Date: 27 Aug 2004 02:48:24 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:087
Date: August 26th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A race condition was discovered in the 64bit file offset handling by
Paul Starzetz from iSEC. The file offset pointer (f_pos) is changed
during reading, writing, and seeking through a file in order to point
to the current position of a file. The value conversion between both
the 32bit and 64bit API in the kernel, as well as access to the f_pos
pointer, is defective. As a result, a local attacker can abuse this
vulnerability to gain access to uninitialized kernel memory, mostly
via entries in the /proc filesystem. This kernel memory can possibly
contain information like the root password, and other sensitive data.
The updated kernel packages provided are patched to protect against
this vulnerability, and all users are encouraged to upgrade
immediately.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
bb124a3bef37b02afc1f76b250934602 10.0/RPMS/kernel-2.4.25.8mdk-1-1mdk.i586.rpm
1b5a1a95566b8c95ade266280299f1f7 10.0/RPMS/kernel-2.6.3.16mdk-1-1mdk.i586.rpm
71e3945f2ee90f470b51f432da1796de 10.0/RPMS/kernel-enterprise-2.4.25.8mdk-1-1mdk.i586.rpm
971e6cb84758a85702d8327a4f38fc28 10.0/RPMS/kernel-enterprise-2.6.3.16mdk-1-1mdk.i586.rpm
45b678133982d69d20bdf0f6d20b0824 10.0/RPMS/kernel-i686-up-4GB-2.4.25.8mdk-1-1mdk.i586.rpm
5452c94f1f7d67304254e12b673b5221 10.0/RPMS/kernel-i686-up-4GB-2.6.3.16mdk-1-1mdk.i586.rpm
c70db4c0885bc44e7c730cd81c605957 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.8mdk-1-1mdk.i586.rpm
a3f4ca2258bd51a06d1a4d9e8c91a0d0 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.16mdk-1-1mdk.i586.rpm
3043c3d2248621d3e78c6706e0b21ec8 10.0/RPMS/kernel-secure-2.6.3.16mdk-1-1mdk.i586.rpm
6ffee0960561541e90df6fe4a94eaeee 10.0/RPMS/kernel-smp-2.4.25.8mdk-1-1mdk.i586.rpm
a31a725de8ed04ae8f9e7513393f25d1 10.0/RPMS/kernel-smp-2.6.3.16mdk-1-1mdk.i586.rpm
9123ffa0c274535a9a4ec81b133878d4 10.0/RPMS/kernel-source-2.4.25-8mdk.i586.rpm
6433dbb5cc1c2f022babb91f85d9fc6f 10.0/RPMS/kernel-source-2.6.3-16mdk.i586.rpm
fcca7cf53668562b0a32a6586308be56 10.0/RPMS/kernel-source-stripped-2.6.3-16mdk.i586.rpm
106cadf9771a8c9f95307c8d50acafb4 10.0/SRPMS/kernel-2.4.25.8mdk-1-1mdk.src.rpm
afe1f32f4d1bf50d8c26532d7306ae5e 10.0/SRPMS/kernel-2.6.3.16mdk-1-1mdk.src.rpm
Mandrakelinux 10.0/AMD64:
9a3392f21a14b6f39ab58b5c668c00d6 amd64/10.0/RPMS/kernel-2.4.25.8mdk-1-1mdk.amd64.rpm
55af2f01328e9639950a574ee8581742 amd64/10.0/RPMS/kernel-2.6.3.16mdk-1-1mdk.amd64.rpm
0f7a1d450d538737dfd372b1cfa94427 amd64/10.0/RPMS/kernel-secure-2.6.3.16mdk-1-1mdk.amd64.rpm
19ca45c3907d9e199fa4fae81f5eecce amd64/10.0/RPMS/kernel-smp-2.4.25.8mdk-1-1mdk.amd64.rpm
210177187fcb6b2d8c2e5e35236c94e0 amd64/10.0/RPMS/kernel-smp-2.6.3.16mdk-1-1mdk.amd64.rpm
8af7563fa5bd6bbdb624673e20ca30f8 amd64/10.0/RPMS/kernel-source-2.4.25-8mdk.amd64.rpm
1c9e60cccf8f7c23631f66e3b8fefbbb amd64/10.0/RPMS/kernel-source-2.6.3-16mdk.amd64.rpm
eb66d33a1f7145b073d19d4400dfd9cd amd64/10.0/RPMS/kernel-source-stripped-2.6.3-16mdk.amd64.rpm
106cadf9771a8c9f95307c8d50acafb4 amd64/10.0/SRPMS/kernel-2.4.25.8mdk-1-1mdk.src.rpm
afe1f32f4d1bf50d8c26532d7306ae5e amd64/10.0/SRPMS/kernel-2.6.3.16mdk-1-1mdk.src.rpm
Corporate Server 2.1:
bd6420c05282c010ce169a0bc3ef2a1d corporate/2.1/RPMS/kernel-2.4.19.44mdk-1-1mdk.i586.rpm
b7851dbc3d0ef68f1817f22344945af3 corporate/2.1/RPMS/kernel-enterprise-2.4.19.44mdk-1-1mdk.i586.rpm
1522b26f3002f9acdd62c7459d93e8ae corporate/2.1/RPMS/kernel-secure-2.4.19.44mdk-1-1mdk.i586.rpm
3f9ac5a25a9873b1d6467fe901bc7ac2 corporate/2.1/RPMS/kernel-smp-2.4.19.44mdk-1-1mdk.i586.rpm
270dfc0bc5e527dc9a0f5fc19c320871 corporate/2.1/RPMS/kernel-source-2.4.19-44mdk.i586.rpm
d5440f2645457193cfba59858066d6fa corporate/2.1/SRPMS/kernel-2.4.19.44mdk-1-1mdk.src.rpm
Corporate Server 2.1/x86_64:
d9732081e8aba92f7b456bd47210919b x86_64/corporate/2.1/RPMS/kernel-2.4.19.44mdk-1-1mdk.x86_64.rpm
b5e1a9b21150f93cf2cccf1844832bee x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.44mdk-1-1mdk.x86_64.rpm
09cfe0193ecbd936b97638d925d6d4d6 x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.44mdk-1-1mdk.x86_64.rpm
b7c8fe8c80e8e485a0064ff005206758 x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-44mdk.x86_64.rpm
d5440f2645457193cfba59858066d6fa x86_64/corporate/2.1/SRPMS/kernel-2.4.19.44mdk-1-1mdk.src.rpm
Mandrakelinux 9.1:
bec690d551d3da5058df6a511f156c21 9.1/RPMS/kernel-2.4.21.0.33mdk-1-1mdk.i586.rpm
b6298da605021f7396d556db58fe6a05 9.1/RPMS/kernel-enterprise-2.4.21.0.33mdk-1-1mdk.i586.rpm
ea57e0af847c3638589f8c1131841cf2 9.1/RPMS/kernel-secure-2.4.21.0.33mdk-1-1mdk.i586.rpm
f429f092a0c6691b83434d139af63595 9.1/RPMS/kernel-smp-2.4.21.0.33mdk-1-1mdk.i586.rpm
49be199554329b217c7194dcb1da8214 9.1/RPMS/kernel-source-2.4.21-0.33mdk.i586.rpm
db80c98bd9fddc1c7f92e424fb749cfe 9.1/SRPMS/kernel-2.4.21.0.33mdk-1-1mdk.src.rpm
Mandrakelinux 9.1/PPC:
1c7115fb314313abf81c9e6ee4378077 ppc/9.1/RPMS/kernel-2.4.21.0.33mdk-1-1mdk.ppc.rpm
d1b8770b326fe538f463b87840a6b837 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.33mdk-1-1mdk.ppc.rpm
42c2b5da02f580744452becdd3a1eaf4 ppc/9.1/RPMS/kernel-smp-2.4.21.0.33mdk-1-1mdk.ppc.rpm
ff5b1972d84a48b355665b37136d9a7e ppc/9.1/RPMS/kernel-source-2.4.21-0.33mdk.ppc.rpm
db80c98bd9fddc1c7f92e424fb749cfe ppc/9.1/SRPMS/kernel-2.4.21.0.33mdk-1-1mdk.src.rpm
Mandrakelinux 9.2:
5bef940a1edbe8ae1095bcd10467302b 9.2/RPMS/kernel-2.4.22.37mdk-1-1mdk.i586.rpm
6ee21d50e3fbe39be2e6b3b224fd1447 9.2/RPMS/kernel-enterprise-2.4.22.37mdk-1-1mdk.i586.rpm
fcabb78046a63d6075d1197bc214ee6a 9.2/RPMS/kernel-i686-up-4GB-2.4.22.37mdk-1-1mdk.i586.rpm
d22d6bd72c99f1af8a69a64e86208331 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.37mdk-1-1mdk.i586.rpm
1af0175e3ba79bd5e2334009760995d6 9.2/RPMS/kernel-secure-2.4.22.37mdk-1-1mdk.i586.rpm
f5ee987671743c3982cc1a3418a309da 9.2/RPMS/kernel-smp-2.4.22.37mdk-1-1mdk.i586.rpm
fc84de2d936d56056ef1599bf36bfe2f 9.2/RPMS/kernel-source-2.4.22-37mdk.i586.rpm
e8901a215c637e9b6778d141cd0d6af2 9.2/SRPMS/kernel-2.4.22.37mdk-1-1mdk.src.rpm
Mandrakelinux 9.2/AMD64:
e6246736f56fb7c91d4fcc0222ffc0a6 amd64/9.2/RPMS/kernel-2.4.22.37mdk-1-1mdk.amd64.rpm
fb74e209e096634ddad88216ab1d2151 amd64/9.2/RPMS/kernel-secure-2.4.22.37mdk-1-1mdk.amd64.rpm
42661d2b2f08d2ca0c29c49bb88808b2 amd64/9.2/RPMS/kernel-smp-2.4.22.37mdk-1-1mdk.amd64.rpm
57fac850dd2cfe63a54dc292a5982f4e amd64/9.2/RPMS/kernel-source-2.4.22-37mdk.amd64.rpm
e8901a215c637e9b6778d141cd0d6af2 amd64/9.2/SRPMS/kernel-2.4.22.37mdk-1-1mdk.src.rpm
Multi Network Firewall 8.2:
5a3f94088190a341b3e0ba4244c64244 mnf8.2/RPMS/kernel-secure-2.4.19.44mdk-1-1mdk.i586.rpm
d5440f2645457193cfba59858066d6fa mnf8.2/SRPMS/kernel-2.4.19.44mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBLqD4mqjQ0CJFipgRAkbuAJ4huLrspfbpxJsZ3GMmzzlTl6uAMACgm1cg
WLjUXxU2NNHprF42QDLY29M=
=Hg6j
-----END PGP SIGNATURE-----