm 
 20b9766dbaf813ba017fe3884771a80b  corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm

2006.0 i586

 b7c0334ecb73bb3b14173ef4dcdfa51b  2006.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm
 8307e34d54134ab5cb41833d1b9d7742  2006.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm
 d329fdf03e99dfa15b08bb7c2791ed37  2006.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm
 3cf6a4198f43493932ea8251d4ee82dc  2006.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm
 c03817495740a0e9b1420f0991baf47f  2006.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm
 3e96d0ad0b5637d62db5233ca2df7d47  2006.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm
 65e1e7c5c155045d52474444870b13d3  2006.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm
 9b62d79a9503c6f0db71166409c48c39  2006.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm
 553faeda754e6007c592aa5ba5c48ea0  2006.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm
 4ee72a08f25d24ee409fdab7c8ec4f17  2006.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm
 53304c8f505a4cbac0ac9a2ff01b379b  2006.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm 
 d7a287562aed00fbc8167aa55bbb3bb9  2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm

2006.0 x86_64

 08d9bfee92615f6bd8b3f71b2756fdaf  2006.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm
 a750f3e67d9a0d6b07711e08f22e647b  2006.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm
 20196c168b6bc40f5bebd3ea2c5c82f6  2006.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm
 d65bd5fd54715215d957d2fa412cbe79  2006.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm
 164d4bb97970b852c88a872a70240e55  2006.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm
 af11e7ddade582c262d9281c965c25d8  2006.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm
 53cdf75192bc3a626ad68f9dfd90769d  2006.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm
 c9299e6bf5fc41af71fbd03ebd80b151  2006.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm 
 d7a287562aed00fbc8167aa55bbb3bb9  2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm

CS4.0 i586

 71a9ce7e6ad36f939ae4585a5446e2ce  corporate/4.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm
 b3682d92693d4d7481540b2412128ee3  corporate/4.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm
 375a99017c6032af0fbf53c6e2ac0f9e  corporate/4.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm
 7ef9e2dce86995c5054f0f81587bae14  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm
 8e4861bfc6150a73f331010b242505f5  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm
 fc5b1a7d5b45e9b6f94d1b75a2b252cd  corporate/4.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm
 f616f5a779f3be6febf27506deea96ca  corporate/4.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm
 2bc31f06ab60d5f5c09b522ba275c35e  corporate/4.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm
 c450285103a7742c8505cce505b6cb30  corporate/4.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm
 16b35579daacc6bef494c140e0332910  corporate/4.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm
 957962b563ad39490ac49ee1f328d2d3  corporate/4.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm 
 20b9766dbaf813ba017fe3884771a80b  corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm

References