<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:062 - Updated kernel packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:062
 Date:                   June 23rd, 2004

 Affected versions:      10.0, 9.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and
 earlier was discovered by Chris Wright.  The e1000 driver does not
 properly reset memory or restrict the maximum length of a data
 structure, which can allow a local user to read portions of kernel
 memory (CAN-2004-0535).
 
 A vulnerability was also discovered in the kernel were a certain C
 program would trigger a floating point exception that would crash the
 kernel.  This vulnerability can only be triggered locally by users with
 shell access (CAN-2004-0554).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554
  http://www.kb.cert.org/vuls/id/973654
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 4d206822c79940210133a7480d21e3df  10.0/RPMS/kernel-2.4.25.6mdk-1-1mdk.i586.rpm
 68bcd25169105b157075c49ae1afc652  10.0/RPMS/kernel-2.6.3.14mdk-1-1mdk.i586.rpm
 abf8ad1259bf4f92a49e36dfcf3c9c39  
10.0/RPMS/kernel-enterprise-2.4.25.6mdk-1-1mdk.i586.rpm
 312e78a0c775dbb7b9cbef0d99a04fcd  
10.0/RPMS/kernel-enterprise-2.6.3.14mdk-1-1mdk.i586.rpm
 e488a38369863ce174eedaf556cb3b89  
10.0/RPMS/kernel-i686-up-4GB-2.4.25.6mdk-1-1mdk.i586.rpm
 4793fe40b2af0fdd5864f72db0615e50  
10.0/RPMS/kernel-i686-up-4GB-2.6.3.14mdk-1-1mdk.i586.rpm
 762657bdede72b9a35acb17b395ee1ff  
10.0/RPMS/kernel-p3-smp-64GB-2.4.25.6mdk-1-1mdk.i586.rpm
 20aef99ab5994559227cbd7010d24e3a  
10.0/RPMS/kernel-p3-smp-64GB-2.6.3.14mdk-1-1mdk.i586.rpm
 08196ea86336c42d850916038a6b40ba  
10.0/RPMS/kernel-secure-2.6.3.14mdk-1-1mdk.i586.rpm
 98edb621bf6194742b9f4acf41ac798a  
10.0/RPMS/kernel-smp-2.4.25.6mdk-1-1mdk.i586.rpm
 97b43a5beecc427cec5339f7b230937b  
10.0/RPMS/kernel-smp-2.6.3.14mdk-1-1mdk.i586.rpm
 c61995bd80f09c18d644b63574830564  10.0/RPMS/kernel-source-2.4.25-6mdk.i586.rpm
 a595b55173adb08a6ee525aba7a11bcf  10.0/RPMS/kernel-source-2.6.3-14mdk.i586.rpm
 356ca3809548835c8d1543b1c5bd2c78  
10.0/RPMS/kernel-source-stripped-2.6.3-14mdk.i586.rpm
 84c88cb9db5910bf541d69d041d146a2  10.0/SRPMS/kernel-2.4.25.6mdk-1-1mdk.src.rpm
 7dd3f9640e29fd2365338e6350d38ef8  10.0/SRPMS/kernel-2.6.3.14mdk-1-1mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 0bbe2751bf80eb4cd0b62d577e580c44  
amd64/10.0/RPMS/kernel-2.4.25.6mdk-1-1mdk.amd64.rpm
 2ed3cdb8d1d5a9da83e068c4be01f91f  
amd64/10.0/RPMS/kernel-2.6.3.14mdk-1-1mdk.amd64.rpm
 aa4eee1b7d2e75100e9fac4f60484c2d  
amd64/10.0/RPMS/kernel-secure-2.6.3.14mdk-1-1mdk.amd64.rpm
 6c68464ee6a8f8e6abfd4aec1bc01c2a  
amd64/10.0/RPMS/kernel-smp-2.4.25.6mdk-1-1mdk.amd64.rpm
 acc109c127a3c52cf1d2e0f86834a62a  
amd64/10.0/RPMS/kernel-smp-2.6.3.14mdk-1-1mdk.amd64.rpm
 fdd0f9614d7fe27508319c021e83a41e  
amd64/10.0/RPMS/kernel-source-2.4.25-6mdk.amd64.rpm
 dfc6b8544787e556a30d1165cce8bfbc  
amd64/10.0/RPMS/kernel-source-2.6.3-14mdk.amd64.rpm
 23f827e67259b79381a9e8dd454880fa  
amd64/10.0/RPMS/kernel-source-stripped-2.6.3-14mdk.amd64.rpm
 84c88cb9db5910bf541d69d041d146a2  
amd64/10.0/SRPMS/kernel-2.4.25.6mdk-1-1mdk.src.rpm
 7dd3f9640e29fd2365338e6350d38ef8  
amd64/10.0/SRPMS/kernel-2.6.3.14mdk-1-1mdk.src.rpm

 Corporate Server 2.1:
 46927be757f70a59c86cdf11b3e43c92  
corporate/2.1/RPMS/kernel-2.4.19.41mdk-1-1mdk.i586.rpm
 d08b40244502502acadf9ba1b0e9762b  
corporate/2.1/RPMS/kernel-enterprise-2.4.19.41mdk-1-1mdk.i586.rpm
 66749baa06773ce3942e2f770140502c  
corporate/2.1/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.i586.rpm
 32a44dfa574bbbc50d316a5c8a4ef6ba  
corporate/2.1/RPMS/kernel-smp-2.4.19.41mdk-1-1mdk.i586.rpm
 40213434e41fefe88d20f4231a1f9734  
corporate/2.1/RPMS/kernel-source-2.4.19-41mdk.i586.rpm
 60c9941aba0d698ad72f9d2308433b1c  
corporate/2.1/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 db88d345b01e85d2c6cfb01f1e28c3f1  
x86_64/corporate/2.1/RPMS/kernel-2.4.19.42mdk-1-1mdk.x86_64.rpm
 eaa43fee45b287b47e59a17206040308  
x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.42mdk-1-1mdk.x86_64.rpm
 88db1fa53a907a7ae59b561501053963  
x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.42mdk-1-1mdk.x86_64.rpm
 a63ab72190d8214f8e242fe298c49a41  
x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-42mdk.x86_64.rpm
 b175ee4e191ff0f4098793413dd63c71  
x86_64/corporate/2.1/SRPMS/kernel-2.4.19.42mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1:
 71a8d1ae72fb050e3f4a07fcecf2f6f6  
9.1/RPMS/kernel-2.4.21.0.31mdk-1-1mdk.i586.rpm
 30998cdc47a6005198d7bff758c15fa8  
9.1/RPMS/kernel-enterprise-2.4.21.0.31mdk-1-1mdk.i586.rpm
 2d50a264c7578cb525ffef5b9c6c256c  
9.1/RPMS/kernel-secure-2.4.21.0.31mdk-1-1mdk.i586.rpm
 d380dafaea573b0f8d135f442ac84085  
9.1/RPMS/kernel-smp-2.4.21.0.31mdk-1-1mdk.i586.rpm
 fef500ffec1c0ec7e63daa040cea2d3e  
9.1/RPMS/kernel-source-2.4.21-0.31mdk.i586.rpm
 f3c09dcecb57b158e7e064b58be290fc  
9.1/SRPMS/kernel-2.4.21.0.31mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 0ae9dba70be3135ed2d58b18744d5c88  
ppc/9.1/RPMS/kernel-2.4.21.0.31mdk-1-1mdk.ppc.rpm
 32c60b01cdc16a585ddd75c00f0f1b99  
ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.31mdk-1-1mdk.ppc.rpm
 444be2eb864edc3e71de2a80ff1707c5  
ppc/9.1/RPMS/kernel-smp-2.4.21.0.31mdk-1-1mdk.ppc.rpm
 0defa0d78d83de206b45d3e0f6f8c6b2  
ppc/9.1/RPMS/kernel-source-2.4.21-0.31mdk.ppc.rpm
 f3c09dcecb57b158e7e064b58be290fc  
ppc/9.1/SRPMS/kernel-2.4.21.0.31mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 f8d407d6b8c33d23e1869b192d86c581  9.2/RPMS/kernel-2.4.22.35mdk-1-1mdk.i586.rpm
 eb13e94eb20684ac0a28d61f06f7d55b  
9.2/RPMS/kernel-enterprise-2.4.22.35mdk-1-1mdk.i586.rpm
 ed513e7698ee869227bb178239e4fd6b  
9.2/RPMS/kernel-i686-up-4GB-2.4.22.35mdk-1-1mdk.i586.rpm
 19382a345801c54d057569d4cd238457  
9.2/RPMS/kernel-p3-smp-64GB-2.4.22.35mdk-1-1mdk.i586.rpm
 1eff108d820b8eaaf4aa30dc57037e38  
9.2/RPMS/kernel-secure-2.4.22.35mdk-1-1mdk.i586.rpm
 554f24dd143cef8e46db249210ee6698  
9.2/RPMS/kernel-smp-2.4.22.35mdk-1-1mdk.i586.rpm
 0e4a8b55bfc63b9c69bd3ffcbf36deb3  9.2/RPMS/kernel-source-2.4.22-35mdk.i586.rpm
 9aada28aa2b9f835d3dc4cc30f856ca6  9.2/SRPMS/kernel-2.4.22.35mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 445f0184ca8c02e0a3f915408c6e8f2c  
amd64/9.2/RPMS/kernel-2.4.22.35mdk-1-1mdk.amd64.rpm
 dc7be7702ba82ca3e5e1c5c07ec5a7a7  
amd64/9.2/RPMS/kernel-secure-2.4.22.35mdk-1-1mdk.amd64.rpm
 7249a64585c3fdb4e0c819274ffa5d6b  
amd64/9.2/RPMS/kernel-smp-2.4.22.35mdk-1-1mdk.amd64.rpm
 36684fff4f1d13784af9d539df01ba67  
amd64/9.2/RPMS/kernel-source-2.4.22-35mdk.amd64.rpm
 9aada28aa2b9f835d3dc4cc30f856ca6  
amd64/9.2/SRPMS/kernel-2.4.22.35mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 fdd6ea13be5777eb4ac69ae4a15149eb  
mnf8.2/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.i586.rpm
 60c9941aba0d698ad72f9d2308433b1c  
mnf8.2/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA2dQumqjQ0CJFipgRAvsvAJwKYoGaMGxqb9ZWhapI96NYwd9+uQCghmDy
OB/7YIx91p7173icwYh3Ito=
=FVyW
-----END PGP SIGNATURE-----