Jump to content

Advisories MDKSA-2006:151: Updated kernel packages fix multiple vulnerabilities

paul

By paul
in Mandriva Security Advisories

 Share

Recommended Posts

paul Platinum

paul

Posted
Posted

A number of vulnerabilities were discovered and corrected in the Linux

2.6 kernel:

 

Prior to and including 2.6.16-rc2, when running on x86_64 systems with

preemption enabled, local users can cause a DoS (oops) via multiple

ptrace tasks that perform single steps (CVE-2006-1066).

 

Prior to 2.6.16, a directory traversal vulnerability in CIFS could

allow a local user to escape chroot restrictions for an SMB-mounted

filesystem via ".." sequences (CVE-2006-1863).

 

Prior to 2.6.16, a directory traversal vulnerability in smbfs could

allow a local user to escape chroot restrictions for an SMB-mounted

filesystem via ".." sequences (CVE-2006-1864).

 

Prior to to 2.6.16.23, SCTP conntrack in netfilter allows remote

attackers to cause a DoS (crash) via a packet without any chunks,

causing a variable to contain an invalid value that is later used to

dereference a pointer (CVE-2006-2934).

 

The dvd_read_bca function in the DVD handling code assigns the wrong

value to a length variable, which could allow local users to execute

arbitrary code via a crafted USB storage device that triggers a buffer

overflow (CVE-2006-2935).

 

Prior to 2.6.17, the ftdi_sio driver could allow local users to cause

a DoS (memory consumption) by writing more data to the serial port than

the hardware can handle, causing the data to be queued (CVE-2006-2936).

 

The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers

to cause a DoS (file system panic) via a crafted UDP packet with a V2

lookup procedure that specifies a bad file handle (inode number),

triggering an error and causing an exported directory to be remounted

read-only (CVE-2006-3468).

 

The 2.6 kernel's SCTP was found to cause system crashes and allow for

the possibility of local privilege escalation due to a bug in the

get_user_iov_size() function that doesn't properly handle overflow when

calculating the length of iovec (CVE-2006-3745).

 

The provided packages are patched to fix these vulnerabilities. All

users are encouraged to upgrade to these updated kernels immediately

and reboot to effect the fixes.

 

In addition to these security fixes, other fixes have been included

such as:

 

- added support for new devices:

o Testo products in usb-serial

o ATI SB600 IDE

o ULI M-1573 south Bridge

o PATA and SATA support for nVidia MCP55, MCP61, MCP65, and AMD CS5536

o Asus W6A motherboard in snd-hda-intel

o bcm 5780

- fixed ip_gre module unload OOPS

- enabled opti621 driver for x86 and x86_64

- fixed a local DoS introduced by an imcomplete fix for CVE-2006-2445

- updated to Xen 3.0.1 with selected fixes

- enable hugetlbfs

 

To update your kernel, please follow the directions located at:

 

http://www.mandriva.com/en/security/kernelupdate

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...