-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:232 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : November 28, 2007 Affected: 2008.0 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream (CVE-2006-6058). An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set (CVE-2007-4997). To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5c1343b5d8ffdced8a3976f204f51525 2008.0/i586/kernel-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm 35d9b9d32b2dea3ced31c287dc48e7b5 2008.0/i586/kernel-desktop-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm a0f6e8a00bcb369f60b42eda0a31e9a4 2008.0/i586/kernel-desktop-devel-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm a2be11654f2b06d0579b6a3f5272c31a 2008.0/i586/kernel-desktop-devel-latest-2.6.22.12-1mdv2008.0.i586.rpm 4ac1c0d45cd643dbea927050e0a4010a 2008.0/i586/kernel-desktop-latest-2.6.22.12-1mdv2008.0.i586.rpm beac61f42065285b3b2f34212d52d8d0 2008.0/i586/kernel-desktop586-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm eb5bc9029a09d92870d1b2e33410eadd 2008.0/i586/kernel-desktop586-devel-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm cb9ff0a7902a734e7f1378c46d2e024e 2008.0/i586/kernel-desktop586-devel-latest-2.6.22.12-1mdv2008.0.i586.rpm 5640e6c9846abf1cffdbba58517bc4f3 2008.0/i586/kernel-desktop586-latest-2.6.22.12-1mdv2008.0.i586.rpm f47fc0edd34149905ec9c979b365ea1e 2008.0/i586/kernel-doc-2.6.22.12-1mdv2008.0.i586.rpm 4281e10a6a2ea8d0eec91e5d4c7f4a97 2008.0/i586/kernel-laptop-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm bf0cdddc00747ca1eac97596d110b2b0 2008.0/i586/kernel-laptop-devel-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm d8901cba80555234b45b7291966232f7 2008.0/i586/kernel-laptop-devel-latest-2.6.22.12-1mdv2008.0.i586.rpm fc3f4e82c13a8fe0a3d7c138a4242523 2008.0/i586/kernel-laptop-latest-2.6.22.12-1mdv2008.0.i586.rpm 4471d2e11e5814d6b00a92203eb624fd 2008.0/i586/kernel-server-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm 3fd2a0f03031e55e1fd688f18a111909 2008.0/i586/kernel-server-devel-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm 60bebc8c572331ea54da8e2f2003d184 2008.0/i586/kernel-server-devel-latest-2.6.22.12-1mdv2008.0.i586.rpm 3603a84dec2dd525aee503face0f5466 2008.0/i586/kernel-server-latest-2.6.22.12-1mdv2008.0.i586.rpm 0fdee78f39eb58e8ed656dc746247805 2008.0/i586/kernel-source-2.6.22.12-1mdv-1-1mdv2008.0.i586.rpm 68e878051bf3584e2544382ffe685d4f 2008.0/i586/kernel-source-latest-2.6.22.12-1mdv2008.0.i586.rpm 666ec61a6b9f117b3a991bc0163b66a2 2008.0/SRPMS/kernel-2.6.22.12-1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 8a4670ea37e195b450780c65c1e848e1 2008.0/x86_64/kernel-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm d423ea385be4e43c2e3662faf02ec952 2008.0/x86_64/kernel-desktop-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm 24d0752af597feb7d7df1ef0412010a4 2008.0/x86_64/kernel-desktop-devel-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm 61932b1d0078387f5212919776940e62 2008.0/x86_64/kernel-desktop-devel-latest-2.6.22.12-1mdv2008.0.x86_64.rpm fff4298a795775460b87f2fe0b757d10 2008.0/x86_64/kernel-desktop-latest-2.6.22.12-1mdv2008.0.x86_64.rpm a32ef6a87dc4a8dd28b6a83b810de9ff 2008.0/x86_64/kernel-doc-2.6.22.12-1mdv2008.0.x86_64.rpm 80b7e690f462eaf2993595afd70c9de0 2008.0/x86_64/kernel-laptop-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm 7f6df46dd7a05574c001527a3341b28d 2008.0/x86_64/kernel-laptop-devel-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm efa087282b33923c354846909ec1585c 2008.0/x86_64/kernel-laptop-devel-latest-2.6.22.12-1mdv2008.0.x86_64.rpm a24374352a24ce5c9e9fbfaf9c7f130d 2008.0/x86_64/kernel-laptop-latest-2.6.22.12-1mdv2008.0.x86_64.rpm 7a078712aea92dc7ce3f36288e6126e8 2008.0/x86_64/kernel-server-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm 53876a6ab82a4eabecb97be39a256d9b 2008.0/x86_64/kernel-server-devel-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm bc7dc1b24b0acf0f0a4c819a765bd6f6 2008.0/x86_64/kernel-server-devel-latest-2.6.22.12-1mdv2008.0.x86_64.rpm 915a90d1b7dfd1f1b443d77191d90dad 2008.0/x86_64/kernel-server-latest-2.6.22.12-1mdv2008.0.x86_64.rpm 7b9728978473981add1ab6f95272a3ac 2008.0/x86_64/kernel-source-2.6.22.12-1mdv-1-1mdv2008.0.x86_64.rpm e5e79acce294760ba2250590efffbcb1 2008.0/x86_64/kernel-source-latest-2.6.22.12-1mdv2008.0.x86_64.rpm 666ec61a6b9f117b3a991bc0163b66a2 2008.0/SRPMS/kernel-2.6.22.12-1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHTalKmqjQ0CJFipgRAmuMAKC5vYuP+GWkDtVgvHdlonswXNInPACgt14z xMNG7xobmmz9u/fFFl77ZFw= =+r4e -----END PGP SIGNATURE-----
