Mandrake security alert: Updated kernel packages fix multiple vulnerabilities

Posted by dave on Apr 14, 2004 10:54 AM EDT
Mailing list; By Mandrake Linux Security Team <security@linux-mandrake.com>
Mail this story
Print this story

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory _______________________________________________________________________

Package name: kernel Advisory ID: MDKSA-2004:029 Date: April 14th, 2004

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________

Problem Description:

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003). A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109). An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177). The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181). Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php _______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181 ______________________________________________________________________

Updated Packages: Mandrakelinux 10.0: b4826b1ef3e764cbbcea5a7b304bbe65 10.0/RPMS/kernel-2.4.25.3mdk-1-1mdk.i586.rpm 29feca23f05a67de8b98840b9fff7d93 10.0/RPMS/kernel-2.6.3.8mdk-1-1mdk.i586.rpm d7cf169ab6feca0ff328bdb2b83dfd10 10.0/RPMS/kernel-enterprise-2.4.25.3mdk-1-1mdk.i586.rpm fc42c4a0e5c33c065575bd8377f793a5 10.0/RPMS/kernel-enterprise-2.6.3.8mdk-1-1mdk.i586.rpm 353aa9636d7e34c6afab193defe46713 10.0/RPMS/kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk.i586.rpm 5c434e6d9992f139371b58c05aa811e5 10.0/RPMS/kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk.i586.rpm 86c6adedf3f4e56580f4041d997ad63f 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk.i586.rpm 80a5571c8a6cea4a050d25ad69e1fd89 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk.i586.rpm 58585213cf9adb3e3036c483b2564eb8 10.0/RPMS/kernel-secure-2.6.3.8mdk-1-1mdk.i586.rpm 97d27da1d1123ba70e26d418313aa928 10.0/RPMS/kernel-smp-2.4.25.3mdk-1-1mdk.i586.rpm 4a23217607dc4986fbca670eb364cf84 10.0/RPMS/kernel-smp-2.6.3.8mdk-1-1mdk.i586.rpm 0b8c7da330198d355be83decd03ceccb 10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm d5c065c5767044e2f7fad85a01011665 10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm bcfde8a0e87da6aa97b21550d95106ca 10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm 20a1cb909fe21afe66c9d3e6ba839c12 10.0/SRPMS/kernel-2.4.25.3mdk-1-1mdk.src.rpm fd51f33b89b1647f212649fbed23c6ad 10.0/SRPMS/kernel-2.6.3.8mdk-1-1mdk.src.rpm

Corporate Server 2.1: eb4998651f1831bd1c065b121d380329 corporate/2.1/RPMS/kernel-2.4.19.39mdk-1-1mdk.i586.rpm 002afdc620495d8d69db0630c92eeaf1 corporate/2.1/RPMS/kernel-enterprise-2.4.19.39mdk-1-1mdk.i586.rpm 5a668737d29e37fc13247d009e3168fb corporate/2.1/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm 3e9bbfacb9b157df46be188234939ccb corporate/2.1/RPMS/kernel-smp-2.4.19.39mdk-1-1mdk.i586.rpm 6222532d2d8d16e6b92c84d2015fd166 corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm d5dd3f59ed6cf66414c886002622954a corporate/2.1/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm

Corporate Server 2.1/x86_64: 8c79eb0882cdbc3087a849bc0d002d12 x86_64/corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.x86_64.rpm bd1b3af1103a5162c3fa71d8a7a20e29 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.x86_64.rpm 5ce3957e78b6c2556d8d01b436049e1c x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.x86_64.rpm eb8813335600b8509343a5d376f50586 x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm 749ba262824efc6db6bf9a348db9572b x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm

Mandrakelinux 9.1: b5394346fa238739fe342671009b8eca 9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.i586.rpm 40c38603b9dad47b497cc2fdccfc21cd 9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.i586.rpm c107a74efbd71017c5e7cae4a4b84fb4 9.1/RPMS/kernel-secure-2.4.21.0.29mdk-1-1mdk.i586.rpm 362e1ddc3add24372bbb59a74941c598 9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.i586.rpm 1745c4fec12d10c7dd2d5331f03a254c 9.1/RPMS/kernel-source-2.4.21-0.29mdk.i586.rpm 20a2d293559cd1bdabc86c533a907a4a 9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm

Mandrakelinux 9.1/PPC: fc4fb39fe1df50af8932679c0b138e8d ppc/9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.ppc.rpm e2a42a0898cabfe4b59d5ecf9167e4e0 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.ppc.rpm 7d4a095287f8f1076113ab445a286d36 ppc/9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.ppc.rpm 760f415f8eb70ebd37f243a0b43a176f ppc/9.1/RPMS/kernel-source-2.4.21-0.29mdk.ppc.rpm 20a2d293559cd1bdabc86c533a907a4a ppc/9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm

Mandrakelinux 9.2: 409ab93daa6c6690a2a015871f23f832 9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.i586.rpm f25ad40adcbaa0869335a227d4264a58 9.2/RPMS/kernel-enterprise-2.4.22.29mdk-1-1mdk.i586.rpm f94fe10996090682e9ac6d13d374b920 9.2/RPMS/kernel-i686-up-4GB-2.4.22.29mdk-1-1mdk.i586.rpm 52c9cb8f53fb15a2d7587215193c9753 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.29mdk-1-1mdk.i586.rpm d6d06b86c72135c32118cba6f4c9ddd4 9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.i586.rpm 1781ebccb4a1a866d1cd6da9ead17e1a 9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.i586.rpm aa9795ab47d2857e8a47ef9f1b4f3a40 9.2/RPMS/kernel-source-2.4.22-29mdk.i586.rpm 4971af624bb652a0e14d50703977aad5 9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm

Mandrakelinux 9.2/AMD64: 794e8ac9edc946b02213557c135fe06a amd64/9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.amd64.rpm c78816d4821cf0a8a82895240d2c7882 amd64/9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.amd64.rpm 231cf40c4c78d756a354e7fc9ef435ea amd64/9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.amd64.rpm 17738c560feeb16e8a50acda87f1ed7d amd64/9.2/RPMS/kernel-source-2.4.22-29mdk.amd64.rpm 4971af624bb652a0e14d50703977aad5 amd64/9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm

Multi Network Firewall 8.2: 143a4b55641d29e5a346e8d7685e5e1b mnf8.2/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm d5dd3f59ed6cf66414c886002622954a mnf8.2/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm _______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAfW8gmqjQ0CJFipgRAgGSAKCDjafP2uNcvJJInDaWsbaqFWa8ZACdF64/ O5XfrvVi7Q4Gd1E2QU6wTcM= =K1Mf -----END PGP SIGNATURE-----

[PARSEASHTML]

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.