Jump to content

Advisories (MDKSA-2006:086 ): kernel

aru

By aru
in Mandriva Security Advisories

 Share

Recommended Posts

aru Mandriva Guru

aru

Posted
Posted

Mandriva Advisories MDKSA-2006:086 : kernel

 

Updated kernel packages fix multiple vulnerabilities

May 18th, 2006

 

A number of vulnerabilities were discovered and corrected in the Linux

 

2.6 kernel:

 

 

 

Prior to Linux kernel 2.6.16.5, the kernel does not properly handle

 

uncanonical return addresses on Intel EM64T CPUs which causes the

 

kernel exception handler to run on the user stack with the wrong GS

 

(CVE-2006-0744).

 

 

 

The selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users

 

with ptrace permissions to change the tracer SID to an SID of another

 

process (CVE-2006-1052).

 

 

 

Prior to 2.6.16, the ip_push_pending_frames function increments the IP

 

ID field when sending a RST after receiving unsolicited TCP SYN-ACK

 

packets, which allows a remote attacker to conduct an idle scan attack,

 

bypassing any intended protection against such an attack

 

(CVE-2006-1242).

 

 

 

In kernel 2.6.16.1 and some earlier versions, the sys_add_key function

 

in the keyring code allows local users to cause a DoS (OOPS) via keyctl

 

requests that add a key to a user key instead of a keyring key, causing

 

an invalid dereference (CVE-2006-1522).

 

 

 

Prior to 2.6.16.8, the ip_route_input function allows local users to

 

cause a DoS (panic) via a request for a route for a multicast IP

 

address, which triggers a null dereference (CVE-2006-1525).

 

 

 

Prior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to

 

cause a DoS (infinite loop) via unknown vectors that cause an invalid

 

SCTP chunk size to be processed (CVE-2006-1527).

 

 

 

Prior to 2.6.16, local users can bypass IPC permissions and modify a

 

read-only attachment of shared memory by using mprotect to give write

 

permission to the attachment (CVE-2006-2071).

 

 

 

Prior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows remote

 

attackers to cause a DoS (kernel panic) via an unexpected chucnk when

 

the session is in CLOSED state (CVE-2006-2271).

 

 

 

Prior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS

 

(kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT

 

SCTP control chunks (CVE-2006-2272).

 

 

 

In addition to these security fixes, other fixes have been included

 

such as:

 

 

 

- fix a scheduler deadlock

 

- Yenta oops fix

 

- ftdi_sio: adds support for iPlus devices

 

- enable kprobes on i386 and x86_64

 

- avoid a panic on bind mount of autofs owned directory

 

- fix a kernel OOPs when booting with 'console=ttyUSB0' but without a

 

USB-serial dongle plugged in

 

- make dm-mirror not issue invalid resync requests

 

- fix media change detection on scsi removable devices

 

- add support for the realtek 8168 chipset

 

- update hfsplus driver to 2.6.16 state

 

- backport 'Gilgal' support from e1000 7.0.33

 

- selected ACPI video fixes

 

- update 3w-9xxx to 2.26.02.005 (9550SX support)

 

- fix a deadlock in the ext2 filesystem

 

- fix usbserial use-after-free bug

 

- add i945GM DRI support

 

- S3 resume fixes

 

- add ECS PF22 hda model support

 

- SMP suspend

 

- CPU hotplug

 

- miscellaneous AGP fixes

 

- added sata-suspend patch for 2.6.12 for Napa platform

 

 

 

The provided packages are patched to fix these vulnerabilities.All

 

users are encouraged to upgrade to these updated kernels.

 

 

 

As well, updated mkinitrd and bootsplash packages are provided to fix

 

minor issues; users should upgrade both packages prior to installing

 

a new kernel.

 

 

 

To update your kernel, please follow the directions located at:

 

 

 

http://www.mandriva.com/en/security/kernelupdate

 

 

The released versions of Mandriva GNU/Linux affected are:

  • 2006.0

Full information about this advisory, including the updated packages, is available at:

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:086

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1052

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1242

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1522

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1525

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1527

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2271

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2272

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...