Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Mandrake security alert: Updated kernel packages fix multiple vulnerabilities

Posted by dave on Apr 14, 2004 10:54 AM EDT
Mailing list; By Mandrake Linux Security Team <security@linux-mandrake.com>

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:029
 Date:                   April 14th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability was found in the R128 DRI driver by Alan Cox.  This
 could allow local privilege escalation.  The previous fix, in
 MDKSA-2004:015 only partially corrected the problem; the full fix is
 included (CAN-2004-0003).
 
 A local root vulnerability was discovered in the isofs component of
 the Linux kernel by iDefense.  This vulnerability can be triggered by
 performing a directory listing on a maliciously constructed ISO
 filesystem, or attempting to access a file via a malformed symlink on
 such a filesystem (CAN-2004-0109).
 
 An information leak was discovered in the ext3 filesystem code by Solar
 Designer.  It was discovered that when creating or writing to an ext3
 filesystem, some amount of other in-memory data gets written to the
 device.  The data is not the file's contents, not something on the same
 filesystem, or even anything that was previously in a file at all.  To
 obtain this data, a user needs to read the raw device (CAN-2004-0177).
 
 The same vulnerability was also found in the XFS filesystem code
 (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181).
 
 Finally, a vulnerability in the OSS code for SoundBlaster 16 devices
 was discovered by Andreas Kies.  It is possible for local users with
 access to the sound system to crash the machine (CAN-2004-0178).
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandrakesecure.net/en/kernelupdate.php
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0133
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 b4826b1ef3e764cbbcea5a7b304bbe65  10.0/RPMS/kernel-2.4.25.3mdk-1-1mdk.i586.rpm
 29feca23f05a67de8b98840b9fff7d93  10.0/RPMS/kernel-2.6.3.8mdk-1-1mdk.i586.rpm
 d7cf169ab6feca0ff328bdb2b83dfd10  10.0/RPMS/kernel-enterprise-2.4.25.3mdk-1-1mdk.i586.rpm
 fc42c4a0e5c33c065575bd8377f793a5  10.0/RPMS/kernel-enterprise-2.6.3.8mdk-1-1mdk.i586.rpm
 353aa9636d7e34c6afab193defe46713  10.0/RPMS/kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk.i586.rpm
 5c434e6d9992f139371b58c05aa811e5  10.0/RPMS/kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk.i586.rpm
 86c6adedf3f4e56580f4041d997ad63f  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk.i586.rpm
 80a5571c8a6cea4a050d25ad69e1fd89  10.0/RPMS/kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk.i586.rpm
 58585213cf9adb3e3036c483b2564eb8  10.0/RPMS/kernel-secure-2.6.3.8mdk-1-1mdk.i586.rpm
 97d27da1d1123ba70e26d418313aa928  10.0/RPMS/kernel-smp-2.4.25.3mdk-1-1mdk.i586.rpm
 4a23217607dc4986fbca670eb364cf84  10.0/RPMS/kernel-smp-2.6.3.8mdk-1-1mdk.i586.rpm
 0b8c7da330198d355be83decd03ceccb  10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm
 d5c065c5767044e2f7fad85a01011665  10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm
 bcfde8a0e87da6aa97b21550d95106ca  10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm
 20a1cb909fe21afe66c9d3e6ba839c12  10.0/SRPMS/kernel-2.4.25.3mdk-1-1mdk.src.rpm
 fd51f33b89b1647f212649fbed23c6ad  10.0/SRPMS/kernel-2.6.3.8mdk-1-1mdk.src.rpm

 Corporate Server 2.1:
 eb4998651f1831bd1c065b121d380329  corporate/2.1/RPMS/kernel-2.4.19.39mdk-1-1mdk.i586.rpm
 002afdc620495d8d69db0630c92eeaf1  corporate/2.1/RPMS/kernel-enterprise-2.4.19.39mdk-1-1mdk.i586.rpm
 5a668737d29e37fc13247d009e3168fb  corporate/2.1/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm
 3e9bbfacb9b157df46be188234939ccb  corporate/2.1/RPMS/kernel-smp-2.4.19.39mdk-1-1mdk.i586.rpm
 6222532d2d8d16e6b92c84d2015fd166  corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm
 d5dd3f59ed6cf66414c886002622954a  corporate/2.1/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 8c79eb0882cdbc3087a849bc0d002d12  x86_64/corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.x86_64.rpm
 bd1b3af1103a5162c3fa71d8a7a20e29  x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.x86_64.rpm
 5ce3957e78b6c2556d8d01b436049e1c  x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.x86_64.rpm
 eb8813335600b8509343a5d376f50586  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm
 749ba262824efc6db6bf9a348db9572b  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1:
 b5394346fa238739fe342671009b8eca  9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.i586.rpm
 40c38603b9dad47b497cc2fdccfc21cd  9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.i586.rpm
 c107a74efbd71017c5e7cae4a4b84fb4  9.1/RPMS/kernel-secure-2.4.21.0.29mdk-1-1mdk.i586.rpm
 362e1ddc3add24372bbb59a74941c598  9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.i586.rpm
 1745c4fec12d10c7dd2d5331f03a254c  9.1/RPMS/kernel-source-2.4.21-0.29mdk.i586.rpm
 20a2d293559cd1bdabc86c533a907a4a  9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 fc4fb39fe1df50af8932679c0b138e8d  ppc/9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.ppc.rpm
 e2a42a0898cabfe4b59d5ecf9167e4e0  ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.ppc.rpm
 7d4a095287f8f1076113ab445a286d36  ppc/9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.ppc.rpm
 760f415f8eb70ebd37f243a0b43a176f  ppc/9.1/RPMS/kernel-source-2.4.21-0.29mdk.ppc.rpm
 20a2d293559cd1bdabc86c533a907a4a  ppc/9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 409ab93daa6c6690a2a015871f23f832  9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.i586.rpm
 f25ad40adcbaa0869335a227d4264a58  9.2/RPMS/kernel-enterprise-2.4.22.29mdk-1-1mdk.i586.rpm
 f94fe10996090682e9ac6d13d374b920  9.2/RPMS/kernel-i686-up-4GB-2.4.22.29mdk-1-1mdk.i586.rpm
 52c9cb8f53fb15a2d7587215193c9753  9.2/RPMS/kernel-p3-smp-64GB-2.4.22.29mdk-1-1mdk.i586.rpm
 d6d06b86c72135c32118cba6f4c9ddd4  9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.i586.rpm
 1781ebccb4a1a866d1cd6da9ead17e1a  9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.i586.rpm
 aa9795ab47d2857e8a47ef9f1b4f3a40  9.2/RPMS/kernel-source-2.4.22-29mdk.i586.rpm
 4971af624bb652a0e14d50703977aad5  9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 794e8ac9edc946b02213557c135fe06a  amd64/9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.amd64.rpm
 c78816d4821cf0a8a82895240d2c7882  amd64/9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.amd64.rpm
 231cf40c4c78d756a354e7fc9ef435ea  amd64/9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.amd64.rpm
 17738c560feeb16e8a50acda87f1ed7d  amd64/9.2/RPMS/kernel-source-2.4.22-29mdk.amd64.rpm
 4971af624bb652a0e14d50703977aad5  amd64/9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 143a4b55641d29e5a346e8d7685e5e1b  mnf8.2/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm
 d5dd3f59ed6cf66414c886002622954a  mnf8.2/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAfW8gmqjQ0CJFipgRAgGSAKCDjafP2uNcvJJInDaWsbaqFWa8ZACdF64/
O5XfrvVi7Q4Gd1E2QU6wTcM=
=K1Mf
-----END PGP SIGNATURE-----

[PARSEASHTML]

Nav

» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.

Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

Today's Big Story

LXer Features

Have something to say?

Latest Discussions

Site Menu

Other News

Mandrake security alert: Updated kernel packages fix multiple vulnerabilities

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software

Login

Today's Big Story

LXer Features

Have something to say?

Latest Discussions

Site Menu

Other News

Mandrake security alert: Updated kernel packages fix multiple vulnerabilities

Linux News
The world is talking about GNU/Linux and Free/Open Source Software