<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:087
 Date:                   August 26th, 2004

 Affected versions:      10.0, 9.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A race condition was discovered in the 64bit file offset handling by
 Paul Starzetz from iSEC.  The file offset pointer (f_pos) is changed
 during reading, writing, and seeking through a file in order to point
 to the current position of a file.  The value conversion between both
 the 32bit and 64bit API in the kernel, as well as access to the f_pos
 pointer, is defective.  As a result, a local attacker can abuse this
 vulnerability to gain access to uninitialized kernel memory, mostly
 via entries in the /proc filesystem.  This kernel memory can possibly
 contain information like the root password, and other sensitive data.
 
 The updated kernel packages provided are patched to protect against
 this vulnerability, and all users are encouraged to upgrade
 immediately.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 bb124a3bef37b02afc1f76b250934602  10.0/RPMS/kernel-2.4.25.8mdk-1-1mdk.i586.rpm
 1b5a1a95566b8c95ade266280299f1f7  10.0/RPMS/kernel-2.6.3.16mdk-1-1mdk.i586.rpm
 71e3945f2ee90f470b51f432da1796de  
10.0/RPMS/kernel-enterprise-2.4.25.8mdk-1-1mdk.i586.rpm
 971e6cb84758a85702d8327a4f38fc28  
10.0/RPMS/kernel-enterprise-2.6.3.16mdk-1-1mdk.i586.rpm
 45b678133982d69d20bdf0f6d20b0824  
10.0/RPMS/kernel-i686-up-4GB-2.4.25.8mdk-1-1mdk.i586.rpm
 5452c94f1f7d67304254e12b673b5221  
10.0/RPMS/kernel-i686-up-4GB-2.6.3.16mdk-1-1mdk.i586.rpm
 c70db4c0885bc44e7c730cd81c605957  
10.0/RPMS/kernel-p3-smp-64GB-2.4.25.8mdk-1-1mdk.i586.rpm
 a3f4ca2258bd51a06d1a4d9e8c91a0d0  
10.0/RPMS/kernel-p3-smp-64GB-2.6.3.16mdk-1-1mdk.i586.rpm
 3043c3d2248621d3e78c6706e0b21ec8  
10.0/RPMS/kernel-secure-2.6.3.16mdk-1-1mdk.i586.rpm
 6ffee0960561541e90df6fe4a94eaeee  
10.0/RPMS/kernel-smp-2.4.25.8mdk-1-1mdk.i586.rpm
 a31a725de8ed04ae8f9e7513393f25d1  
10.0/RPMS/kernel-smp-2.6.3.16mdk-1-1mdk.i586.rpm
 9123ffa0c274535a9a4ec81b133878d4  10.0/RPMS/kernel-source-2.4.25-8mdk.i586.rpm
 6433dbb5cc1c2f022babb91f85d9fc6f  10.0/RPMS/kernel-source-2.6.3-16mdk.i586.rpm
 fcca7cf53668562b0a32a6586308be56  
10.0/RPMS/kernel-source-stripped-2.6.3-16mdk.i586.rpm
 106cadf9771a8c9f95307c8d50acafb4  10.0/SRPMS/kernel-2.4.25.8mdk-1-1mdk.src.rpm
 afe1f32f4d1bf50d8c26532d7306ae5e  10.0/SRPMS/kernel-2.6.3.16mdk-1-1mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9a3392f21a14b6f39ab58b5c668c00d6  
amd64/10.0/RPMS/kernel-2.4.25.8mdk-1-1mdk.amd64.rpm
 55af2f01328e9639950a574ee8581742  
amd64/10.0/RPMS/kernel-2.6.3.16mdk-1-1mdk.amd64.rpm
 0f7a1d450d538737dfd372b1cfa94427  
amd64/10.0/RPMS/kernel-secure-2.6.3.16mdk-1-1mdk.amd64.rpm
 19ca45c3907d9e199fa4fae81f5eecce  
amd64/10.0/RPMS/kernel-smp-2.4.25.8mdk-1-1mdk.amd64.rpm
 210177187fcb6b2d8c2e5e35236c94e0  
amd64/10.0/RPMS/kernel-smp-2.6.3.16mdk-1-1mdk.amd64.rpm
 8af7563fa5bd6bbdb624673e20ca30f8  
amd64/10.0/RPMS/kernel-source-2.4.25-8mdk.amd64.rpm
 1c9e60cccf8f7c23631f66e3b8fefbbb  
amd64/10.0/RPMS/kernel-source-2.6.3-16mdk.amd64.rpm
 eb66d33a1f7145b073d19d4400dfd9cd  
amd64/10.0/RPMS/kernel-source-stripped-2.6.3-16mdk.amd64.rpm
 106cadf9771a8c9f95307c8d50acafb4  
amd64/10.0/SRPMS/kernel-2.4.25.8mdk-1-1mdk.src.rpm
 afe1f32f4d1bf50d8c26532d7306ae5e  
amd64/10.0/SRPMS/kernel-2.6.3.16mdk-1-1mdk.src.rpm

 Corporate Server 2.1:
 bd6420c05282c010ce169a0bc3ef2a1d  
corporate/2.1/RPMS/kernel-2.4.19.44mdk-1-1mdk.i586.rpm
 b7851dbc3d0ef68f1817f22344945af3  
corporate/2.1/RPMS/kernel-enterprise-2.4.19.44mdk-1-1mdk.i586.rpm
 1522b26f3002f9acdd62c7459d93e8ae  
corporate/2.1/RPMS/kernel-secure-2.4.19.44mdk-1-1mdk.i586.rpm
 3f9ac5a25a9873b1d6467fe901bc7ac2  
corporate/2.1/RPMS/kernel-smp-2.4.19.44mdk-1-1mdk.i586.rpm
 270dfc0bc5e527dc9a0f5fc19c320871  
corporate/2.1/RPMS/kernel-source-2.4.19-44mdk.i586.rpm
 d5440f2645457193cfba59858066d6fa  
corporate/2.1/SRPMS/kernel-2.4.19.44mdk-1-1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 d9732081e8aba92f7b456bd47210919b  
x86_64/corporate/2.1/RPMS/kernel-2.4.19.44mdk-1-1mdk.x86_64.rpm
 b5e1a9b21150f93cf2cccf1844832bee  
x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.44mdk-1-1mdk.x86_64.rpm
 09cfe0193ecbd936b97638d925d6d4d6  
x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.44mdk-1-1mdk.x86_64.rpm
 b7c8fe8c80e8e485a0064ff005206758  
x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-44mdk.x86_64.rpm
 d5440f2645457193cfba59858066d6fa  
x86_64/corporate/2.1/SRPMS/kernel-2.4.19.44mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1:
 bec690d551d3da5058df6a511f156c21  
9.1/RPMS/kernel-2.4.21.0.33mdk-1-1mdk.i586.rpm
 b6298da605021f7396d556db58fe6a05  
9.1/RPMS/kernel-enterprise-2.4.21.0.33mdk-1-1mdk.i586.rpm
 ea57e0af847c3638589f8c1131841cf2  
9.1/RPMS/kernel-secure-2.4.21.0.33mdk-1-1mdk.i586.rpm
 f429f092a0c6691b83434d139af63595  
9.1/RPMS/kernel-smp-2.4.21.0.33mdk-1-1mdk.i586.rpm
 49be199554329b217c7194dcb1da8214  
9.1/RPMS/kernel-source-2.4.21-0.33mdk.i586.rpm
 db80c98bd9fddc1c7f92e424fb749cfe  
9.1/SRPMS/kernel-2.4.21.0.33mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 1c7115fb314313abf81c9e6ee4378077  
ppc/9.1/RPMS/kernel-2.4.21.0.33mdk-1-1mdk.ppc.rpm
 d1b8770b326fe538f463b87840a6b837  
ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.33mdk-1-1mdk.ppc.rpm
 42c2b5da02f580744452becdd3a1eaf4  
ppc/9.1/RPMS/kernel-smp-2.4.21.0.33mdk-1-1mdk.ppc.rpm
 ff5b1972d84a48b355665b37136d9a7e  
ppc/9.1/RPMS/kernel-source-2.4.21-0.33mdk.ppc.rpm
 db80c98bd9fddc1c7f92e424fb749cfe  
ppc/9.1/SRPMS/kernel-2.4.21.0.33mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 5bef940a1edbe8ae1095bcd10467302b  9.2/RPMS/kernel-2.4.22.37mdk-1-1mdk.i586.rpm
 6ee21d50e3fbe39be2e6b3b224fd1447  
9.2/RPMS/kernel-enterprise-2.4.22.37mdk-1-1mdk.i586.rpm
 fcabb78046a63d6075d1197bc214ee6a  
9.2/RPMS/kernel-i686-up-4GB-2.4.22.37mdk-1-1mdk.i586.rpm
 d22d6bd72c99f1af8a69a64e86208331  
9.2/RPMS/kernel-p3-smp-64GB-2.4.22.37mdk-1-1mdk.i586.rpm
 1af0175e3ba79bd5e2334009760995d6  
9.2/RPMS/kernel-secure-2.4.22.37mdk-1-1mdk.i586.rpm
 f5ee987671743c3982cc1a3418a309da  
9.2/RPMS/kernel-smp-2.4.22.37mdk-1-1mdk.i586.rpm
 fc84de2d936d56056ef1599bf36bfe2f  9.2/RPMS/kernel-source-2.4.22-37mdk.i586.rpm
 e8901a215c637e9b6778d141cd0d6af2  9.2/SRPMS/kernel-2.4.22.37mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 e6246736f56fb7c91d4fcc0222ffc0a6  
amd64/9.2/RPMS/kernel-2.4.22.37mdk-1-1mdk.amd64.rpm
 fb74e209e096634ddad88216ab1d2151  
amd64/9.2/RPMS/kernel-secure-2.4.22.37mdk-1-1mdk.amd64.rpm
 42661d2b2f08d2ca0c29c49bb88808b2  
amd64/9.2/RPMS/kernel-smp-2.4.22.37mdk-1-1mdk.amd64.rpm
 57fac850dd2cfe63a54dc292a5982f4e  
amd64/9.2/RPMS/kernel-source-2.4.22-37mdk.amd64.rpm
 e8901a215c637e9b6778d141cd0d6af2  
amd64/9.2/SRPMS/kernel-2.4.22.37mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 5a3f94088190a341b3e0ba4244c64244  
mnf8.2/RPMS/kernel-secure-2.4.19.44mdk-1-1mdk.i586.rpm
 d5440f2645457193cfba59858066d6fa  
mnf8.2/SRPMS/kernel-2.4.19.44mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBLqD4mqjQ0CJFipgRAkbuAJ4huLrspfbpxJsZ3GMmzzlTl6uAMACgm1cg
WLjUXxU2NNHprF42QDLY29M=
=Hg6j
-----END PGP SIGNATURE-----