<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2005:022
 Date:                   January 25th, 2005

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1,
                         Corporate Server 3.0,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with
 this advisory:
 
 - Multiple race conditions in the terminal layer of 2.4 and 2.6
   kernels (prior to 2.6.9) can allow a local attacker to obtain
   portions of kernel data or allow remote attackers to cause a kernel
   panic by switching from console to PPP line discipline, then quickly
   sending data that is received during the switch (CAN-2004-0814)
 
 - Richard Hart found an integer underflow problem in the iptables
   firewall logging rules that can allow a remote attacker to crash the
   machine by using a specially crafted IP packet.  This is only
   possible, however, if firewalling is enabled.  The problem only
   affects 2.6 kernels and was fixed  upstream in 2.6.8 (CAN-2004-0816)
 
 - Stefan Esser found several remote DoS confitions in the smbfs file
   system.  This could be exploited by a hostile SMB server (or an
   attacker injecting packets into the network) to crash the client
   systems (CAN-2004-0883 and CAN-2004-0949)
 
 - Paul Starzetz and Georgi Guninski reported, independantly, that bad
   argument handling and bad integer arithmetics in the IPv4 sendmsg
   handling of control messages could lead to a local attacker crashing
   the machine.  The fixes were done by Herbert Xu (CAN-2004-1016)
 
 - Rob Landley discovered a race condition in the handling of
   /proc/.../cmdline where, under rare circumstances, a user could read
   the environment variables of another process that was still spawning
   leading to the potential disclosure of sensitive information such as
   passwords (CAN-2004-1058)
 
 - Paul Starzetz reported that the missing serialization in
   unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by
   a local attacker to gain elevated (root) privileges (CAN-2004-1068)
 
 - Ross Kendall Axe discovered a possible kernel panic (DoS) while
   sending AF_UNIX network packets if certain SELinux-related kernel
   options were enabled.  By default the CONFIG_SECURITY_NETWORK and
   CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069)
 
 - Paul Starzetz of isec.pl discovered several issues with the error
   handling of the ELF loader routines in the kernel.  The fixes were
   provided by Chris Wright (CAN-2004-1070, CAN-2004-1071,
   CAN-2004-1072, CAN-2004-1073)
 
 - It was discovered that hand-crafted a.out binaries could be used to
   trigger a local DoS condition in both the 2.4 and 2.6 kernels.  The
   fixes were done by Chris Wright (CAN-2004-1074)
 
 - Paul Starzetz found bad handling in the IGMP code which could lead
   to a local attacker being able to crash the machine.  The fix was
   done by Chris Wright (CAN-2004-1137)
 
 - Jeremy Fitzhardinge discovered two buffer overflows in the
   sys32_ni_syscall() and sys32_vm86_warning() functions that could be
   used to overwrite kernel memory with attacker-supplied code resulting
   in privilege escalation (CAN-2004-1151)
 
 - Paul Starzetz found locally exploitable flaws in the binary format
   loader's uselib() function that could be abused to allow a local
   user to obtain root privileges (CAN-2004-1235)
 
 - Paul Starzetz found an exploitable flaw in the page fault handler
   when running on SMP machines (CAN-2005-0001)
 
 - A vulnerability in insert_vm_struct could allow a locla user to
   trigger BUG() when the user created a large vma that overlapped with
   arg pages during exec (CAN-2005-0003)
 
 - Paul Starzetz also found a number of vulnerabilities in the kernel
   binfmt_elf loader that could lead a local user to obtain elevated
   (root) privileges (isec-0017-binfmt_elf)
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandrakesoft.com/security/kernelupdate
 
 PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the
 latest module-init-tools package prior to upgrading their kernel.
 Likewise, MNF8.2 users will need to upgrade to the latest modutils
 package prior to upgrading their kernel.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0816
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1069
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1151
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003
  http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
  http://www.ussg.iu.edu/hypermail/linux/kernel/0411.1/1222.html
  http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 3d615b76ac136595a7458135e1f839c6  10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm
 8872bc542fb173ebe7b3ab99d9fa0a78  10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm
 c2324dc5344bf65b4c32b7aaef8ce854  
10.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm
 df49e87e645dff4a94552e15e8943c19  
10.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm
 ca8d699e0e20a337a5eebf79ec85706a  
10.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm
 e07ade9d7d022da3fba9e13257bb7f15  
10.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm
 916707e9d3fe3c8328db6c6e18473abe  
10.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm
 3372a66fbafd98d091b1d3d577d50221  
10.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm
 f4684d50ded00cd05eaf47753b7564c8  
10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm
 03688dfd221d3b4a6fda80ef5784bab6  
10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm
 120a2b5101fcb5ade30f58c66faa8622  
10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm
 d865abbec938cee8c258bfed331e49b3  10.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm
 6537b8b610d93a06a3b5e7fbed060d7d  10.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm
 2b80606da918944b7d9a3947fe9261f4  
10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm
 66014de2087370161cc488cbd2459caa  
10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.i586.rpm
 9b808108f4839905f98821a72e01ed9b  10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
 cbd99bedcf3e86bbe76cfc7483d3655a  10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
 5ee85d63733b93e1629a9f5c44cb634c  
10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 c8609f9d078f225fdc78047f338df99a  
amd64/10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.amd64.rpm
 b89b86305d44c25e7c79bff4a9f2ebe6  
amd64/10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.amd64.rpm
 0acfd0fcc2e4a792054970f796485a7b  
amd64/10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.amd64.rpm
 90400428327d20e8e6d7a3c6bbd95304  
amd64/10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.amd64.rpm
 a5723d6b9ac757d83eb46ea25de3f270  
amd64/10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.amd64.rpm
 69e309596c73922539f7771a0a8473c6  
amd64/10.0/RPMS/kernel-source-2.4.25-13mdk.amd64.rpm
 4bf67528554bddac99214a873a16cb9f  
amd64/10.0/RPMS/kernel-source-2.6.3-25mdk.amd64.rpm
 4628048ff5e631b48127cbbf1b7715b7  
amd64/10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.amd64.rpm
 91593c8eb6877c70f16c274254cbad2b  
amd64/10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.amd64.rpm
 9b808108f4839905f98821a72e01ed9b  
amd64/10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
 cbd99bedcf3e86bbe76cfc7483d3655a  
amd64/10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
 5ee85d63733b93e1629a9f5c44cb634c  
amd64/10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 0f696c0c5320ec25d05ef5bd350f9985  
10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
 d1af1c436a5abba25b8f08775da71db7  
10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.i586.rpm
 0dcb79ef492718dee540f7d41e80058a  
10.1/RPMS/kernel-enterprise-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
 40284c8cc69455994b3d4d1f4ca00f83  
10.1/RPMS/kernel-enterprise-2.6.8.1.24mdk-1-1mdk.i586.rpm
 9ea23249f97f8ee30cdac0e330112aab  
10.1/RPMS/kernel-i586-up-1GB-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
 7b30e9fcc1726f729fb553cbe2c6e1c0  
10.1/RPMS/kernel-i586-up-1GB-2.6.8.1.24mdk-1-1mdk.i586.rpm
 871192ed017f9d5cf41182cf603ee186  
10.1/RPMS/kernel-i686-up-64GB-2.6.8.1.24mdk-1-1mdk.i586.rpm
 c3cdd1c9aa5f109fc2c666496df04381  
10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.i586.rpm
 b9c94c3ddd5c96a6408cb2ae3c65cac4  
10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
 d70bdcfaf79cf6209e9c7d4842f9c630  
10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.i586.rpm
 d6d6df17dbd538a472f1715ed5085069  
10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.i586.rpm
 290f135dd67a321a54d1115a0e322114  
10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.i586.rpm
 a77254188fa582e1dc6507684b6350e0  
10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.i586.rpm
 ac1ff7f73b6ff5ef0d848835aa439f5b  
10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm
 7b0f95d89253bfab3456919d06e70039  
10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 960b9e64607f387c5bcd4a437981a6fa  
x86_64/10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm
 04b7bd7f2fe22aa39f023a0a962b0aad  
x86_64/10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
 6bb79b4942fcaf55f503bdcbbf22f0b5  
x86_64/10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
 0d2340a40d9b712f0462f73297248700  
x86_64/10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm
 10c716e96824f09ed8db7d8f83729b90  
x86_64/10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
 7b963dda4b2be54640f9ca9413c07b53  
x86_64/10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.x86_64.rpm
 75c6e3ff75915b3d300a2c8cec0f9431  
x86_64/10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.x86_64.rpm
 796c7f2163d63e46e129fb165ea21e25  
x86_64/10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.x86_64.rpm
 ac1ff7f73b6ff5ef0d848835aa439f5b  
x86_64/10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm
 7b0f95d89253bfab3456919d06e70039  
x86_64/10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm

 Corporate Server 2.1:
 b6169281f854088c070fa44ec931958d  
corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.i586.rpm
 98dba27afd4cd5457d7f14159ed9ab5c  
corporate/2.1/RPMS/kernel-enterprise-2.4.19.48mdk-1-1mdk.i586.rpm
 889972abd61cb4c36ed1dcbb47b3f60e  
corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm
 41ba99dbf81769dcb1ef6770a47de649  
corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.i586.rpm
 6a16729a1b05c13884bd4922749c2ef3  
corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.i586.rpm
 ba431d79d61432149d88b19f7edbdaf7  
corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 a3ee6a051ea79aadaefaaf67f19023d7  
x86_64/corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.x86_64.rpm
 33c6cac5db86011dc231686086b63798  
x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.x86_64.rpm
 d39c2680a53cacf01e1c768c06239660  
x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.x86_64.rpm
 7c17e24855523fd5f5d6bf819a6f198b  
x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.x86_64.rpm
 ba431d79d61432149d88b19f7edbdaf7  
x86_64/corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm

 Corporate Server 3.0:
 3d615b76ac136595a7458135e1f839c6  
corporate/3.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm
 8872bc542fb173ebe7b3ab99d9fa0a78  
corporate/3.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm
 c2324dc5344bf65b4c32b7aaef8ce854  
corporate/3.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm
 df49e87e645dff4a94552e15e8943c19  
corporate/3.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm
 ca8d699e0e20a337a5eebf79ec85706a  
corporate/3.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm
 e07ade9d7d022da3fba9e13257bb7f15  
corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm
 916707e9d3fe3c8328db6c6e18473abe  
corporate/3.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm
 3372a66fbafd98d091b1d3d577d50221  
corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm
 f4684d50ded00cd05eaf47753b7564c8  
corporate/3.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm
 03688dfd221d3b4a6fda80ef5784bab6  
corporate/3.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm
 120a2b5101fcb5ade30f58c66faa8622  
corporate/3.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm
 d865abbec938cee8c258bfed331e49b3  
corporate/3.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm
 6537b8b610d93a06a3b5e7fbed060d7d  
corporate/3.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm
 2b80606da918944b7d9a3947fe9261f4  
corporate/3.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm
 9b808108f4839905f98821a72e01ed9b  
corporate/3.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
 cbd99bedcf3e86bbe76cfc7483d3655a  
corporate/3.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 df22e4dffb539874c2ad36bc8893718b  9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.i586.rpm
 58303975f994e50b440a46aa10b3c0a4  
9.2/RPMS/kernel-enterprise-2.4.22.41mdk-1-1mdk.i586.rpm
 6548386b7fab601d507950a3b658b454  
9.2/RPMS/kernel-i686-up-4GB-2.4.22.41mdk-1-1mdk.i586.rpm
 a5eeba7c971e7fe09d4b42ef183b97f9  
9.2/RPMS/kernel-p3-smp-64GB-2.4.22.41mdk-1-1mdk.i586.rpm
 c19bbca55e615a7eec5f26aebea3a675  
9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.i586.rpm
 a4b44486653dd2d4822ba26c2debb769  
9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.i586.rpm
 941029c6b6e57f5083a48cbb2481a41e  9.2/RPMS/kernel-source-2.4.22-41mdk.i586.rpm
 7a5a16618d1fb3c92a3b2c8abcb8f6e6  9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 b20216a4273d7c261e08e0aa4c7411ce  
amd64/9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.amd64.rpm
 adf9ba1fdd2b3be5de83f327fe35d932  
amd64/9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.amd64.rpm
 df3a1629ebbf44e8e57d5b6ba4c95149  
amd64/9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.amd64.rpm
 17b4902f4d569c2f208fe4c455b20b6f  
amd64/9.2/RPMS/kernel-source-2.4.22-41mdk.amd64.rpm
 7a5a16618d1fb3c92a3b2c8abcb8f6e6  
amd64/9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 a08867762d937e0890a7efe79439c844  
mnf8.2/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm
 6fb3c0a0ab8d44e031f1c309f67b4dbc  mnf8.2/RPMS/modutils-2.4.19-5mdk.i586.rpm
 ba431d79d61432149d88b19f7edbdaf7  
mnf8.2/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm
 296ea31d1338fe4ca0c1eba4ff652376  mnf8.2/SRPMS/modutils-2.4.19-5mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9yM0mqjQ0CJFipgRAhTaAJ99L7scGJzG+tx7VaL4vEjpy+mI9gCdGerG
WjVONQcZFTuq07uHUzEGvTo=
=Wjcp
-----END PGP SIGNATURE-----