Advisories | Mandriva

Package name	kernel
Date	January 25th, 2005
Advisory ID	MDKSA-2005:022
Affected versions	9.2, 10.0, 10.1, MNF8.2, CS2.1, CS3.0
Synopsis	Updated kernel packages fix multiple vulnerabilities

Problem Description

A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with
this advisory:

- Multiple race conditions in the terminal layer of 2.4 and 2.6
kernels (prior to 2.6.9) can allow a local attacker to obtain
portions of kernel data or allow remote attackers to cause a kernel
panic by switching from console to PPP line discipline, then quickly
sending data that is received during the switch (CAN-2004-0814)

- Richard Hart found an integer underflow problem in the iptables
firewall logging rules that can allow a remote attacker to crash the
machine by using a specially crafted IP packet. This is only
possible, however, if firewalling is enabled. The problem only
affects 2.6 kernels and was fixed upstream in 2.6.8 (CAN-2004-0816)

- Stefan Esser found several remote DoS confitions in the smbfs file
system. This could be exploited by a hostile SMB server (or an
attacker injecting packets into the network) to crash the client
systems (CAN-2004-0883 and CAN-2004-0949)

- Paul Starzetz and Georgi Guninski reported, independantly, that bad
argument handling and bad integer arithmetics in the IPv4 sendmsg
handling of control messages could lead to a local attacker crashing
the machine. The fixes were done by Herbert Xu (CAN-2004-1016)

- Rob Landley discovered a race condition in the handling of
/proc/.../cmdline where, under rare circumstances, a user could read
the environment variables of another process that was still spawning
leading to the potential disclosure of sensitive information such as
passwords (CAN-2004-1058)

- Paul Starzetz reported that the missing serialization in
unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by
a local attacker to gain elevated (root) privileges (CAN-2004-1068)

- Ross Kendall Axe discovered a possible kernel panic (DoS) while
sending AF_UNIX network packets if certain SELinux-related kernel
options were enabled. By default the CONFIG_SECURITY_NETWORK and
CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069)

- Paul Starzetz of isec.pl discovered several issues with the error
handling of the ELF loader routines in the kernel. The fixes were
provided by Chris Wright (CAN-2004-1070, CAN-2004-1071,
CAN-2004-1072, CAN-2004-1073)

- It was discovered that hand-crafted a.out binaries could be used to
trigger a local DoS condition in both the 2.4 and 2.6 kernels. The
fixes were done by Chris Wright (CAN-2004-1074)

- Paul Starzetz found bad handling in the IGMP code which could lead
to a local attacker being able to crash the machine. The fix was
done by Chris Wright (CAN-2004-1137)

- Jeremy Fitzhardinge discovered two buffer overflows in the
sys32_ni_syscall() and sys32_vm86_warning() functions that could be
used to overwrite kernel memory with attacker-supplied code resulting
in privilege escalation (CAN-2004-1151)

- Paul Starzetz found locally exploitable flaws in the binary format
loader's uselib() function that could be abused to allow a local
user to obtain root privileges (CAN-2004-1235)

- Paul Starzetz found an exploitable flaw in the page fault handler
when running on SMP machines (CAN-2005-0001)

- A vulnerability in insert_vm_struct could allow a locla user to
trigger BUG() when the user created a large vma that overlapped with
arg pages during exec (CAN-2005-0003)

- Paul Starzetz also found a number of vulnerabilities in the kernel
binfmt_elf loader that could lead a local user to obtain elevated
(root) privileges (isec-0017-binfmt_elf)

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandrakesoft.com/security/kernelupdate

PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the
latest module-init-tools package prior to upgrading their kernel.
Likewise, MNF8.2 users will need to upgrade to the latest modutils
package prior to upgrading their kernel.

Updated Packages

Mandrakelinux 9.2

 df22e4dffb539874c2ad36bc8893718b  9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.i586.rpm
58303975f994e50b440a46aa10b3c0a4  9.2/RPMS/kernel-enterprise-2.4.22.41mdk-1-1mdk.i586.rpm
6548386b7fab601d507950a3b658b454  9.2/RPMS/kernel-i686-up-4GB-2.4.22.41mdk-1-1mdk.i586.rpm
a5eeba7c971e7fe09d4b42ef183b97f9  9.2/RPMS/kernel-p3-smp-64GB-2.4.22.41mdk-1-1mdk.i586.rpm
c19bbca55e615a7eec5f26aebea3a675  9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.i586.rpm
a4b44486653dd2d4822ba26c2debb769  9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.i586.rpm
941029c6b6e57f5083a48cbb2481a41e  9.2/RPMS/kernel-source-2.4.22-41mdk.i586.rpm
7a5a16618d1fb3c92a3b2c8abcb8f6e6  9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm

Mandrakelinux 9.2/AMD64

 b20216a4273d7c261e08e0aa4c7411ce  amd64/9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.amd64.rpm
adf9ba1fdd2b3be5de83f327fe35d932  amd64/9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.amd64.rpm
df3a1629ebbf44e8e57d5b6ba4c95149  amd64/9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.amd64.rpm
17b4902f4d569c2f208fe4c455b20b6f  amd64/9.2/RPMS/kernel-source-2.4.22-41mdk.amd64.rpm
7a5a16618d1fb3c92a3b2c8abcb8f6e6  amd64/9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm

Mandrakelinux 10.0

 3d615b76ac136595a7458135e1f839c6  10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm
8872bc542fb173ebe7b3ab99d9fa0a78  10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm
c2324dc5344bf65b4c32b7aaef8ce854  10.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm
df49e87e645dff4a94552e15e8943c19  10.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm
ca8d699e0e20a337a5eebf79ec85706a  10.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm
e07ade9d7d022da3fba9e13257bb7f15  10.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm
916707e9d3fe3c8328db6c6e18473abe  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm
3372a66fbafd98d091b1d3d577d50221  10.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm
f4684d50ded00cd05eaf47753b7564c8  10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm
03688dfd221d3b4a6fda80ef5784bab6  10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm
120a2b5101fcb5ade30f58c66faa8622  10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm
d865abbec938cee8c258bfed331e49b3  10.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm
6537b8b610d93a06a3b5e7fbed060d7d  10.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm
2b80606da918944b7d9a3947fe9261f4  10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm
66014de2087370161cc488cbd2459caa  10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.i586.rpm
9b808108f4839905f98821a72e01ed9b  10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
cbd99bedcf3e86bbe76cfc7483d3655a  10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
5ee85d63733b93e1629a9f5c44cb634c  10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 c8609f9d078f225fdc78047f338df99a  amd64/10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.amd64.rpm
b89b86305d44c25e7c79bff4a9f2ebe6  amd64/10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.amd64.rpm
0acfd0fcc2e4a792054970f796485a7b  amd64/10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.amd64.rpm
90400428327d20e8e6d7a3c6bbd95304  amd64/10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.amd64.rpm
a5723d6b9ac757d83eb46ea25de3f270  amd64/10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.amd64.rpm
69e309596c73922539f7771a0a8473c6  amd64/10.0/RPMS/kernel-source-2.4.25-13mdk.amd64.rpm
4bf67528554bddac99214a873a16cb9f  amd64/10.0/RPMS/kernel-source-2.6.3-25mdk.amd64.rpm
4628048ff5e631b48127cbbf1b7715b7  amd64/10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.amd64.rpm
91593c8eb6877c70f16c274254cbad2b  amd64/10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.amd64.rpm
9b808108f4839905f98821a72e01ed9b  amd64/10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
cbd99bedcf3e86bbe76cfc7483d3655a  amd64/10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
5ee85d63733b93e1629a9f5c44cb634c  amd64/10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm

Mandrakelinux 10.1

 0f696c0c5320ec25d05ef5bd350f9985  10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
d1af1c436a5abba25b8f08775da71db7  10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.i586.rpm
0dcb79ef492718dee540f7d41e80058a  10.1/RPMS/kernel-enterprise-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
40284c8cc69455994b3d4d1f4ca00f83  10.1/RPMS/kernel-enterprise-2.6.8.1.24mdk-1-1mdk.i586.rpm
9ea23249f97f8ee30cdac0e330112aab  10.1/RPMS/kernel-i586-up-1GB-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
7b30e9fcc1726f729fb553cbe2c6e1c0  10.1/RPMS/kernel-i586-up-1GB-2.6.8.1.24mdk-1-1mdk.i586.rpm
871192ed017f9d5cf41182cf603ee186  10.1/RPMS/kernel-i686-up-64GB-2.6.8.1.24mdk-1-1mdk.i586.rpm
c3cdd1c9aa5f109fc2c666496df04381  10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.i586.rpm
b9c94c3ddd5c96a6408cb2ae3c65cac4  10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
d70bdcfaf79cf6209e9c7d4842f9c630  10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.i586.rpm
d6d6df17dbd538a472f1715ed5085069  10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.i586.rpm
290f135dd67a321a54d1115a0e322114  10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.i586.rpm
a77254188fa582e1dc6507684b6350e0  10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.i586.rpm
ac1ff7f73b6ff5ef0d848835aa439f5b  10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm
7b0f95d89253bfab3456919d06e70039  10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm

Mandrakelinux 10.1/X86_64

 960b9e64607f387c5bcd4a437981a6fa  x86_64/10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm
04b7bd7f2fe22aa39f023a0a962b0aad  x86_64/10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
6bb79b4942fcaf55f503bdcbbf22f0b5  x86_64/10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
0d2340a40d9b712f0462f73297248700  x86_64/10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm
10c716e96824f09ed8db7d8f83729b90  x86_64/10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
7b963dda4b2be54640f9ca9413c07b53  x86_64/10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.x86_64.rpm
75c6e3ff75915b3d300a2c8cec0f9431  x86_64/10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.x86_64.rpm
796c7f2163d63e46e129fb165ea21e25  x86_64/10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.x86_64.rpm
ac1ff7f73b6ff5ef0d848835aa439f5b  x86_64/10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm
7b0f95d89253bfab3456919d06e70039  x86_64/10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm

Multi Network Firewall 8.2

 a08867762d937e0890a7efe79439c844  mnf8.2/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm
6fb3c0a0ab8d44e031f1c309f67b4dbc  mnf8.2/RPMS/modutils-2.4.19-5mdk.i586.rpm
ba431d79d61432149d88b19f7edbdaf7  mnf8.2/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm
296ea31d1338fe4ca0c1eba4ff652376  mnf8.2/SRPMS/modutils-2.4.19-5mdk.src.rpm

Corporate Server 2.1

 b6169281f854088c070fa44ec931958d  corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.i586.rpm
98dba27afd4cd5457d7f14159ed9ab5c  corporate/2.1/RPMS/kernel-enterprise-2.4.19.48mdk-1-1mdk.i586.rpm
889972abd61cb4c36ed1dcbb47b3f60e  corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm
41ba99dbf81769dcb1ef6770a47de649  corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.i586.rpm
6a16729a1b05c13884bd4922749c2ef3  corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.i586.rpm
ba431d79d61432149d88b19f7edbdaf7  corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm

Corporate Server 2.1/X86_64

 a3ee6a051ea79aadaefaaf67f19023d7  x86_64/corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.x86_64.rpm
33c6cac5db86011dc231686086b63798  x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.x86_64.rpm
d39c2680a53cacf01e1c768c06239660  x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.x86_64.rpm
7c17e24855523fd5f5d6bf819a6f198b  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.x86_64.rpm
ba431d79d61432149d88b19f7edbdaf7  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm

Corporate Server 3.0

 3d615b76ac136595a7458135e1f839c6  corporate/3.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm
8872bc542fb173ebe7b3ab99d9fa0a78  corporate/3.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm
c2324dc5344bf65b4c32b7aaef8ce854  corporate/3.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm
df49e87e645dff4a94552e15e8943c19  corporate/3.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm
ca8d699e0e20a337a5eebf79ec85706a  corporate/3.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm
e07ade9d7d022da3fba9e13257bb7f15  corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm
916707e9d3fe3c8328db6c6e18473abe  corporate/3.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm
3372a66fbafd98d091b1d3d577d50221  corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm
f4684d50ded00cd05eaf47753b7564c8  corporate/3.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm
03688dfd221d3b4a6fda80ef5784bab6  corporate/3.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm
120a2b5101fcb5ade30f58c66faa8622  corporate/3.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm
d865abbec938cee8c258bfed331e49b3  corporate/3.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm
6537b8b610d93a06a3b5e7fbed060d7d  corporate/3.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm
2b80606da918944b7d9a3947fe9261f4  corporate/3.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm
9b808108f4839905f98821a72e01ed9b  corporate/3.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
cbd99bedcf3e86bbe76cfc7483d3655a  corporate/3.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm

References

Upgrade

To upgrade your kernel, view the kernel update instructions. Kernels cannot be upgraded via MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.