Mandrake alert MDKSA-2004:037 (kernel)


From:
    	       Mandrake Linux Security Team <security@linux-mandrake.com>
To:
    	       announce@mandrakesecure.net
Subject:
    	       MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities
Date:
    	       27 Apr 2004 17:46:10 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:037
 Date:                   April 27th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability was found in the framebuffer driver of the 2.6 kernel.
 This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229)
 
 A vulnerability has been found in the Linux kernel in the ip_setsockopt() 
 function code. There is an exploitable integer overflow inside the code 
 handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro 
 calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels.
 (CAN-2004-0424)
 
 There is a minor issue with the static buffer in 2.4 kernel's panic() 
 function. Although it's a possibly buffer overflow, it most like not 
 exploitable due to the nature of panic(). (CAN-2004-0394)
 
 In do_fork(), if an error occurs after the mm_struct for the child has
 been allocated, it is never freed. The exit_mm() meant to free it
 increments the mm_count and this count is never decremented. (For a
 running process that is exitting, schedule() takes care this; however,
 the child process being cleaned up is not running.) In the CLONE_VM
 case, the parent's mm_struct will get an extra mm_count and so it will
 never be freed. This issue is present in both 2.4 and 2.6 kernels.
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandrakesecure.net/en/kernelupdate.php
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0229
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 512ad2b9656157596a14f11658003441  10.0/RPMS/kernel-2.4.25.4mdk-1-1mdk.i586.rpm
 1408115128e49bdedecfef550a1d617e  10.0/RPMS/kernel-2.6.3.9mdk-1-1mdk.i586.rpm
 c5d1c3e66f3d0c13e06e655a60c93648  10.0/RPMS/kernel-enterprise-2.4.25.4mdk-1-1mdk.i586.rpm
 d2b6f19fbf4d977e43f702573ae0149b  10.0/RPMS/kernel-enterprise-2.6.3.9mdk-1-1mdk.i586.rpm
 51aa702b34b5341cc6f7a8b00d8fb2d1  10.0/RPMS/kernel-i686-up-4GB-2.4.25.4mdk-1-1mdk.i586.rpm
 6ba75b6a07c497d19de6d94421160421  10.0/RPMS/kernel-i686-up-4GB-2.6.3.9mdk-1-1mdk.i586.rpm
 b0cf5e7fcb0504d7ba3eabaf5877b3a1  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.4mdk-1-1mdk.i586.rpm
 c0edb799f2c564a025525fa02064f14d  10.0/RPMS/kernel-p3-smp-64GB-2.6.3.9mdk-1-1mdk.i586.rpm
 834f15992c852e065945c52a9641f838  10.0/RPMS/kernel-secure-2.6.3.9mdk-1-1mdk.i586.rpm
 a50abd8fcf456b8e47153fb54376f59b  10.0/RPMS/kernel-smp-2.4.25.4mdk-1-1mdk.i586.rpm
 ac68ceaffdcb08413ebf35c23aac3156  10.0/RPMS/kernel-smp-2.6.3.9mdk-1-1mdk.i586.rpm
 11245edb491cd5d3e51f289cafea27da  10.0/RPMS/kernel-source-2.4.25-4mdk.i586.rpm
 df56adcb83dfcc1c48f30da6df98d26f  10.0/RPMS/kernel-source-2.6.3-9mdk.i586.rpm
 9dd9a73d7e818de3a32884bb929faa6e  10.0/RPMS/kernel-source-stripped-2.6.3-9mdk.i586.rpm
 ee1e8c70faa8fcfe037b1df2a02dfde3  10.0/SRPMS/kernel-2.4.25.4mdk-1-1mdk.src.rpm
 e520e352d544fb6054deeeee10771a0d  10.0/SRPMS/kernel-2.6.3.9mdk-1-1mdk.src.rpm

 Corporate Server 2.1:
 9d768e4ce36c6087ba8f5ba577844404  corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.i586.rpm
 dc79c45fa573699bbeb69e93d21a844d  corporate/2.1/RPMS/kernel-enterprise-2.4.19.40mdk-1-1mdk.i586.rpm
 6899874aaa34516f539d8d3325bf04ef  corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.i586.rpm
 ed0e7b8045d8c2fec9b50ec0fc892144  corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.i586.rpm
 22f2d31deab68fe8ebfc45f9ffde03eb  corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.i586.rpm
 acaf69cb211e659a1f66bb515d344e6d  corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 ae61d25bf5add380bd090be023f2b369  x86_64/corporate/2.1/RPMS/kernel-2.4.19.41mdk-1-1mdk.x86_64.rpm
 ab7733adedb14c77065049e538724102  x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.x86_64.rpm
 548431a1f50a3aa621168a9201459ed5  x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.41mdk-1-1mdk.x86_64.rpm
 df97c7eea0a451191554eb4f1d3470fa  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-41mdk.x86_64.rpm
 749ba262824efc6db6bf9a348db9572b  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm
 e3aab9144ef05bbdebb4d0e3bb7a687f  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1:
 f579e5572ae3c29992b2c073b08566fe  9.1/RPMS/kernel-2.4.21.0.30mdk-1-1mdk.i586.rpm
 c7b9fa739c8da1f169b2aae61befea11  9.1/RPMS/kernel-enterprise-2.4.21.0.30mdk-1-1mdk.i586.rpm
 bde850e6aba069f6d376030d138e6651  9.1/RPMS/kernel-secure-2.4.21.0.30mdk-1-1mdk.i586.rpm
 59c4aa4caa87443bb7ff1b1163290cb6  9.1/RPMS/kernel-smp-2.4.21.0.30mdk-1-1mdk.i586.rpm
 b4970e3b44485a980ef7097cc4392980  9.1/RPMS/kernel-source-2.4.21-0.30mdk.i586.rpm
 3573d24eb4a88655c30a50927a04bc99  9.1/SRPMS/kernel-2.4.21.0.30mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 9f79caa248fd9a44148dc71b8978ea61  ppc/9.1/RPMS/kernel-2.4.21.0.30mdk-1-1mdk.ppc.rpm
 ad997d6ffa84dabcb6dab71d84cc76c7  ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.30mdk-1-1mdk.ppc.rpm
 e3000ba19417448101b89de749352d65  ppc/9.1/RPMS/kernel-smp-2.4.21.0.30mdk-1-1mdk.ppc.rpm
 2b2ffb04ab1682dd6f617989cd916baa  ppc/9.1/RPMS/kernel-source-2.4.21-0.30mdk.ppc.rpm
 3573d24eb4a88655c30a50927a04bc99  ppc/9.1/SRPMS/kernel-2.4.21.0.30mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 d27941559f1c361302828a9b47ecf7f3  9.2/RPMS/kernel-2.4.22.30mdk-1-1mdk.i586.rpm
 b83fa5ce402914f25f7842111a4b7ade  9.2/RPMS/kernel-enterprise-2.4.22.30mdk-1-1mdk.i586.rpm
 f4ebd378c253029948d2842b28a42686  9.2/RPMS/kernel-i686-up-4GB-2.4.22.30mdk-1-1mdk.i586.rpm
 25af28dd6307d885aa4e1675f87eff9d  9.2/RPMS/kernel-p3-smp-64GB-2.4.22.30mdk-1-1mdk.i586.rpm
 720d154d3f072f2755fa21af1b4d4481  9.2/RPMS/kernel-secure-2.4.22.30mdk-1-1mdk.i586.rpm
 65d699299165fdbb2a08005aa709eeeb  9.2/RPMS/kernel-smp-2.4.22.30mdk-1-1mdk.i586.rpm
 bc90947e4bd9e4b92be3ecbec178af9e  9.2/RPMS/kernel-source-2.4.22-30mdk.i586.rpm
 ab27a2bdab51b0a18c53b31179b55926  9.2/SRPMS/kernel-2.4.22.30mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 f36f231165398748ce2e281634ebb64e  amd64/9.2/RPMS/kernel-2.4.22.30mdk-1-1mdk.amd64.rpm
 55a11558b59499d6ccac8f1ace898328  amd64/9.2/RPMS/kernel-secure-2.4.22.30mdk-1-1mdk.amd64.rpm
 675885582dc6ce1c2fb107b34d770821  amd64/9.2/RPMS/kernel-smp-2.4.22.30mdk-1-1mdk.amd64.rpm
 12bb18d837d527fe3e05933589a50519  amd64/9.2/RPMS/kernel-source-2.4.22-30mdk.amd64.rpm
 ab27a2bdab51b0a18c53b31179b55926  amd64/9.2/SRPMS/kernel-2.4.22.30mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 b4a07759720a0f6fdd85eabcf610766e  mnf8.2/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.i586.rpm
 acaf69cb211e659a1f66bb515d344e6d  mnf8.2/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAjpximqjQ0CJFipgRAp6mAJ9xuXQjo7LlqCY09x1uvQQH/wwtEwCg3lEY
LfvH0nPAZlm7oyOmc2mNzQc=
=J9Nd
-----END PGP SIGNATURE-----
(Log in to post comments)
From:		Mandrake Linux Security Team <security@linux-mandrake.com>
To:		announce@mandrakesecure.net
Subject:		MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities
Date:		27 Apr 2004 17:46:10 -0000