LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated kernel packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. (CVE-2007-3740) The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:105
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : May 21, 2008
 Affected: 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
 extension support is enabled, does not honor the umask of a process,
 which allows local users to gain privileges. (CVE-2007-3740)
 
 The drm/i915 component in the Linux kernel before 2.6.22.2, when
 used with i965G and later chipsets, allows local users with access
 to an X11 session and Direct Rendering Manager (DRM) to write
 to arbitrary memory locations and gain privileges via a crafted
 batchbuffer. (CVE-2007-3851)
 
 The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
 in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
 certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
 units, which allows local users to cause a denial of service (panic)
 via unspecified vectors. (CVE-2007-4133)
 
 The IA32 system call emulation functionality in Linux kernel 2.4.x
 and 2.6.x before 2.6.22.7, when running on the x86_64 architecture,
 does not zero extend the eax register after the 32bit entry path to
 ptrace is used, which might allow local users to gain privileges by
 triggering an out-of-bounds access to the system call table using
 the %RAX register. This vulnerability is now being fixed in the Xen
 kernel too. (CVE-2007-4573)
 
 Integer underflow in the ieee80211_rx function in
 net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before
 2.6.23 allows remote attackers to cause a denial of service (crash)
 via a crafted SKB length value in a runt IEEE 802.11 frame when
 the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two
 error. (CVE-2007-4997)
 
 The disconnect method in the Philips USB Webcam (pwc) driver in Linux
 kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
 which allows user-assisted local attackers to cause a denial of service
 (USB subsystem hang and CPU consumption in khubd) by not closing the
 device after the disconnect is invoked. NOTE: this rarely crosses
 privilege boundaries, unless the attacker can convince the victim to
 unplug the affected device. (CVE-2007-5093)
 
 A race condition in the directory notification subsystem (dnotify)
 in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1,
 allows local users to cause a denial of service (OOPS) and possibly
 gain privileges via unspecified vectors. (CVE-2008-1375)
 
 The Linux kernel before 2.6.25.2 does not apply a certain protection
 mechanism for fcntl functionality, which allows local users to (1)
 execute code in parallel or (2) exploit a race condition to obtain
 re-ordered access to the descriptor table. (CVE-2008-1669)
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3851
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4133
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 c4a2d4a2c510a0b264ecc556ae95d9c1  2007.1/i586/kernel-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 8a9067dced69f2a98d84a91b565d53b2  2007.1/i586/kernel-doc-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 3781406fba53b54e10f10c673ad54734  2007.1/i586/kernel-doc-latest-2.6.17-18mdv.i586.rpm
 0ab62eecb317efb9f395067acff4f197  2007.1/i586/kernel-enterprise-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 fa94fc4948555ddae5f333e51c1edac5  2007.1/i586/kernel-enterprise-latest-2.6.17-18mdv.i586.rpm
 0997abceef3793c25a8fa5fee56af005  2007.1/i586/kernel-latest-2.6.17-18mdv.i586.rpm
 02b79be3ea9a145e8e264e2f104c27fb  2007.1/i586/kernel-legacy-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 53e8e4e029f99fede270f4a4e9b1f105  2007.1/i586/kernel-legacy-latest-2.6.17-18mdv.i586.rpm
 b38fcb899cd7e473bd07ab296a0edc52  2007.1/i586/kernel-source-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 df638346ea8e84c542b5d54173ef40f7  2007.1/i586/kernel-source-latest-2.6.17-18mdv.i586.rpm
 5749113a50606c4f81f1371150c59041  2007.1/i586/kernel-source-stripped-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 bb3e5dddd12bfc05809a83f9c5e5a568  2007.1/i586/kernel-source-stripped-latest-2.6.17-18mdv.i586.rpm
 4d4708a7c62727c704db6fa7a244d426  2007.1/i586/kernel-xen0-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 44b7732796ed652fc66034a2e1983f29  2007.1/i586/kernel-xen0-latest-2.6.17-18mdv.i586.rpm
 1d6b03aad48cbe295ad461605d234eac  2007.1/i586/kernel-xenU-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
 af2a8a7596097a04a22292686da8471f  2007.1/i586/kernel-xenU-latest-2.6.17-18mdv.i586.rpm 
 327a8315418ff84959418928fc9873a5  2007.1/SRPMS/kernel-2.6.17.18mdv-1-1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 4b114a0b6712df7b93582805489a0e18  2007.1/x86_64/kernel-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
 fb4214952ca5cc240adaeec74e377181  2007.1/x86_64/kernel-doc-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
 30744081c4e43f608359eea6e201a4cd  2007.1/x86_64/kernel-doc-latest-2.6.17-18mdv.x86_64.rpm
 0e8a29bbe26469de5ec6e9ec44b02c13  2007.1/x86_64/kernel-latest-2.6.17-18mdv.x86_64.rpm
 1f3a2aa6965565c2db3bb5ca823fb546  2007.1/x86_64/kernel-source-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
 7f3564691ddacf4e8a7d4ce874b8a33e  2007.1/x86_64/kernel-source-latest-2.6.17-18mdv.x86_64.rpm
 fe9ecda0a6ea8a0723898ccda5292bc8  2007.1/x86_64/kernel-source-stripped-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
 f7c9adbabba9b8a56fec55715a1e4858  2007.1/x86_64/kernel-source-stripped-latest-2.6.17-18mdv.x86_64.rpm
 3e9422670548692022834ac806204fb8  2007.1/x86_64/kernel-xen0-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
 2c18b8148db64d58d2a076b0b0b13d21  2007.1/x86_64/kernel-xen0-latest-2.6.17-18mdv.x86_64.rpm
 10f28963d97d785b4bbea94610e4d478  2007.1/x86_64/kernel-xenU-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
 efa8b29e7e3d5907ccdf917514797e07  2007.1/x86_64/kernel-xenU-latest-2.6.17-18mdv.x86_64.rpm 
 327a8315418ff84959418928fc9873a5  2007.1/SRPMS/kernel-2.6.17.18mdv-1-1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.