Advisories (MDKSA-2006:072 ): kernel

aru · April 24, 2006

Mandriva Advisories MDKSA-2006:072 : kernel

Updated kernel packages fix multiple vulnerabilities

April 17th, 2006

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Prior to Linux kernel 2.6.5, a numeric casting discrepancy in sdla_xfer allowed local users to read portions of kernel memory (CVE-2004-2607). Prior to 2.6.12, multiple "range checking flaws" in ISO9660 filesystem handler could allow attackers to cause a DoS or corrupt memory via a crafted filesystem (CVE-2005-0815). Prior to 2.6.14-rc5, when running IPv6, the udp_v6_get_port function allowed local users to cause a DoS (infinite loop and crash) (CVE-2005-2973). A race condition when threads are sharing memory mapping via CLONE_VM could allow local users to cause a DoS (deadlock) by triggering a core dump (CVE-2005-3106). When one thread is tracing another thread that shares the same memory map, could allow local users to cause a DoS (deadlock) by forcing a core dump (CVE-2005-3107). A race condition in the ebtables netfilter module, when running on an SMP system under heavy load, might allow remote attackers to cause a DoS (crash) viaseries of packets that cause a value to be modified after if has been read but before it has been locked (CVE-2005-3110). Prior to 2.6.14.2, the ptrace functionality, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, allowing local users to cause a DoS (crash) (CVE-2005-3783). Prior to 2.6.14, the IPv6 flow label handling code modified the wrong variable in certain circumstances, which allowed local user to corrupt kernel memory or cause a DoS (crash) by triggering a free of non- allocated memory (CVE-2005-3806). Prior to 2.6.12.6 and 2.6.13, a memory leak in the icmp_push_reply function allowed remote attackers to cause a DoS (memory consumption) via a large number of crafted packets (CVE-2005-3848). Prior to 2.6.15-rc3, the time_out_leases function allowed local users to cause a DoS (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function (CVE-2005-3857). In addition to these security fixes, other fixes have been included such as: - fix nfs blocksize setting (bk tree) - update sata_sil to 0.9 - update ndiswrapper to 1.0 - update 3w-9xxx to 2.26.04.007 (9550SX support) - update tg3 "ng" (3.6) - add support for ATI IXP400 audio (alsa) and ide - add support for new sata_sil chipset for RS480 platforms (NEC) - add support for MCP51 IDE & NIC (nForce 430) - various x86_64 fixes from newer kernels - sata_nv: support for MCP51 - piix: ICH7 support - add netcell and piccolo support - updated e100 and e1000 drivers from 2006 - updated aic79xx The provided packages are patched to fix these vulnerabilities.All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate

The released versions of Mandriva GNU/Linux affected are: