Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)
High Nessus Plugin ID 27561
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionSome vulnerabilities were discovered and corrected in the Linux 2.6 kernel :
A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size (CVE-2007-3105).
The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption) (CVE-2007-3513).
The decode_choice function allowed remote attackers to cause a denial of service (crash) via an encoded out-of-range index value for a choice field which triggered a NULL pointer dereference (CVE-2007-3642).
The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG) (CVE-2007-3848).
The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges (CVE-2007-4308).
The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register (CVE-2007-4573).
In addition to these security fixes, other fixes have been included such as :
- More NVidia PCI ids wre added
- The 3w-9xxx module was updated to version 2.26.02.010
- Fixed the map entry for ICH8
- Added the TG3 5786 PCI id
- Reduced the log verbosity of cx88-mpeg
To update your kernel, please follow the directions located at :
SolutionUpdate the affected packages.