Advisories
Mandriva Advisories
|
 |
| Problem Description |
A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with
this advisory:
- Multiple race conditions in the terminal layer of 2.4 and 2.6
kernels (prior to 2.6.9) can allow a local attacker to obtain
portions of kernel data or allow remote attackers to cause a kernel
panic by switching from console to PPP line discipline, then quickly
sending data that is received during the switch (CAN-2004-0814)
- Richard Hart found an integer underflow problem in the iptables
firewall logging rules that can allow a remote attacker to crash the
machine by using a specially crafted IP packet. This is only
possible, however, if firewalling is enabled. The problem only
affects 2.6 kernels and was fixed upstream in 2.6.8 (CAN-2004-0816)
- Stefan Esser found several remote DoS confitions in the smbfs file
system. This could be exploited by a hostile SMB server (or an
attacker injecting packets into the network) to crash the client
systems (CAN-2004-0883 and CAN-2004-0949)
- Paul Starzetz and Georgi Guninski reported, independantly, that bad
argument handling and bad integer arithmetics in the IPv4 sendmsg
handling of control messages could lead to a local attacker crashing
the machine. The fixes were done by Herbert Xu (CAN-2004-1016)
- Rob Landley discovered a race condition in the handling of
/proc/.../cmdline where, under rare circumstances, a user could read
the environment variables of another process that was still spawning
leading to the potential disclosure of sensitive information such as
passwords (CAN-2004-1058)
- Paul Starzetz reported that the missing serialization in
unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by
a local attacker to gain elevated (root) privileges (CAN-2004-1068)
- Ross Kendall Axe discovered a possible kernel panic (DoS) while
sending AF_UNIX network packets if certain SELinux-related kernel
options were enabled. By default the CONFIG_SECURITY_NETWORK and
CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069)
- Paul Starzetz of isec.pl discovered several issues with the error
handling of the ELF loader routines in the kernel. The fixes were
provided by Chris Wright (CAN-2004-1070, CAN-2004-1071,
CAN-2004-1072, CAN-2004-1073)
- It was discovered that hand-crafted a.out binaries could be used to
trigger a local DoS condition in both the 2.4 and 2.6 kernels. The
fixes were done by Chris Wright (CAN-2004-1074)
- Paul Starzetz found bad handling in the IGMP code which could lead
to a local attacker being able to crash the machine. The fix was
done by Chris Wright (CAN-2004-1137)
- Jeremy Fitzhardinge discovered two buffer overflows in the
sys32_ni_syscall() and sys32_vm86_warning() functions that could be
used to overwrite kernel memory with attacker-supplied code resulting
in privilege escalation (CAN-2004-1151)
- Paul Starzetz found locally exploitable flaws in the binary format
loader's uselib() function that could be abused to allow a local
user to obtain root privileges (CAN-2004-1235)
- Paul Starzetz found an exploitable flaw in the page fault handler
when running on SMP machines (CAN-2005-0001)
- A vulnerability in insert_vm_struct could allow a locla user to
trigger BUG() when the user created a large vma that overlapped with
arg pages during exec (CAN-2005-0003)
- Paul Starzetz also found a number of vulnerabilities in the kernel
binfmt_elf loader that could lead a local user to obtain elevated
(root) privileges (isec-0017-binfmt_elf)
The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandrakesoft.com/security/kernelupdate
PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the
latest module-init-tools package prior to upgrading their kernel.
Likewise, MNF8.2 users will need to upgrade to the latest modutils
package prior to upgrading their kernel.
| Updated Packages |
Mandrakelinux 9.2
df22e4dffb539874c2ad36bc8893718b 9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.i586.rpm 58303975f994e50b440a46aa10b3c0a4 9.2/RPMS/kernel-enterprise-2.4.22.41mdk-1-1mdk.i586.rpm 6548386b7fab601d507950a3b658b454 9.2/RPMS/kernel-i686-up-4GB-2.4.22.41mdk-1-1mdk.i586.rpm a5eeba7c971e7fe09d4b42ef183b97f9 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.41mdk-1-1mdk.i586.rpm c19bbca55e615a7eec5f26aebea3a675 9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.i586.rpm a4b44486653dd2d4822ba26c2debb769 9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.i586.rpm 941029c6b6e57f5083a48cbb2481a41e 9.2/RPMS/kernel-source-2.4.22-41mdk.i586.rpm 7a5a16618d1fb3c92a3b2c8abcb8f6e6 9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm
Mandrakelinux 9.2/AMD64
b20216a4273d7c261e08e0aa4c7411ce amd64/9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.amd64.rpm adf9ba1fdd2b3be5de83f327fe35d932 amd64/9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.amd64.rpm df3a1629ebbf44e8e57d5b6ba4c95149 amd64/9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.amd64.rpm 17b4902f4d569c2f208fe4c455b20b6f amd64/9.2/RPMS/kernel-source-2.4.22-41mdk.amd64.rpm 7a5a16618d1fb3c92a3b2c8abcb8f6e6 amd64/9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm
Mandrakelinux 10.0
3d615b76ac136595a7458135e1f839c6 10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm 8872bc542fb173ebe7b3ab99d9fa0a78 10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm c2324dc5344bf65b4c32b7aaef8ce854 10.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm df49e87e645dff4a94552e15e8943c19 10.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm ca8d699e0e20a337a5eebf79ec85706a 10.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm e07ade9d7d022da3fba9e13257bb7f15 10.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm 916707e9d3fe3c8328db6c6e18473abe 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm 3372a66fbafd98d091b1d3d577d50221 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm f4684d50ded00cd05eaf47753b7564c8 10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm 03688dfd221d3b4a6fda80ef5784bab6 10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm 120a2b5101fcb5ade30f58c66faa8622 10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm d865abbec938cee8c258bfed331e49b3 10.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm 6537b8b610d93a06a3b5e7fbed060d7d 10.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm 2b80606da918944b7d9a3947fe9261f4 10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm 66014de2087370161cc488cbd2459caa 10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.i586.rpm 9b808108f4839905f98821a72e01ed9b 10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm cbd99bedcf3e86bbe76cfc7483d3655a 10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm 5ee85d63733b93e1629a9f5c44cb634c 10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
c8609f9d078f225fdc78047f338df99a amd64/10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.amd64.rpm b89b86305d44c25e7c79bff4a9f2ebe6 amd64/10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.amd64.rpm 0acfd0fcc2e4a792054970f796485a7b amd64/10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.amd64.rpm 90400428327d20e8e6d7a3c6bbd95304 amd64/10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.amd64.rpm a5723d6b9ac757d83eb46ea25de3f270 amd64/10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.amd64.rpm 69e309596c73922539f7771a0a8473c6 amd64/10.0/RPMS/kernel-source-2.4.25-13mdk.amd64.rpm 4bf67528554bddac99214a873a16cb9f amd64/10.0/RPMS/kernel-source-2.6.3-25mdk.amd64.rpm 4628048ff5e631b48127cbbf1b7715b7 amd64/10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.amd64.rpm 91593c8eb6877c70f16c274254cbad2b amd64/10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.amd64.rpm 9b808108f4839905f98821a72e01ed9b amd64/10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm cbd99bedcf3e86bbe76cfc7483d3655a amd64/10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm 5ee85d63733b93e1629a9f5c44cb634c amd64/10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm
Mandrakelinux 10.1
0f696c0c5320ec25d05ef5bd350f9985 10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm d1af1c436a5abba25b8f08775da71db7 10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.i586.rpm 0dcb79ef492718dee540f7d41e80058a 10.1/RPMS/kernel-enterprise-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm 40284c8cc69455994b3d4d1f4ca00f83 10.1/RPMS/kernel-enterprise-2.6.8.1.24mdk-1-1mdk.i586.rpm 9ea23249f97f8ee30cdac0e330112aab 10.1/RPMS/kernel-i586-up-1GB-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm 7b30e9fcc1726f729fb553cbe2c6e1c0 10.1/RPMS/kernel-i586-up-1GB-2.6.8.1.24mdk-1-1mdk.i586.rpm 871192ed017f9d5cf41182cf603ee186 10.1/RPMS/kernel-i686-up-64GB-2.6.8.1.24mdk-1-1mdk.i586.rpm c3cdd1c9aa5f109fc2c666496df04381 10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.i586.rpm b9c94c3ddd5c96a6408cb2ae3c65cac4 10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm d70bdcfaf79cf6209e9c7d4842f9c630 10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.i586.rpm d6d6df17dbd538a472f1715ed5085069 10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.i586.rpm 290f135dd67a321a54d1115a0e322114 10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.i586.rpm a77254188fa582e1dc6507684b6350e0 10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.i586.rpm ac1ff7f73b6ff5ef0d848835aa439f5b 10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm 7b0f95d89253bfab3456919d06e70039 10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm
Mandrakelinux 10.1/X86_64
960b9e64607f387c5bcd4a437981a6fa x86_64/10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm 04b7bd7f2fe22aa39f023a0a962b0aad x86_64/10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.x86_64.rpm 6bb79b4942fcaf55f503bdcbbf22f0b5 x86_64/10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.x86_64.rpm 0d2340a40d9b712f0462f73297248700 x86_64/10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm 10c716e96824f09ed8db7d8f83729b90 x86_64/10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.x86_64.rpm 7b963dda4b2be54640f9ca9413c07b53 x86_64/10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.x86_64.rpm 75c6e3ff75915b3d300a2c8cec0f9431 x86_64/10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.x86_64.rpm 796c7f2163d63e46e129fb165ea21e25 x86_64/10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.x86_64.rpm ac1ff7f73b6ff5ef0d848835aa439f5b x86_64/10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm 7b0f95d89253bfab3456919d06e70039 x86_64/10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm
Multi Network Firewall 8.2
a08867762d937e0890a7efe79439c844 mnf8.2/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm 6fb3c0a0ab8d44e031f1c309f67b4dbc mnf8.2/RPMS/modutils-2.4.19-5mdk.i586.rpm ba431d79d61432149d88b19f7edbdaf7 mnf8.2/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm 296ea31d1338fe4ca0c1eba4ff652376 mnf8.2/SRPMS/modutils-2.4.19-5mdk.src.rpm
Corporate Server 2.1
b6169281f854088c070fa44ec931958d corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.i586.rpm 98dba27afd4cd5457d7f14159ed9ab5c corporate/2.1/RPMS/kernel-enterprise-2.4.19.48mdk-1-1mdk.i586.rpm 889972abd61cb4c36ed1dcbb47b3f60e corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm 41ba99dbf81769dcb1ef6770a47de649 corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.i586.rpm 6a16729a1b05c13884bd4922749c2ef3 corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.i586.rpm ba431d79d61432149d88b19f7edbdaf7 corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm
Corporate Server 2.1/X86_64
a3ee6a051ea79aadaefaaf67f19023d7 x86_64/corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.x86_64.rpm 33c6cac5db86011dc231686086b63798 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.x86_64.rpm d39c2680a53cacf01e1c768c06239660 x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.x86_64.rpm 7c17e24855523fd5f5d6bf819a6f198b x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.x86_64.rpm ba431d79d61432149d88b19f7edbdaf7 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm
Corporate Server 3.0
3d615b76ac136595a7458135e1f839c6 corporate/3.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm 8872bc542fb173ebe7b3ab99d9fa0a78 corporate/3.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm c2324dc5344bf65b4c32b7aaef8ce854 corporate/3.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm df49e87e645dff4a94552e15e8943c19 corporate/3.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm ca8d699e0e20a337a5eebf79ec85706a corporate/3.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm e07ade9d7d022da3fba9e13257bb7f15 corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm 916707e9d3fe3c8328db6c6e18473abe corporate/3.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm 3372a66fbafd98d091b1d3d577d50221 corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm f4684d50ded00cd05eaf47753b7564c8 corporate/3.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm 03688dfd221d3b4a6fda80ef5784bab6 corporate/3.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm 120a2b5101fcb5ade30f58c66faa8622 corporate/3.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm d865abbec938cee8c258bfed331e49b3 corporate/3.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm 6537b8b610d93a06a3b5e7fbed060d7d corporate/3.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm 2b80606da918944b7d9a3947fe9261f4 corporate/3.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm 9b808108f4839905f98821a72e01ed9b corporate/3.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm cbd99bedcf3e86bbe76cfc7483d3655a corporate/3.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0816
http://www.ussg.iu.edu/hypermail/linux/kernel/0411.1/1222.html
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
| Upgrade |
To upgrade your kernel, view the kernel update instructions. Kernels cannot be upgraded via MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.