Mandrake Linux Security Advisory : kernel (MDKSA-2006:197)

high Nessus Plugin ID 24582

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

Bugs in the netfilter for IPv6 code, as reported by Mark Dowd, were fixed (CVE-2006-4572).

The ATM subsystem of the Linux kernel could allow a remote attacker to cause a Denial of Service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (CVE-2006-4997).

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included such as :

- updated to 2.6.17.14 - fix wrong error handling in pccard_store_cis - add NX mask for PTE entry on x86_64 - fix snd-hda-intel OOPS - backported support r8169-related (r8168/r8169SC) network chipsets - explicitly initialize some members of the drm_driver structure, otherwise NULL init will have bad side effects (mach64) - support for building a nosrc.rpm package - fixed unplug/eject on pcmcia cards with r8169 chipsets - fix libata resource conflicts - fix xenU crash and re-enable domU boot logs - fix refcount error triggered by software using /proc/[pid]/auxv

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 24582

File Name: mandrake_MDKSA-2006-197.nasl

Version: 1.18

Type: local

Published: 2/18/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.6mdv, p-cpe:/a:mandriva:linux:kernel-2.6.17.6mdv, p-cpe:/a:mandriva:linux:kernel-xenu-2.6.17.6mdv, p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.6mdv, p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.6mdv, p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.6mdv, cpe:/o:mandriva:linux:2007, p-cpe:/a:mandriva:linux:kernel-source-2.6.17.6mdv

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2006

Reference Information

CVE: CVE-2006-4572, CVE-2006-4997

BID: 20363

MDKSA: 2006:197