Mandriva 1274 Published by

Updated kernel packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: kernel
Advisory ID: MDKSA-2005:022
Date: January 25th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Corporate Server 3.0,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory:

- Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CAN-2004-0814)



- Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CAN-2004-0816)

- Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CAN-2004-0883 and CAN-2004-0949)

- Paul Starzetz and Georgi Guninski reported, independantly, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CAN-2004-1016)

- Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CAN-2004-1058)

- Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CAN-2004-1068)

- Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069)

- Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)

- It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CAN-2004-1074)

- Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CAN-2004-1137)

- Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CAN-2004-1151)

- Paul Starzetz found locally exploitable flaws in the binary format loader's uselib() function that could be abused to allow a local user to obtain root privileges (CAN-2004-1235)

- Paul Starzetz found an exploitable flaw in the page fault handler when running on SMP machines (CAN-2005-0001)

- A vulnerability in insert_vm_struct could allow a locla user to trigger BUG() when the user created a large vma that overlapped with arg pages during exec (CAN-2005-0003)

- Paul Starzetz also found a number of vulnerabilities in the kernel binfmt_elf loader that could lead a local user to obtain elevated (root) privileges (isec-0017-binfmt_elf)

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandrakesoft.com/security/kernelupdate

PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the latest module-init-tools package prior to upgrading their kernel. Likewise, MNF8.2 users will need to upgrade to the latest modutils package prior to upgrading their kernel.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
http://www.ussg.iu.edu/hypermail/linux/kernel/0411.1/1222.html
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
3d615b76ac136595a7458135e1f839c6 10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm
8872bc542fb173ebe7b3ab99d9fa0a78 10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm
c2324dc5344bf65b4c32b7aaef8ce854 10.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm
df49e87e645dff4a94552e15e8943c19 10.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm
ca8d699e0e20a337a5eebf79ec85706a 10.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm
e07ade9d7d022da3fba9e13257bb7f15 10.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm
916707e9d3fe3c8328db6c6e18473abe 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm
3372a66fbafd98d091b1d3d577d50221 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm
f4684d50ded00cd05eaf47753b7564c8 10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm
03688dfd221d3b4a6fda80ef5784bab6 10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm
120a2b5101fcb5ade30f58c66faa8622 10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm
d865abbec938cee8c258bfed331e49b3 10.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm
6537b8b610d93a06a3b5e7fbed060d7d 10.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm
2b80606da918944b7d9a3947fe9261f4 10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm
66014de2087370161cc488cbd2459caa 10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.i586.rpm
9b808108f4839905f98821a72e01ed9b 10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
cbd99bedcf3e86bbe76cfc7483d3655a 10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
5ee85d63733b93e1629a9f5c44cb634c 10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
c8609f9d078f225fdc78047f338df99a amd64/10.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.amd64.rpm
b89b86305d44c25e7c79bff4a9f2ebe6 amd64/10.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.amd64.rpm
0acfd0fcc2e4a792054970f796485a7b amd64/10.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.amd64.rpm
90400428327d20e8e6d7a3c6bbd95304 amd64/10.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.amd64.rpm
a5723d6b9ac757d83eb46ea25de3f270 amd64/10.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.amd64.rpm
69e309596c73922539f7771a0a8473c6 amd64/10.0/RPMS/kernel-source-2.4.25-13mdk.amd64.rpm
4bf67528554bddac99214a873a16cb9f amd64/10.0/RPMS/kernel-source-2.6.3-25mdk.amd64.rpm
4628048ff5e631b48127cbbf1b7715b7 amd64/10.0/RPMS/kernel-source-stripped-2.6.3-25mdk.amd64.rpm
91593c8eb6877c70f16c274254cbad2b amd64/10.0/RPMS/module-init-tools-3.0-1.2.1.100mdk.amd64.rpm
9b808108f4839905f98821a72e01ed9b amd64/10.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
cbd99bedcf3e86bbe76cfc7483d3655a amd64/10.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm
5ee85d63733b93e1629a9f5c44cb634c amd64/10.0/SRPMS/module-init-tools-3.0-1.2.1.100mdk.src.rpm

Mandrakelinux 10.1:
0f696c0c5320ec25d05ef5bd350f9985 10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
d1af1c436a5abba25b8f08775da71db7 10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.i586.rpm
0dcb79ef492718dee540f7d41e80058a 10.1/RPMS/kernel-enterprise-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
40284c8cc69455994b3d4d1f4ca00f83 10.1/RPMS/kernel-enterprise-2.6.8.1.24mdk-1-1mdk.i586.rpm
9ea23249f97f8ee30cdac0e330112aab 10.1/RPMS/kernel-i586-up-1GB-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
7b30e9fcc1726f729fb553cbe2c6e1c0 10.1/RPMS/kernel-i586-up-1GB-2.6.8.1.24mdk-1-1mdk.i586.rpm
871192ed017f9d5cf41182cf603ee186 10.1/RPMS/kernel-i686-up-64GB-2.6.8.1.24mdk-1-1mdk.i586.rpm
c3cdd1c9aa5f109fc2c666496df04381 10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.i586.rpm
b9c94c3ddd5c96a6408cb2ae3c65cac4 10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.i586.rpm
d70bdcfaf79cf6209e9c7d4842f9c630 10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.i586.rpm
d6d6df17dbd538a472f1715ed5085069 10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.i586.rpm
290f135dd67a321a54d1115a0e322114 10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.i586.rpm
a77254188fa582e1dc6507684b6350e0 10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.i586.rpm
ac1ff7f73b6ff5ef0d848835aa439f5b 10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm
7b0f95d89253bfab3456919d06e70039 10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm

Mandrakelinux 10.1/X86_64:
960b9e64607f387c5bcd4a437981a6fa x86_64/10.1/RPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm
04b7bd7f2fe22aa39f023a0a962b0aad x86_64/10.1/RPMS/kernel-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
6bb79b4942fcaf55f503bdcbbf22f0b5 x86_64/10.1/RPMS/kernel-secure-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
0d2340a40d9b712f0462f73297248700 x86_64/10.1/RPMS/kernel-smp-2.4.28.0.rc1.5mdk-1-1mdk.x86_64.rpm
10c716e96824f09ed8db7d8f83729b90 x86_64/10.1/RPMS/kernel-smp-2.6.8.1.24mdk-1-1mdk.x86_64.rpm
7b963dda4b2be54640f9ca9413c07b53 x86_64/10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.5mdk.x86_64.rpm
75c6e3ff75915b3d300a2c8cec0f9431 x86_64/10.1/RPMS/kernel-source-2.6-2.6.8.1-24mdk.x86_64.rpm
796c7f2163d63e46e129fb165ea21e25 x86_64/10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-24mdk.x86_64.rpm
ac1ff7f73b6ff5ef0d848835aa439f5b x86_64/10.1/SRPMS/kernel-2.4.28.0.rc1.5mdk-1-1mdk.src.rpm
7b0f95d89253bfab3456919d06e70039 x86_64/10.1/SRPMS/kernel-2.6.8.1.24mdk-1-1mdk.src.rpm

Corporate Server 2.1:
b6169281f854088c070fa44ec931958d corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.i586.rpm
98dba27afd4cd5457d7f14159ed9ab5c corporate/2.1/RPMS/kernel-enterprise-2.4.19.48mdk-1-1mdk.i586.rpm
889972abd61cb4c36ed1dcbb47b3f60e corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm
41ba99dbf81769dcb1ef6770a47de649 corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.i586.rpm
6a16729a1b05c13884bd4922749c2ef3 corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.i586.rpm
ba431d79d61432149d88b19f7edbdaf7 corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm

Corporate Server 2.1/x86_64:
a3ee6a051ea79aadaefaaf67f19023d7 x86_64/corporate/2.1/RPMS/kernel-2.4.19.48mdk-1-1mdk.x86_64.rpm
33c6cac5db86011dc231686086b63798 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.x86_64.rpm
d39c2680a53cacf01e1c768c06239660 x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.48mdk-1-1mdk.x86_64.rpm
7c17e24855523fd5f5d6bf819a6f198b x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-48mdk.x86_64.rpm
ba431d79d61432149d88b19f7edbdaf7 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm

Corporate Server 3.0:
3d615b76ac136595a7458135e1f839c6 corporate/3.0/RPMS/kernel-2.4.25.13mdk-1-1mdk.i586.rpm
8872bc542fb173ebe7b3ab99d9fa0a78 corporate/3.0/RPMS/kernel-2.6.3.25mdk-1-1mdk.i586.rpm
c2324dc5344bf65b4c32b7aaef8ce854 corporate/3.0/RPMS/kernel-enterprise-2.4.25.13mdk-1-1mdk.i586.rpm
df49e87e645dff4a94552e15e8943c19 corporate/3.0/RPMS/kernel-enterprise-2.6.3.25mdk-1-1mdk.i586.rpm
ca8d699e0e20a337a5eebf79ec85706a corporate/3.0/RPMS/kernel-i686-up-4GB-2.4.25.13mdk-1-1mdk.i586.rpm
e07ade9d7d022da3fba9e13257bb7f15 corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.25mdk-1-1mdk.i586.rpm
916707e9d3fe3c8328db6c6e18473abe corporate/3.0/RPMS/kernel-p3-smp-64GB-2.4.25.13mdk-1-1mdk.i586.rpm
3372a66fbafd98d091b1d3d577d50221 corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.25mdk-1-1mdk.i586.rpm
f4684d50ded00cd05eaf47753b7564c8 corporate/3.0/RPMS/kernel-secure-2.6.3.25mdk-1-1mdk.i586.rpm
03688dfd221d3b4a6fda80ef5784bab6 corporate/3.0/RPMS/kernel-smp-2.4.25.13mdk-1-1mdk.i586.rpm
120a2b5101fcb5ade30f58c66faa8622 corporate/3.0/RPMS/kernel-smp-2.6.3.25mdk-1-1mdk.i586.rpm
d865abbec938cee8c258bfed331e49b3 corporate/3.0/RPMS/kernel-source-2.4.25-13mdk.i586.rpm
6537b8b610d93a06a3b5e7fbed060d7d corporate/3.0/RPMS/kernel-source-2.6.3-25mdk.i586.rpm
2b80606da918944b7d9a3947fe9261f4 corporate/3.0/RPMS/kernel-source-stripped-2.6.3-25mdk.i586.rpm
9b808108f4839905f98821a72e01ed9b corporate/3.0/SRPMS/kernel-2.4.25.13mdk-1-1mdk.src.rpm
cbd99bedcf3e86bbe76cfc7483d3655a corporate/3.0/SRPMS/kernel-2.6.3.25mdk-1-1mdk.src.rpm

Mandrakelinux 9.2:
df22e4dffb539874c2ad36bc8893718b 9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.i586.rpm
58303975f994e50b440a46aa10b3c0a4 9.2/RPMS/kernel-enterprise-2.4.22.41mdk-1-1mdk.i586.rpm
6548386b7fab601d507950a3b658b454 9.2/RPMS/kernel-i686-up-4GB-2.4.22.41mdk-1-1mdk.i586.rpm
a5eeba7c971e7fe09d4b42ef183b97f9 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.41mdk-1-1mdk.i586.rpm
c19bbca55e615a7eec5f26aebea3a675 9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.i586.rpm
a4b44486653dd2d4822ba26c2debb769 9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.i586.rpm
941029c6b6e57f5083a48cbb2481a41e 9.2/RPMS/kernel-source-2.4.22-41mdk.i586.rpm
7a5a16618d1fb3c92a3b2c8abcb8f6e6 9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm

Mandrakelinux 9.2/AMD64:
b20216a4273d7c261e08e0aa4c7411ce amd64/9.2/RPMS/kernel-2.4.22.41mdk-1-1mdk.amd64.rpm
adf9ba1fdd2b3be5de83f327fe35d932 amd64/9.2/RPMS/kernel-secure-2.4.22.41mdk-1-1mdk.amd64.rpm
df3a1629ebbf44e8e57d5b6ba4c95149 amd64/9.2/RPMS/kernel-smp-2.4.22.41mdk-1-1mdk.amd64.rpm
17b4902f4d569c2f208fe4c455b20b6f amd64/9.2/RPMS/kernel-source-2.4.22-41mdk.amd64.rpm
7a5a16618d1fb3c92a3b2c8abcb8f6e6 amd64/9.2/SRPMS/kernel-2.4.22.41mdk-1-1mdk.src.rpm

Multi Network Firewall 8.2:
a08867762d937e0890a7efe79439c844 mnf8.2/RPMS/kernel-secure-2.4.19.48mdk-1-1mdk.i586.rpm
6fb3c0a0ab8d44e031f1c309f67b4dbc mnf8.2/RPMS/modutils-2.4.19-5mdk.i586.rpm
ba431d79d61432149d88b19f7edbdaf7 mnf8.2/SRPMS/kernel-2.4.19.48mdk-1-1mdk.src.rpm
296ea31d1338fe4ca0c1eba4ff652376 mnf8.2/SRPMS/modutils-2.4.19-5mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com