Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Why I Ditched Linux for Samsung DeX

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Mandrake alert: Updated kernel packages fix multiple vulnerabilities

Posted by dave on Jul 20, 2003 7:21 AM EDT
Mailing list

Mail this story
Print this story

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           kernel
Advisory ID:            MDKSA-2003:066-1
Date:                   July 21st, 2003
Original Advisory Date: June 11th, 2003
Affected versions:	9.1
________________________________________________________________________

Problem Description:

 Multiple vulnerabilities were discovered and fixed in the Linux kernel.
 
 * CAN-2003-0001: Multiple ethernet network card drivers do not pad
   frames with null bytes which allows remote attackers to obtain
   information from previous packets or kernel memory by using
   special malformed packets.
 
 * CAN-2003-0244: The route cache implementation in the 2.4 kernel and
   the Netfilter IP conntrack module allows remote attackers to cause a
   Denial of Service (DoS) via CPU consumption due to packets with
   forged source addresses that cause a large number of hash table
   collisions related to the PREROUTING chain.
 
 * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier
   kernels does not properly restrict privileges, which allows local
   users to gain read or write access to certain I/O ports.
 
 * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel
   allows attackers to cause a kernel oops resulting in a DoS.
 
 * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to
   modify CPU state registers via a malformed address.
 
 As well, a number of bug fixes were made in the 9.1 kernel including:
 
 * Support for more machines that did not work with APIC
 * Audigy2 support
 * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394,
   orinoco, via-rhine, 
 * Fixed SiS IOAPIC
 * IRQ balancing has been fixed for SMP
 * Updates to ext3
 * The previous ptrace fix has been redone to work better
 
 MandrakeSoft encourages all users to upgrade to these new kernels.
 Updated kernels will be available shortly for other supported platforms
 and architectures.
 
 For full instructions on how to properly upgrade your kernel, please
 review http://www.mandrakesecure.net/en/docs/magic.php.
  
Update:

 These new packages fix some bugs with compiling kernels using xconfig
 and also fix problems with XFS ACLs not being present in the kernel.
 Problems with ipsec have also been corrected.  A problem with gdb not
 working on systems where XFS was used for the root filesystem has also
 been corrected.  They also address CAN-2003-0476: A file read race
 existed in the execve() system call.
 
 9.1/PPC kernels are now also available.
________________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0476
  http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 9.1:
 de26b46560fd8c94f198201bb8d9d64a  9.1/RPMS/kernel-2.4.21.0.24mdk-1-1mdk.i586.rpm
 26aa70b3cda0ec6a01e4beba8b2dcf52  9.1/RPMS/kernel-BOOT-2.4.21.0.24mdk-1-1mdk.i586.rpm
 7bb22382a913e4c68a8ecbc3bd5ab68b  9.1/RPMS/kernel-doc-2.4.21-0.24mdk.i586.rpm
 0fa207b6d896878a88fb13b2dad0c47e  9.1/RPMS/kernel-enterprise-2.4.21.0.24mdk-1-1mdk.i586.rpm
 d5ea0fa59457a2751c48f2442e14e463  9.1/RPMS/kernel-secure-2.4.21.0.24mdk-1-1mdk.i586.rpm
 eef8908074ce54a62c267f313e4cb166  9.1/RPMS/kernel-smp-2.4.21.0.24mdk-1-1mdk.i586.rpm
 bf8b9b0db8b2d7c835730bfe083739dc  9.1/RPMS/kernel-source-2.4.21-0.24mdk.i586.rpm
 7da367a51f5a0f11c642be2a6f6249d6  9.1/SRPMS/kernel-2.4.21.0.24mdk-1-1mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 ee35a54f64dc5f5d4d3f3f98e77837a7  ppc/9.1/RPMS/kernel-2.4.21.0.24mdk-1-1mdk.ppc.rpm
 d47813ca471e45164452af47402e92eb  ppc/9.1/RPMS/kernel-doc-2.4.21-0.24mdk.ppc.rpm
 753c0854e112ef6d8db829279915a9bd  ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.24mdk-1-1mdk.ppc.rpm
 5b59c4607068150a82a353e4fee4a329  ppc/9.1/RPMS/kernel-smp-2.4.21.0.24mdk-1-1mdk.ppc.rpm
 22956b70bba1abe85dc859b850a966da  ppc/9.1/RPMS/kernel-source-2.4.21-0.24mdk.ppc.rpm
 7da367a51f5a0f11c642be2a6f6249d6  ppc/9.1/SRPMS/kernel-2.4.21.0.24mdk-1-1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  3615 - no acls in XFS
  4059 - xconfig aborts with an error
  4060 - xconfig unable to disable certain options
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/HHRlmqjQ0CJFipgRArpsAKDljwBrJyyCj51H4PEtrL/2bDdcCACgnXsq
i/PPEbCfdX19SsIiuBPC5n0=
=XjK3
-----END PGP SIGNATURE-----

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software