Home page logo

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Mon, 03 Oct 2005 13:46:39 -0600

Hash: SHA1


                Mandriva Linux Security Update Advisory

 Package name:           kernel
 Advisory ID:            MDKSA-2005:171
 Date:                   October 3rd, 2005

 Affected versions:      Corporate 3.0, Multi Network Firewall 2.0

 Problem Description:

 A number of vulnerabilities in the 2.6 Linux kernel have been corrected
 with these updated packages:
 An array index overflow in the xfrm_sk_policy_insert function could
 allow a local user to cause a Denial of Service (oops or deadlock) and
 possibly execute arbitrary code (CAN-2005-2456).
 The zlib routines in the Linux 2.6 kernel before allowed a
 remote attacker to cause a DoS (crash) via a compressed file with
 "improper tables" (CAN-2005-2458).
 The huft_build function in the zlib routines in Linux 2.6 kernels prior
 to returned the wrong value, allowing remote attackers to
 cause a DoS (crash) via a certain compressed file (CAN-2005-2459).
 A stack-based buffer overflow in the sendmsg function call in Linux 2.6
 kernels prior to allow local users to execute arbitrary code by
 calling sendmsg and modifying the message contents in another thread
 xattr.c in the ext2 and ext3 file system code in the 2.6 Linux kernel
 did not properly compare the name_index fields when sharing xattr
 blocks which would prevent default ACLs from being applied
 The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 when
 running on 64-bit processors allowed remote attackers to cause a DoS
 (kernel panic) via certain attacks such as SSH brute force
 The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 did
 not properly perform certain time tests when the jiffies value is
 greater than LONG_MAX which could cause ipt_recent netfilter rules to
 block too early (CAN-2005-2873).
 The updated packages have been patched to address these issues and all
 users are urged to upgrade immediately.
 Updated kernels for Mandrivalinux 10.1 and later will be made available



 Updated Packages:
 Multi Network Firewall 2.0:
 f7468b4d253251b7c7a5ee84571193c5  mnf/2.0/RPMS/kernel-
 a9d37454e919b348a708922d2aece2ca  mnf/2.0/RPMS/kernel-i686-up-4GB-
 790766354d63b081ce608ee769b73574  mnf/2.0/RPMS/kernel-p3-smp-64GB-
 c5a5e24e5cc9b8c9cc17867966a3d70b  mnf/2.0/RPMS/kernel-secure-
 7cdb6d2c133e02457229ef6eb2a7b405  mnf/2.0/RPMS/kernel-smp-
 9c8a3b678f7a51be86a3555542a59188  mnf/2.0/SRPMS/kernel-

 Corporate 3.0:
 0f6c6ac828beca090b72d4f25b34ded2  corporate/3.0/RPMS/kernel-
 8b228ab0567e6f8cae1e15fe44261f97  corporate/3.0/RPMS/kernel-enterprise-
 4177dbd5341d41d1605b83546b1b419b  corporate/3.0/RPMS/kernel-i686-up-4GB-
 543e310e249819d29d19354cac294376  corporate/3.0/RPMS/kernel-p3-smp-64GB-
 0a6fd8b7c3434a6e903fa2183e5ef23c  corporate/3.0/RPMS/kernel-secure-
 fccb12c9f27dc1b72e4d1ff212ae29d0  corporate/3.0/RPMS/kernel-smp-
 15a9d0b1914ca4b47dc49d694ede1c33  corporate/3.0/RPMS/kernel-source-2.6.3-28mdk.i586.rpm
 a62fc25d549523e00efa006644543dda  corporate/3.0/RPMS/kernel-source-stripped-2.6.3-28mdk.i586.rpm
 9c8a3b678f7a51be86a3555542a59188  corporate/3.0/SRPMS/kernel-

 Corporate 3.0/X86_64:
 8ad1a6656bc68149b775b6012b4b3d10  x86_64/corporate/3.0/RPMS/kernel-
 aced128f099513e241f79bceaff13733  x86_64/corporate/3.0/RPMS/kernel-secure-
 c67c7c76be4a011de9a6e2c26bd22af6  x86_64/corporate/3.0/RPMS/kernel-smp-
 aef5ccc688591da64d004c4eb50a8ad4  x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-28mdk.x86_64.rpm
 2436bca0b07afefecdba53f24a9c8f73  x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-28mdk.x86_64.rpm
 9c8a3b678f7a51be86a3555542a59188  x86_64/corporate/3.0/SRPMS/kernel-

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:


 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team

Version: GnuPG v1.2.4 (GNU/Linux)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities Mandriva Security Team (Oct 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]