Date: 22 May 2004 05:18:24 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:050
Date: May 21st, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Brad Spender discovered an exploitable bug in the cpufreq code in
the Linux 2.6 kernel (CAN-2004-0228).
As well, a permissions problem existed on some SCSI drivers; a fix
from Olaf Kirch is provided that changes the mode from 0777 to 0600.
This update also provides a 10.0/amd64 kernel with fixes for the
previous MDKSA-2004:037 advisory as well as the above-noted fixes.
The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandrakesoft.com/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0228
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
c27bdbed859af49a0e7400b2608394e9 10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm
2aa96fed17d8a9a82e9603b9f1ca112b 10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm
32df9053e07cac55d09a0bb962323e65 10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm
9e4406b3df09e62913928d13fc1638a6 10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm
fd4e9bedce11cd21bdcf0dc40301f2f1 10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm
48ca6d4b319ff4b93c3f49242d9dab91 10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm
7126bd36be90cda4292f16d43cd8df3f 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm
1f4569fb3ee33a8ee392ec06833e85ae 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm
d396431c7e9ec430a3a67f1e844bac74 10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm
41958f6522922947a8fee8d199454946 10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm
44b3d21a879e488b36ec6522f2ba1f56 10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm
462effd5b3b452749994887cba792109 10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm
3bbac2f69ac134f15211fdbfe48adca8 10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm
f5ec5f36685134e6cc13f8e140c811a2 10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm
ca54ddc53be37e332531e9c7574b282f 10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
dd67df2cffe071aef5fad4691d4fcf01 10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm
Mandrakelinux 10.0/AMD64:
30130b0a95df43ab8bbc78034abb982e amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm
6de514e0a70381d91358dcccc17b2047 amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm
7d428529767fdb4f1e0586161c450252 amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm
20ed7696fa02ac41de642f18b4be5367 amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm
6820f8941edf150f0d31c7266a889604 amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm
2733b3696b80c6b6f14a1e5cd6aa7636 amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm
cf3cc155e7cf92790a7271d9bfc32337 amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm
c35af18fa10fd0293940cc0264a9fb30 amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm
ca54ddc53be37e332531e9c7574b282f amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
dd67df2cffe071aef5fad4691d4fcf01 amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm
Mandrakelinux 9.2:
83b384a70158a22b07d1675b348a756e 9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm
d8dd19717e444638a4d86150a9b16f88 9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm
231b42c760bb976d56f34f17fe524ed6 9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm
2dd6754351b6d5a1a004e4ba94c6df4b 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm
839e5c6fc4c346c187f6c6e9e847d407 9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm
96d80a6197d075e3380aa27f64ad17d4 9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm
299b347b46e5eafb070cfa9e75519fa5 9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm
da504294cf4d64769b8cc3855c05e306 9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm
Mandrakelinux 9.2/AMD64:
2d16c561573580aba9a645b5db364fd0 amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm
3d578c646f2b708e65e210e6f829c7c9 amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm
ae1baf4717dad49787ac9de697eb42b7 amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm
1959cb64b5eafafc8afba80db2cd50ee amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm
da504294cf4d64769b8cc3855c05e306 amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAruKfmqjQ0CJFipgRAjZcAJ9M7JN8l+t3tZhvO0N5WlXUP1fCKgCgxGnb
ZYzKnsLHpec+SYNFdmHxLMM=
=zVv0
-----END PGP SIGNATURE-----