[ MDVSA-2008:167 ] kernel

[dude67]

[ MDVSA-2008:167 ] kernel

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and
other versions before 2.6.25.3 does not check file permissions when
certain UTIME_NOW and UTIME_OMIT combinations are used, which allows
local users to modify file times of arbitrary files, possibly leading
to a denial of service. (CVE-2008-2148)

Integer overflow in the dccp_feat_change function in net/dccp/feat.c
in the Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users
to gain privileges via an invalid feature length, which leads to a
heap-based buffer overflow. (CVE-2008-2358)

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the
Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause
a denial of service (kernel heap memory corruption and system
crash) and possibly have unspecified other impact via a crafted
PPPOL2TP packet that results in a large value for a certain length
variable. (CVE-2008-2750)

Linux kernel 2.6.18, and possibly other versions, when running on
AMD64 architectures, allows local users to cause a denial of service
(crash) via certain ptrace calls. (CVE-2008-1615)

Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users
to cause a denial of service (resource consumption and system outage)
via vectors involving a large addr_num field in an sctp_getaddrs_old
data structure. (CVE-2008-2826)

Race condition in the directory notification subsystem (dnotify)
in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1,
allows local users to cause a denial of service (OOPS) and possibly
gain privileges via unspecified vectors. (CVE-2008-1375)

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in
Linux kernel 2.6.x before 2.6.25.1 does not properly check certain
information related to register size, which has unspecified impact
and local attack vectors, probably related to reading or writing
kernel memory. (CVE-2008-1675)

Linux kernel before 2.6.25.2 does not apply a certain protection
mechanism for fcntl functionality, which allows local users to (1)
execute code in parallel or (2) exploit a race condition to obtain
re-ordered access to the descriptor table. (CVE-2008-1669)

Additionaly, a number of fixes has been included for the rtc driver,
Arima W651DI audio chipset, unionfs, as well as Tomoyolinux has
been updated to 1.6.3, UDF 2.50 support was added, and a few things
more. Check the package changelog for more details.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2136
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2148
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2358
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2750
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-1615
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2826
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-1375
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-1675
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-1669
_______________________________________________________________________