Mandriva Linux Security Advisory : kernel (MDVSA-2008:234)

high Nessus Plugin ID 38027

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.
(CVE-2008-4933)

The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. (CVE-2008-4934)

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. (CVE-2008-5029)

Additionaly, support for a broadcom bluetooth dongle was added to btusb driver, an eeepc shutdown hang caused by snd-hda-intel was fixed, a Realtek auto-mute bug was fixed, the pcspkr driver was reenabled, an acpi brightness setting issue on some laptops was fixed, sata_nv (NVidia) driver bugs were fixed, horizontal mousewheel scrolling with Logitech V150 mouse was fixed, and more. Check the changelog and related bugs for more details.

This kernel also fixes the driver for Intel G45/GM45 video chipsets, in a way requiring also an updated Xorg driver, which is also being provided in this update.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

See Also

https://qa.mandriva.com/44309

https://qa.mandriva.com/44612

https://qa.mandriva.com/44712

https://qa.mandriva.com/44752

https://qa.mandriva.com/44870

https://qa.mandriva.com/44886

https://qa.mandriva.com/45319

https://qa.mandriva.com/45618

Plugin Details

Severity: High

ID: 38027

File Name: mandriva_MDVSA-2008-234.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hso-kernel-server-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-server-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest, p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:et131x-kernel-server-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.27.5-2mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omfs-kernel-server-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:vhba-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.5-desktop-2mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.5-desktop586-2mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.5-server-2mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, p-cpe:/a:mandriva:linux:x11-driver-video-intel, p-cpe:/a:mandriva:linux:x11-driver-video-intel-fast-i830, cpe:/o:mandriva:linux:2009.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/21/2008

Reference Information

CVE: CVE-2008-4933, CVE-2008-4934, CVE-2008-5029

CWE: 119, 20

MDVSA: 2008:234