Mandriva Update For Kernel MDKSA-2007:232 (kernel) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream (CVE-2006-6058). An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set (CVE-2007-4997). To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate

Affected

kernel on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2006-6058, CVE-2007-4997

CVSS	Base Score: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:144 (ghostscript)
Mandrake Security Advisory MDVSA-2009:101 (xpdf)
Mandrake Security Advisory MDVSA-2009:134 (firefox)
Mandrake Security Advisory MDVSA-2009:084 (firefox)
Mandrake Security Advisory MDVSA-2009:045 (php)

Mandriva Update for kernel MDKSA-2007:232 (kernel)

Take action and discover your vulnerabilities