[Full-Disclosure] MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 04/27/04

  • Next message: Joshua J. Berry: "[ GLSA 200404-18 ] Multiple Vulnerabilities in ssmtp"
    To: full-disclosure@lists.netsys.com
    Date: 27 Apr 2004 17:46:10 -0000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                     Mandrakelinux Security Update Advisory
     _______________________________________________________________________

     Package name: kernel
     Advisory ID: MDKSA-2004:037
     Date: April 27th, 2004

     Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
                             Multi Network Firewall 8.2
     ______________________________________________________________________

     Problem Description:

     A vulnerability was found in the framebuffer driver of the 2.6 kernel.
     This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229)
     
     A vulnerability has been found in the Linux kernel in the ip_setsockopt()
     function code. There is an exploitable integer overflow inside the code
     handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro
     calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels.
     (CAN-2004-0424)
     
     There is a minor issue with the static buffer in 2.4 kernel's panic()
     function. Although it's a possibly buffer overflow, it most like not
     exploitable due to the nature of panic(). (CAN-2004-0394)
     
     In do_fork(), if an error occurs after the mm_struct for the child has
     been allocated, it is never freed. The exit_mm() meant to free it
     increments the mm_count and this count is never decremented. (For a
     running process that is exitting, schedule() takes care this; however,
     the child process being cleaned up is not running.) In the CLONE_VM
     case, the parent's mm_struct will get an extra mm_count and so it will
     never be freed. This issue is present in both 2.4 and 2.6 kernels.
     
     The provided packages are patched to fix these vulnerabilities. All
     users are encouraged to upgrade to these updated kernels.
     
     To update your kernel, please follow the directions located at:
     
       http://www.mandrakesecure.net/en/kernelupdate.php
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0229
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.0:
     512ad2b9656157596a14f11658003441 10.0/RPMS/kernel-2.4.25.4mdk-1-1mdk.i586.rpm
     1408115128e49bdedecfef550a1d617e 10.0/RPMS/kernel-2.6.3.9mdk-1-1mdk.i586.rpm
     c5d1c3e66f3d0c13e06e655a60c93648 10.0/RPMS/kernel-enterprise-2.4.25.4mdk-1-1mdk.i586.rpm
     d2b6f19fbf4d977e43f702573ae0149b 10.0/RPMS/kernel-enterprise-2.6.3.9mdk-1-1mdk.i586.rpm
     51aa702b34b5341cc6f7a8b00d8fb2d1 10.0/RPMS/kernel-i686-up-4GB-2.4.25.4mdk-1-1mdk.i586.rpm
     6ba75b6a07c497d19de6d94421160421 10.0/RPMS/kernel-i686-up-4GB-2.6.3.9mdk-1-1mdk.i586.rpm
     b0cf5e7fcb0504d7ba3eabaf5877b3a1 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.4mdk-1-1mdk.i586.rpm
     c0edb799f2c564a025525fa02064f14d 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.9mdk-1-1mdk.i586.rpm
     834f15992c852e065945c52a9641f838 10.0/RPMS/kernel-secure-2.6.3.9mdk-1-1mdk.i586.rpm
     a50abd8fcf456b8e47153fb54376f59b 10.0/RPMS/kernel-smp-2.4.25.4mdk-1-1mdk.i586.rpm
     ac68ceaffdcb08413ebf35c23aac3156 10.0/RPMS/kernel-smp-2.6.3.9mdk-1-1mdk.i586.rpm
     11245edb491cd5d3e51f289cafea27da 10.0/RPMS/kernel-source-2.4.25-4mdk.i586.rpm
     df56adcb83dfcc1c48f30da6df98d26f 10.0/RPMS/kernel-source-2.6.3-9mdk.i586.rpm
     9dd9a73d7e818de3a32884bb929faa6e 10.0/RPMS/kernel-source-stripped-2.6.3-9mdk.i586.rpm
     ee1e8c70faa8fcfe037b1df2a02dfde3 10.0/SRPMS/kernel-2.4.25.4mdk-1-1mdk.src.rpm
     e520e352d544fb6054deeeee10771a0d 10.0/SRPMS/kernel-2.6.3.9mdk-1-1mdk.src.rpm

     Corporate Server 2.1:
     9d768e4ce36c6087ba8f5ba577844404 corporate/2.1/RPMS/kernel-2.4.19.40mdk-1-1mdk.i586.rpm
     dc79c45fa573699bbeb69e93d21a844d corporate/2.1/RPMS/kernel-enterprise-2.4.19.40mdk-1-1mdk.i586.rpm
     6899874aaa34516f539d8d3325bf04ef corporate/2.1/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.i586.rpm
     ed0e7b8045d8c2fec9b50ec0fc892144 corporate/2.1/RPMS/kernel-smp-2.4.19.40mdk-1-1mdk.i586.rpm
     22f2d31deab68fe8ebfc45f9ffde03eb corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.i586.rpm
     acaf69cb211e659a1f66bb515d344e6d corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm

     Corporate Server 2.1/x86_64:
     ae61d25bf5add380bd090be023f2b369 x86_64/corporate/2.1/RPMS/kernel-2.4.19.41mdk-1-1mdk.x86_64.rpm
     ab7733adedb14c77065049e538724102 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.x86_64.rpm
     548431a1f50a3aa621168a9201459ed5 x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.41mdk-1-1mdk.x86_64.rpm
     df97c7eea0a451191554eb4f1d3470fa x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-41mdk.x86_64.rpm
     749ba262824efc6db6bf9a348db9572b x86_64/corporate/2.1/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm
     e3aab9144ef05bbdebb4d0e3bb7a687f x86_64/corporate/2.1/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm

     Mandrakelinux 9.1:
     f579e5572ae3c29992b2c073b08566fe 9.1/RPMS/kernel-2.4.21.0.30mdk-1-1mdk.i586.rpm
     c7b9fa739c8da1f169b2aae61befea11 9.1/RPMS/kernel-enterprise-2.4.21.0.30mdk-1-1mdk.i586.rpm
     bde850e6aba069f6d376030d138e6651 9.1/RPMS/kernel-secure-2.4.21.0.30mdk-1-1mdk.i586.rpm
     59c4aa4caa87443bb7ff1b1163290cb6 9.1/RPMS/kernel-smp-2.4.21.0.30mdk-1-1mdk.i586.rpm
     b4970e3b44485a980ef7097cc4392980 9.1/RPMS/kernel-source-2.4.21-0.30mdk.i586.rpm
     3573d24eb4a88655c30a50927a04bc99 9.1/SRPMS/kernel-2.4.21.0.30mdk-1-1mdk.src.rpm

     Mandrakelinux 9.1/PPC:
     9f79caa248fd9a44148dc71b8978ea61 ppc/9.1/RPMS/kernel-2.4.21.0.30mdk-1-1mdk.ppc.rpm
     ad997d6ffa84dabcb6dab71d84cc76c7 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.30mdk-1-1mdk.ppc.rpm
     e3000ba19417448101b89de749352d65 ppc/9.1/RPMS/kernel-smp-2.4.21.0.30mdk-1-1mdk.ppc.rpm
     2b2ffb04ab1682dd6f617989cd916baa ppc/9.1/RPMS/kernel-source-2.4.21-0.30mdk.ppc.rpm
     3573d24eb4a88655c30a50927a04bc99 ppc/9.1/SRPMS/kernel-2.4.21.0.30mdk-1-1mdk.src.rpm

     Mandrakelinux 9.2:
     d27941559f1c361302828a9b47ecf7f3 9.2/RPMS/kernel-2.4.22.30mdk-1-1mdk.i586.rpm
     b83fa5ce402914f25f7842111a4b7ade 9.2/RPMS/kernel-enterprise-2.4.22.30mdk-1-1mdk.i586.rpm
     f4ebd378c253029948d2842b28a42686 9.2/RPMS/kernel-i686-up-4GB-2.4.22.30mdk-1-1mdk.i586.rpm
     25af28dd6307d885aa4e1675f87eff9d 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.30mdk-1-1mdk.i586.rpm
     720d154d3f072f2755fa21af1b4d4481 9.2/RPMS/kernel-secure-2.4.22.30mdk-1-1mdk.i586.rpm
     65d699299165fdbb2a08005aa709eeeb 9.2/RPMS/kernel-smp-2.4.22.30mdk-1-1mdk.i586.rpm
     bc90947e4bd9e4b92be3ecbec178af9e 9.2/RPMS/kernel-source-2.4.22-30mdk.i586.rpm
     ab27a2bdab51b0a18c53b31179b55926 9.2/SRPMS/kernel-2.4.22.30mdk-1-1mdk.src.rpm

     Mandrakelinux 9.2/AMD64:
     f36f231165398748ce2e281634ebb64e amd64/9.2/RPMS/kernel-2.4.22.30mdk-1-1mdk.amd64.rpm
     55a11558b59499d6ccac8f1ace898328 amd64/9.2/RPMS/kernel-secure-2.4.22.30mdk-1-1mdk.amd64.rpm
     675885582dc6ce1c2fb107b34d770821 amd64/9.2/RPMS/kernel-smp-2.4.22.30mdk-1-1mdk.amd64.rpm
     12bb18d837d527fe3e05933589a50519 amd64/9.2/RPMS/kernel-source-2.4.22-30mdk.amd64.rpm
     ab27a2bdab51b0a18c53b31179b55926 amd64/9.2/SRPMS/kernel-2.4.22.30mdk-1-1mdk.src.rpm

     Multi Network Firewall 8.2:
     b4a07759720a0f6fdd85eabcf610766e mnf8.2/RPMS/kernel-secure-2.4.19.40mdk-1-1mdk.i586.rpm
     acaf69cb211e659a1f66bb515d344e6d mnf8.2/SRPMS/kernel-2.4.19.40mdk-1-1mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     A list of FTP mirrors can be obtained from:

      http://www.mandrakesecure.net/en/ftp.php

     All packages are signed by Mandrakesoft for security. You can obtain
     the GPG public key of the Mandrakelinux Security Team by executing:

      gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

     Please be aware that sometimes it takes the mirrors a few hours to
     update.

     You can view other update advisories for Mandrakelinux at:

      http://www.mandrakesecure.net/en/advisories/

     Mandrakesoft has several security-related mailing list services that
     anyone can subscribe to. Information on these lists can be obtained by
     visiting:

      http://www.mandrakesecure.net/en/mlist.php

     If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQFAjpximqjQ0CJFipgRAp6mAJ9xuXQjo7LlqCY09x1uvQQH/wwtEwCg3lEY
    LfvH0nPAZlm7oyOmc2mNzQc=
    =J9Nd
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Joshua J. Berry: "[ GLSA 200404-18 ] Multiple Vulnerabilities in ssmtp"