|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] Re: MDKSA-2004:001 - Updated kernel packages fix local root vulnerability
From: Jordan T. (mandrake-discuss
blue-ferret.com.au)
Date: Fri Jan 09 2004 - 21:35:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
See the previous threads before posting something that will get you
flamed. This has been discussed already, yes secsup is screwed.
Jordan.
On Sat, 2004-01-10 at 11:10, Rick Phillips wrote:
> Both kernel 2.4.22.26 and kernel-source 2.4.22.26 are reporting invalid
> signatures from the mirror (secsup) for Mandrake version for 9.2.
>
> Regards,
>
> Rick Phillips
>
>
> On Fri, 2004-01-09 at 03:32, Mandrake Linux Security Team wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > _______________________________________________________________________
> >
> > Mandrake Linux Security Update Advisory
> > _______________________________________________________________________
> >
> > Package name: kernel
> > Advisory ID: MDKSA-2004:001
> > Date: January 7th, 2004
> >
> > Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1,
> > Multi Network Firewall 8.2
> > ______________________________________________________________________
> >
> > Problem Description:
> >
> > A flaw in bounds checking in mremap() in the Linux kernel versions
> > 2.4.23 and previous was discovered by Paul Starzetz. This flaw may
> > be used to allow a local attacker to obtain root privilege.
> >
> > Another minor information leak in the RTC (real time clock) routines
> > was fixed as well.
> >
> > All Mandrake Linux users are encouraged to upgrade to these packages
> > immediately. To update your kernel, please follow the directions
> > located at:
> >
> > http://www.mandrakesecure.net/en/kernelupdate.php
> >
> > Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1)
> > and bootloader-utils (9.2) packages prior to upgrading the kernel as
> > they contain a fixed installkernel script that fixes instances where
> > the loop module was not being loaded and would cause mkinitrd to fail.
> >
> > Users requiring commercial NVIDIA drivers can find drivers for
> > Mandrake Linux 9.2 at MandrakeClub.
> > _______________________________________________________________________
> >
> > References:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984
> > ______________________________________________________________________
> >
> > Updated Packages:
> >
> > Corporate Server 2.1:
> > 344b324173b04d135c00072452203021 corporate/2.1/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
> > 558b3f1e0ae41705a7e9d934d49947c4 corporate/2.1/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
> > 6a06c2133a894e542caf6cedf72e6d89 corporate/2.1/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
> > 45aaeb3cf17a0d59adfabf63e6d8de6f corporate/2.1/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
> > fd3c78a32146b808d3355e375e2a05b4 corporate/2.1/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
> > adc06d97e9468534ec14e330b102180c corporate/2.1/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm
> >
> > Corporate Server 2.1/x86_64:
> > d3d77a7084d6d5a976a8a40285ba03b6 x86_64/corporate/2.1/RPMS/kernel-2.4.19.34mdk-1-1mdk.x86_64.rpm
> > b2bb6374e1f0e2db7ea9d3f13b4a0d6f x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.34mdk-1-1mdk.x86_64.rpm
> > 216d6cfcc6a3409228d1a5161c6b0aeb x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.34mdk-1-1mdk.x86_64.rpm
> > 780d0a110c2512006a4e9cb52afe463c x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-34mdk.x86_64.rpm
> > a1fb994e250ce11fc08e460dee0cddd5 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.34mdk-1-1mdk.src.rpm
> >
> > Mandrake Linux 9.0:
> > 344b324173b04d135c00072452203021 9.0/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
> > 558b3f1e0ae41705a7e9d934d49947c4 9.0/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
> > 6a06c2133a894e542caf6cedf72e6d89 9.0/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
> > 45aaeb3cf17a0d59adfabf63e6d8de6f 9.0/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
> > fd3c78a32146b808d3355e375e2a05b4 9.0/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
> > adc06d97e9468534ec14e330b102180c 9.0/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm
> >
> > Mandrake Linux 9.1:
> > 2bde1321f95b49fa456ade29d03f0212 9.1/RPMS/initscripts-7.06-12.3.91mdk.i586.rpm
> > 7e6a48635fc44714dd4efdd5714c1968 9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.i586.rpm
> > f901e50a01fb020f31102a2cf494e817 9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.i586.rpm
> > 10c60ba7a25f1e7b3ea1f19636afcc6b 9.1/RPMS/kernel-secure-2.4.21.0.27mdk-1-1mdk.i586.rpm
> > 6270d3d1ce00b5d85931145e1b27f8a4 9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.i586.rpm
> > 165628ae2d42c0f2f9bf894d3e9fc432 9.1/RPMS/kernel-source-2.4.21-0.27mdk.i586.rpm
> > 8cfd6b274467b7165bd5985805254567 9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
> > b6cd338f787dc5062763004afa45e623 9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm
> >
> > Mandrake Linux 9.1/PPC:
> > 08ec2073354e8d64ebf81a79cd5bc319 ppc/9.1/RPMS/initscripts-7.06-12.3.91mdk.ppc.rpm
> > 84f9d61c4b504c6ccce1f87344d96692 ppc/9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.ppc.rpm
> > b389e5b0bffa3e166c2960d8e032fab1 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.ppc.rpm
> > 0c0fd519aba807c43c78b89360ff26b1 ppc/9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.ppc.rpm
> > feec3693688aedea8defd75da9cf6919 ppc/9.1/RPMS/kernel-source-2.4.21-0.27mdk.ppc.rpm
> > 8cfd6b274467b7165bd5985805254567 ppc/9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
> > b6cd338f787dc5062763004afa45e623 ppc/9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm
> >
> > Mandrake Linux 9.2:
> > dbae8a701a027e2a0aeb524643d3cdee 9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.i586.rpm
> > 2f9b2ed7be3388932bbc319611a0b8b7 9.2/RPMS/kernel-2.4.22.26mdk-1-1mdk.i586.rpm
> > b2f4fe01031d1bf8d26ea6c408be63f8 9.2/RPMS/kernel-enterprise-2.4.22.26mdk-1-1mdk.i586.rpm
> > e0dc38c45880e6732a50feba5470eaac 9.2/RPMS/kernel-i686-up-4GB-2.4.22.26mdk-1-1mdk.i586.rpm
> > f4c5098f1ef165692963956fbc844690 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.26mdk-1-1mdk.i586.rpm
> > 957ea9608c9e6488185e1d5b19d615e2 9.2/RPMS/kernel-secure-2.4.22.26mdk-1-1mdk.i586.rpm
> > 6c9bc5e4353a8f336a4bfe928a79bd13 9.2/RPMS/kernel-smp-2.4.22.26mdk-1-1mdk.i586.rpm
> > 8068ecb61313e6157811dbb8fe0f46a1 9.2/RPMS/kernel-source-2.4.22-26mdk.i586.rpm
> > 664a1994ee4c0d90df8f9341afa5b818 9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
> > 4d92e02dee3945e4b7476ba4bba9bf6d 9.2/SRPMS/kernel-2.4.22.26mdk-1-1mdk.src.rpm
> >
> > Mandrake Linux 9.2/AMD64:
> > 603219ea9ca09a9283c98ebfaab3c1ba amd64/9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.amd64.rpm
> > 2d44e7cd4ff2148e3b9e548fd1beec59 amd64/9.2/RPMS/kernel-2.4.22.27mdk-1-1mdk.amd64.rpm
> > e98224df11f1c5f8c2432457e1e4a004 amd64/9.2/RPMS/kernel-secure-2.4.22.27mdk-1-1mdk.amd64.rpm
> > 0dd710693b0df96ac6b1e68c5f5ad7c9 amd64/9.2/RPMS/kernel-smp-2.4.22.27mdk-1-1mdk.amd64.rpm
> > d3b57b8dd9a19a6b4ed2f8f01cfeb75f amd64/9.2/RPMS/kernel-source-2.4.22-27mdk.amd64.rpm
> > 664a1994ee4c0d90df8f9341afa5b818 amd64/9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
> > 945e4f9405fcccac6a844a86109b74b6 amd64/9.2/SRPMS/kernel-2.4.22.27mdk-1-1mdk.src.rpm
> >
> > Multi Network Firewall 8.2:
> > 15023427ad0c65e0607e217778bc6672 mnf8.2/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
> > adc06d97e9468534ec14e330b102180c mnf8.2/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm
> > _______________________________________________________________________
> >
> > To upgrade automatically use MandrakeUpdate or urpmi. The verification
> > of md5 checksums and GPG signatures is performed automatically for you.
> >
> > A list of FTP mirrors can be obtained from:
> >
> > http://www.mandrakesecure.net/en/ftp.php
> >
> > All packages are signed by MandrakeSoft for security. You can obtain
> > the GPG public key of the Mandrake Linux Security Team by executing:
> >
> > gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
> >
> > Please be aware that sometimes it takes the mirrors a few hours to
> > update.
> >
> > You can view other update advisories for Mandrake Linux at:
> >
> > http://www.mandrakesecure.net/en/advisories/
> >
> > MandrakeSoft has several security-related mailing list services that
> > anyone can subscribe to. Information on these lists can be obtained by
> > visiting:
> >
> > http://www.mandrakesecure.net/en/mlist.php
> >
> > If you want to report vulnerabilities, please contact
> >
> > security_linux-mandrake.com
> >
> > Type Bits/KeyID Date User ID
> > pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
> > <security linux-mandrake.com>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.7 (GNU/Linux)
> >
> > iD8DBQE//ZQ2mqjQ0CJFipgRAhbiAJ9Ynq77P20SpN1fUtL/6T/6UHnGegCg8lul
> > m3Iey37txkx7vLqlIj18EAo=
> > =Bsd0
> > -----END PGP SIGNATURE-----
> >
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]