Mandrake Linux Security Advisory : kernel (MDKSA-2006:197)

High Nessus Plugin ID 24582


The remote Mandrake Linux host is missing one or more security updates.


Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

Bugs in the netfilter for IPv6 code, as reported by Mark Dowd, were fixed (CVE-2006-4572).

The ATM subsystem of the Linux kernel could allow a remote attacker to cause a Denial of Service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (CVE-2006-4997).

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included such as :

- updated to - fix wrong error handling in pccard_store_cis - add NX mask for PTE entry on x86_64 - fix snd-hda-intel OOPS - backported support r8169-related (r8168/r8169SC) network chipsets - explicitly initialize some members of the drm_driver structure, otherwise NULL init will have bad side effects (mach64) - support for building a nosrc.rpm package - fixed unplug/eject on pcmcia cards with r8169 chipsets - fix libata resource conflicts - fix xenU crash and re-enable domU boot logs - fix refcount error triggered by software using /proc/[pid]/auxv

To update your kernel, please follow the directions located at :


Update the affected packages.

Plugin Details

Severity: High

ID: 24582

File Name: mandrake_MDKSA-2006-197.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2007/02/18

Modified: 2015/03/19

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-, p-cpe:/a:mandriva:linux:kernel-enterprise-, p-cpe:/a:mandriva:linux:kernel-legacy-, p-cpe:/a:mandriva:linux:kernel-source-, p-cpe:/a:mandriva:linux:kernel-source-stripped-, p-cpe:/a:mandriva:linux:kernel-xen0-, p-cpe:/a:mandriva:linux:kernel-xenU-, cpe:/o:mandriva:linux:2007

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2006/11/03

Reference Information

CVE: CVE-2006-4572, CVE-2006-4997

BID: 20363

MDKSA: 2006:197