A kernel update has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:029
Date: April 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).
A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109).
An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177).
The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181).
Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178).
The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandrakesecure.net/en/kernelupdate.php
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
b4826b1ef3e764cbbcea5a7b304bbe65 10.0/RPMS/kernel-2.4.25.3mdk-1-1mdk.i586.rpm
29feca23f05a67de8b98840b9fff7d93 10.0/RPMS/kernel-2.6.3.8mdk-1-1mdk.i586.rpm
d7cf169ab6feca0ff328bdb2b83dfd10 10.0/RPMS/kernel-enterprise-2.4.25.3mdk-1-1mdk.i586.rpm
fc42c4a0e5c33c065575bd8377f793a5 10.0/RPMS/kernel-enterprise-2.6.3.8mdk-1-1mdk.i586.rpm
353aa9636d7e34c6afab193defe46713 10.0/RPMS/kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk.i586.rpm
5c434e6d9992f139371b58c05aa811e5 10.0/RPMS/kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk.i586.rpm
86c6adedf3f4e56580f4041d997ad63f 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk.i586.rpm
80a5571c8a6cea4a050d25ad69e1fd89 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk.i586.rpm
58585213cf9adb3e3036c483b2564eb8 10.0/RPMS/kernel-secure-2.6.3.8mdk-1-1mdk.i586.rpm
97d27da1d1123ba70e26d418313aa928 10.0/RPMS/kernel-smp-2.4.25.3mdk-1-1mdk.i586.rpm
4a23217607dc4986fbca670eb364cf84 10.0/RPMS/kernel-smp-2.6.3.8mdk-1-1mdk.i586.rpm
0b8c7da330198d355be83decd03ceccb 10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm
d5c065c5767044e2f7fad85a01011665 10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm
bcfde8a0e87da6aa97b21550d95106ca 10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm
20a1cb909fe21afe66c9d3e6ba839c12 10.0/SRPMS/kernel-2.4.25.3mdk-1-1mdk.src.rpm
fd51f33b89b1647f212649fbed23c6ad 10.0/SRPMS/kernel-2.6.3.8mdk-1-1mdk.src.rpm
Corporate Server 2.1:
eb4998651f1831bd1c065b121d380329 corporate/2.1/RPMS/kernel-2.4.19.39mdk-1-1mdk.i586.rpm
002afdc620495d8d69db0630c92eeaf1 corporate/2.1/RPMS/kernel-enterprise-2.4.19.39mdk-1-1mdk.i586.rpm
5a668737d29e37fc13247d009e3168fb corporate/2.1/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm
3e9bbfacb9b157df46be188234939ccb corporate/2.1/RPMS/kernel-smp-2.4.19.39mdk-1-1mdk.i586.rpm
6222532d2d8d16e6b92c84d2015fd166 corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm
d5dd3f59ed6cf66414c886002622954a corporate/2.1/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm
Corporate Server 2.1/x86_64:
8c79eb0882cdbc3087a849bc0d002d12 x86_64/corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.x86_64.rpm
bd1b3af1103a5162c3fa71d8a7a20e29 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.x86_64.rpm
5ce3957e78b6c2556d8d01b436049e1c x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.x86_64.rpm
eb8813335600b8509343a5d376f50586 x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm
749ba262824efc6db6bf9a348db9572b x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm
Mandrakelinux 9.1:
b5394346fa238739fe342671009b8eca 9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.i586.rpm
40c38603b9dad47b497cc2fdccfc21cd 9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.i586.rpm
c107a74efbd71017c5e7cae4a4b84fb4 9.1/RPMS/kernel-secure-2.4.21.0.29mdk-1-1mdk.i586.rpm
362e1ddc3add24372bbb59a74941c598 9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.i586.rpm
1745c4fec12d10c7dd2d5331f03a254c 9.1/RPMS/kernel-source-2.4.21-0.29mdk.i586.rpm
20a2d293559cd1bdabc86c533a907a4a 9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm
Mandrakelinux 9.1/PPC:
fc4fb39fe1df50af8932679c0b138e8d ppc/9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.ppc.rpm
e2a42a0898cabfe4b59d5ecf9167e4e0 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.ppc.rpm
7d4a095287f8f1076113ab445a286d36 ppc/9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.ppc.rpm
760f415f8eb70ebd37f243a0b43a176f ppc/9.1/RPMS/kernel-source-2.4.21-0.29mdk.ppc.rpm
20a2d293559cd1bdabc86c533a907a4a ppc/9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm
Mandrakelinux 9.2:
409ab93daa6c6690a2a015871f23f832 9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.i586.rpm
f25ad40adcbaa0869335a227d4264a58 9.2/RPMS/kernel-enterprise-2.4.22.29mdk-1-1mdk.i586.rpm
f94fe10996090682e9ac6d13d374b920 9.2/RPMS/kernel-i686-up-4GB-2.4.22.29mdk-1-1mdk.i586.rpm
52c9cb8f53fb15a2d7587215193c9753 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.29mdk-1-1mdk.i586.rpm
d6d06b86c72135c32118cba6f4c9ddd4 9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.i586.rpm
1781ebccb4a1a866d1cd6da9ead17e1a 9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.i586.rpm
aa9795ab47d2857e8a47ef9f1b4f3a40 9.2/RPMS/kernel-source-2.4.22-29mdk.i586.rpm
4971af624bb652a0e14d50703977aad5 9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm
Mandrakelinux 9.2/AMD64:
794e8ac9edc946b02213557c135fe06a amd64/9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.amd64.rpm
c78816d4821cf0a8a82895240d2c7882 amd64/9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.amd64.rpm
231cf40c4c78d756a354e7fc9ef435ea amd64/9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.amd64.rpm
17738c560feeb16e8a50acda87f1ed7d amd64/9.2/RPMS/kernel-source-2.4.22-29mdk.amd64.rpm
4971af624bb652a0e14d50703977aad5 amd64/9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm
Multi Network Firewall 8.2:
143a4b55641d29e5a346e8d7685e5e1b mnf8.2/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm
d5dd3f59ed6cf66414c886002622954a mnf8.2/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:029
Date: April 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).
A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109).
An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177).
The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181).
Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178).
The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandrakesecure.net/en/kernelupdate.php
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
b4826b1ef3e764cbbcea5a7b304bbe65 10.0/RPMS/kernel-2.4.25.3mdk-1-1mdk.i586.rpm
29feca23f05a67de8b98840b9fff7d93 10.0/RPMS/kernel-2.6.3.8mdk-1-1mdk.i586.rpm
d7cf169ab6feca0ff328bdb2b83dfd10 10.0/RPMS/kernel-enterprise-2.4.25.3mdk-1-1mdk.i586.rpm
fc42c4a0e5c33c065575bd8377f793a5 10.0/RPMS/kernel-enterprise-2.6.3.8mdk-1-1mdk.i586.rpm
353aa9636d7e34c6afab193defe46713 10.0/RPMS/kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk.i586.rpm
5c434e6d9992f139371b58c05aa811e5 10.0/RPMS/kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk.i586.rpm
86c6adedf3f4e56580f4041d997ad63f 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk.i586.rpm
80a5571c8a6cea4a050d25ad69e1fd89 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk.i586.rpm
58585213cf9adb3e3036c483b2564eb8 10.0/RPMS/kernel-secure-2.6.3.8mdk-1-1mdk.i586.rpm
97d27da1d1123ba70e26d418313aa928 10.0/RPMS/kernel-smp-2.4.25.3mdk-1-1mdk.i586.rpm
4a23217607dc4986fbca670eb364cf84 10.0/RPMS/kernel-smp-2.6.3.8mdk-1-1mdk.i586.rpm
0b8c7da330198d355be83decd03ceccb 10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm
d5c065c5767044e2f7fad85a01011665 10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm
bcfde8a0e87da6aa97b21550d95106ca 10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm
20a1cb909fe21afe66c9d3e6ba839c12 10.0/SRPMS/kernel-2.4.25.3mdk-1-1mdk.src.rpm
fd51f33b89b1647f212649fbed23c6ad 10.0/SRPMS/kernel-2.6.3.8mdk-1-1mdk.src.rpm
Corporate Server 2.1:
eb4998651f1831bd1c065b121d380329 corporate/2.1/RPMS/kernel-2.4.19.39mdk-1-1mdk.i586.rpm
002afdc620495d8d69db0630c92eeaf1 corporate/2.1/RPMS/kernel-enterprise-2.4.19.39mdk-1-1mdk.i586.rpm
5a668737d29e37fc13247d009e3168fb corporate/2.1/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm
3e9bbfacb9b157df46be188234939ccb corporate/2.1/RPMS/kernel-smp-2.4.19.39mdk-1-1mdk.i586.rpm
6222532d2d8d16e6b92c84d2015fd166 corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm
d5dd3f59ed6cf66414c886002622954a corporate/2.1/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm
Corporate Server 2.1/x86_64:
8c79eb0882cdbc3087a849bc0d002d12 x86_64/corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.x86_64.rpm
bd1b3af1103a5162c3fa71d8a7a20e29 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.x86_64.rpm
5ce3957e78b6c2556d8d01b436049e1c x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.x86_64.rpm
eb8813335600b8509343a5d376f50586 x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm
749ba262824efc6db6bf9a348db9572b x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm
Mandrakelinux 9.1:
b5394346fa238739fe342671009b8eca 9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.i586.rpm
40c38603b9dad47b497cc2fdccfc21cd 9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.i586.rpm
c107a74efbd71017c5e7cae4a4b84fb4 9.1/RPMS/kernel-secure-2.4.21.0.29mdk-1-1mdk.i586.rpm
362e1ddc3add24372bbb59a74941c598 9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.i586.rpm
1745c4fec12d10c7dd2d5331f03a254c 9.1/RPMS/kernel-source-2.4.21-0.29mdk.i586.rpm
20a2d293559cd1bdabc86c533a907a4a 9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm
Mandrakelinux 9.1/PPC:
fc4fb39fe1df50af8932679c0b138e8d ppc/9.1/RPMS/kernel-2.4.21.0.29mdk-1-1mdk.ppc.rpm
e2a42a0898cabfe4b59d5ecf9167e4e0 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.29mdk-1-1mdk.ppc.rpm
7d4a095287f8f1076113ab445a286d36 ppc/9.1/RPMS/kernel-smp-2.4.21.0.29mdk-1-1mdk.ppc.rpm
760f415f8eb70ebd37f243a0b43a176f ppc/9.1/RPMS/kernel-source-2.4.21-0.29mdk.ppc.rpm
20a2d293559cd1bdabc86c533a907a4a ppc/9.1/SRPMS/kernel-2.4.21.0.29mdk-1-1mdk.src.rpm
Mandrakelinux 9.2:
409ab93daa6c6690a2a015871f23f832 9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.i586.rpm
f25ad40adcbaa0869335a227d4264a58 9.2/RPMS/kernel-enterprise-2.4.22.29mdk-1-1mdk.i586.rpm
f94fe10996090682e9ac6d13d374b920 9.2/RPMS/kernel-i686-up-4GB-2.4.22.29mdk-1-1mdk.i586.rpm
52c9cb8f53fb15a2d7587215193c9753 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.29mdk-1-1mdk.i586.rpm
d6d06b86c72135c32118cba6f4c9ddd4 9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.i586.rpm
1781ebccb4a1a866d1cd6da9ead17e1a 9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.i586.rpm
aa9795ab47d2857e8a47ef9f1b4f3a40 9.2/RPMS/kernel-source-2.4.22-29mdk.i586.rpm
4971af624bb652a0e14d50703977aad5 9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm
Mandrakelinux 9.2/AMD64:
794e8ac9edc946b02213557c135fe06a amd64/9.2/RPMS/kernel-2.4.22.29mdk-1-1mdk.amd64.rpm
c78816d4821cf0a8a82895240d2c7882 amd64/9.2/RPMS/kernel-secure-2.4.22.29mdk-1-1mdk.amd64.rpm
231cf40c4c78d756a354e7fc9ef435ea amd64/9.2/RPMS/kernel-smp-2.4.22.29mdk-1-1mdk.amd64.rpm
17738c560feeb16e8a50acda87f1ed7d amd64/9.2/RPMS/kernel-source-2.4.22-29mdk.amd64.rpm
4971af624bb652a0e14d50703977aad5 amd64/9.2/SRPMS/kernel-2.4.22.29mdk-1-1mdk.src.rpm
Multi Network Firewall 8.2:
143a4b55641d29e5a346e8d7685e5e1b mnf8.2/RPMS/kernel-secure-2.4.19.39mdk-1-1mdk.i586.rpm
d5dd3f59ed6cf66414c886002622954a mnf8.2/SRPMS/kernel-2.4.19.39mdk-1-1mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.