[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 494/05 - Four Mandriva Linux Security Update Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 494/05 dated 01.07.05  Time: 12:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Mandriva Linux Security Update Advisories:
1. MDKSA-2005:108 - squirrelmail
2. MDKSA-2005:109 - php-pear          
3. MDSKA-2005:110 - kernel
4. MDKSA-2005:111 - kernel-2.4
           

Detail
====== 

1. The SquirrelMail PHP package is vulnerable to a number of cross-site
 scripting problems, most of which were reported by Martijn Brinkers.
 If an attacker could get a user to read a specially-crafted email or
 using a manipulated URL, they could execute arbitrary scripts running
 in the context of the victim's browser, which could lead to cookie
 theft, compromise of the user's webmail, etc.

2.  A vulnerability was discovered by GulfTech Security in the PHP XML RPC
 project.  This vulnerability is considered critical and can lead to
 remote code execution.  The vulnerability also exists in the PEAR
 XMLRPC implementation.

3. Multiple vulnerabilities in the Linux kernel have been discovered and
 fixed in this update.

4. Multiple vulnerabilities in the Linux kernel have been discovered and
 fixed in this update.



1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           squirrelmail
 Advisory ID:            MDKSA-2005:108
 Date:                   June 30th, 2005

 Affected versions:	 Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 The SquirrelMail PHP package is vulnerable to a number of cross-site
 scripting problems, most of which were reported by Martijn Brinkers.
 If an attacker could get a user to read a specially-crafted email or
 using a manipulated URL, they could execute arbitrary scripts running
 in the context of the victim's browser, which could lead to cookie
 theft, compromise of the user's webmail, etc.
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
 ______________________________________________________________________

 Updated Packages:
  
 Corporate 3.0:
 183b7a7c227551f918d7492460bb6b3e  corporate/3.0/RPMS/squirrelmail-1.4.2-11.1.C30mdk.noarch.rpm
 d518ad049ece85134416192604c02d2e  corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.1.C30mdk.noarch.rpm
 88b3c9159a1b186057f3b858a3533e26  corporate/3.0/SRPMS/squirrelmail-1.4.2-11.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8fdd9a1cc0ae5ccbbff200a1a3120fdd  x86_64/corporate/3.0/RPMS/squirrelmail-1.4.2-11.1.C30mdk.noarch.rpm
 0453dd30fcc737a436dac03191ab44be  x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.1.C30mdk.noarch.rpm
 88b3c9159a1b186057f3b858a3533e26  x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.2-11.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCxHQxmqjQ0CJFipgRAgBcAKCcItxJHPqu88UjfQhjuysCCWxSRACgq20q
RzR0DegfjibBLJ3LYkKAgDc=
=XXrm
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           php-pear
 Advisory ID:            MDKSA-2005:109
 Date:                   June 30th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered by GulfTech Security in the PHP XML RPC
 project.  This vulnerability is considered critical and can lead to
 remote code execution.  The vulnerability also exists in the PEAR
 XMLRPC implementation.
 
 Mandriva ships with the PEAR XMLRPC implementation and it has been
 patched to correct this problem.  It is advised that users examine the
 PHP applications they have installed on their servers for any
 applications that may come bundled with their own copies of the PEAR
 system and either patch RPC.php or use the system PEAR (found in
 /usr/share/pear).
 
 Updates have been released for some popular PHP applications such
 as WordPress and Serendipity and users are urged to take all
 precautions to protect their systems from attack and/or defacement by
 upgrading their applications from the authors of the respective
 applications.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
  http://www.hardened-php.net/advisory-022005.php
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 38955856a2689f10db9f9f5ca734392c  10.0/RPMS/php-pear-4.3.4-3.1.100mdk.noarch.rpm
 18695b853e1aba539da2c68a6d574a4b  10.0/SRPMS/php-pear-4.3.4-3.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9de5b21dc478563f5277f9157b98c49f  amd64/10.0/RPMS/php-pear-4.3.4-3.1.100mdk.noarch.rpm
 18695b853e1aba539da2c68a6d574a4b  amd64/10.0/SRPMS/php-pear-4.3.4-3.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 d48b2e73f6f1ec0366498014a484f328  10.1/RPMS/php-pear-4.3.8-1.1.101mdk.noarch.rpm
 20c91279fa70d68d9e51587980cd262d  10.1/SRPMS/php-pear-4.3.8-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 dba6b07d89653e4596220cf93a3fed73  x86_64/10.1/RPMS/php-pear-4.3.8-1.1.101mdk.noarch.rpm
 20c91279fa70d68d9e51587980cd262d  x86_64/10.1/SRPMS/php-pear-4.3.8-1.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4734a42ea347a8f3ad42f2ebbde56f22  10.2/RPMS/php-pear-4.3.10-3.1.102mdk.noarch.rpm
 b564c4dce014d6c3968ef0544effe318  10.2/SRPMS/php-pear-4.3.10-3.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 c3349adf16855ee536cbd01077f087e5  x86_64/10.2/RPMS/php-pear-4.3.10-3.1.102mdk.noarch.rpm
 b564c4dce014d6c3968ef0544effe318  x86_64/10.2/SRPMS/php-pear-4.3.10-3.1.102mdk.src.rpm

 Corporate 3.0:
 ac0ffe7efc09f7718461fa81a9ac5864  corporate/3.0/RPMS/php-pear-4.3.4-3.1.C30mdk.noarch.rpm
 1cf934b41b88c63614f4e4d623da479b  corporate/3.0/SRPMS/php-pear-4.3.4-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3b4eea612865d6aeb242299c390f2fe9  x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.1.C30mdk.noarch.rpm
 1cf934b41b88c63614f4e4d623da479b  x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCxHT6mqjQ0CJFipgRAjMWAJ9R5EepEYCn6OkjFULzvN4WTNRBIQCfTYsk
/TAtWwT1PeHQGuH/upbw51g=
=y8Ju
- -----END PGP SIGNATURE-----



3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2005:110
 Date:                   June 30th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities in the Linux kernel have been discovered and
 fixed in this update.  The following CVE names have been fixed in the
 LE2005 kernel:
 
 Colin Percival discovered a vulnerability in Intel's Hyper-Threading
 technology could allow a local user to use a malicious thread to create
 covert channels, monitor the execution of other threads, and obtain
 sensitive information such as cryptographic keys via a timing attack on
 memory cache misses.  This has been corrected by disabling HT support
 in all kernels (CAN-2005-0109).
 
 An information leak in the ext2 filesystem code in kernels prior to
 2.6.11.6 was found where when a new directory is created, the ext2
 block written to disk is not initialized (CAN-2005-0400).
 
 A flaw when freeing a pointer in load_elf_library was found in kernels
 prior to 2.6.11.6 that could be abused by a local user to potentially
 crash the machine causing a Denial of Service (CAN-2005-0749).
 
 A problem with the Bluetooth kernel stack in kernels 2.4.6 through
 2.4.30-rc1 and 2.6 through 2.6.11.5  could be used by a local attacker
 to gain root access or crash the machine (CAN-2005-0750).
 
 Paul Starzetz found an integer overflow in the ELF binary format
 loader's code dump function in kernels prior to and including 2.4.31-pre1
 and 2.6.12-rc4.  By creating and executing a specially
 crafted ELF executable, a local attacker could exploit this to
 execute arbitrary code with root and kernel privileges
 (CAN-2005-1263).
 
 The drivers for raw devices used the wrong function to pass arguments
 to the underlying block device in 2.6.x kernels.  This made the kernel
 address space accessible to user-space applictions allowing any local
 user with at least read access to a device in /dev/raw/* (usually only
 root) to execute arbitrary code with kernel privileges (CAN-2005-1264).
 
 The it87 and via686a hardware monitor drivers in kernels prior to
 2.6.11.8 and 2.6.12 prior to 2.6.12-rc2 created a sysfs file named
 'alarms' with write permissions although they are not designed to be
 writable.  This allowed a local user to crash the kernel by attempting
 to write to these files (CAN-2005-1369).
 
 In addition to the above-noted CAN-2005-0109, CAN-2005-0400,
 CAN-2005-0749, CAN-2005-0750, and CAN-2005-1369 fixes, the following
 CVE names have been fixed in the 10.1 kernel:
 
 The POSIX Capability Linux Security Module (LSM) for 2.6 kernels up to
 and including 2.6.8.1 did not properly handle the credentials of a
 process that is launched before the module is loaded, which could be
 used by local attackers to gain elevated privileges (CAN-2004-1337).
 
 A flaw in the Linux PPP driver in kernel 2.6.8.1 was found where on
 systems allowing remote users to connect to a server via PPP, a remote
 client could cause a crash, resulting in a Denial of Service
 (CAN-2005-0384).
 
 George Guninski discovered a buffer overflow in the ATM driver in
 kernels 2.6.10 and 2.6.11 before 2.6.11-rc4 where the atm_get_addr()
 function does not validate its arguments sufficiently which could allow
 a local attacker to overwrite large portions of kernel memory by
 supplying a negative length argument. This could potentially lead to
 the execution of arbitrary code (CAN-2005-0531).
 
 The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c
 before kernel 2.6.11, when running on 64-bit architectures, could allow
 local users to trigger a buffer overflow as a result of casting
 discrepancies between size_t and int data types.  This could allow an
 attacker to overwrite kernel memory, crash the machine, or potentially
 obtain root access (CAN-2005-0532).
 
 A race condition in the Radeon DRI driver in kernel 2.6.8.1 allows a
 local user with DRI privileges to execute arbitrary code as root
 (CAN-2005-0767).
 
 Access was not restricted to the N_MOUSE discipline for a TTY in
 kernels prior to 2.6.11.  This could allow local attackers to obtain
 elevated privileges by injecting mouse or keyboard events into other
 user's sessions (CAN-2005-0839).
 
 Some futex functions in futex.c in 2.6 kernels performed get_user calls
 while holding the mmap_sem semaphore, which could allow a local
 attacker to cause a deadlock condition in do_page_fault by triggering
 get_user faults while another thread is executing mmap or other
 functions (CAN-2005-0937).
 
 In addition to the above-noted CAN-2004-1337, CAN-2005-0109,
 CAN-2005-0384, CAN-2005-0400, CAN-2005-0531, CAN-2005-0532,
 CAN-2005-0749, CAN-2005-0750, CAN-2005-0767, CAN-2005-0839,
 CAN-2005-0937, CAN-2005-1263, CAN-2005-1264, and CAN-2005-1369 
 fixes, the following CVE names have been fixed in the 10.0/
 Corporate 3.0 kernels:
 
 A race condition in the setsid function in kernels before 2.6.8.1 could
 allow a local attacker to cause a Denial of Service and possibly access
 portions of kernel memory related to TTY changes, locking, and
 semaphores (CAN-2005-0178).
  
 When forwarding fragmented packets in kernel 2.6.8.1, a hardware
 assisted checksum could only be used once which could lead to a Denial
 of Service attack or crash by remote users (CAN-2005-0209).
 
 A signedness error in the copy_from_read_buf function in n_tty.c
 before kernel 2.6.11 allows local users to read kernel memory via a
 negative argument (CAN-2005-0530).
 
 A vulnerability in the fib_seq_start() function allowed a local user
 to crash the system by readiung /proc/net/route in a certain way,
 causing a Denial of Service (CAN-2005-1041).
 
 A vulnerability in the Direct Rendering Manager (DRM) driver in the
 2.6 kernel does not properly check the DMA lock, which could allow
 remote attackers or local users to cause a Denial of Service (X Server
 crash) and possibly modify the video output (CAN-2004-1056).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1337
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0178
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0209
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0530
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0531
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0532
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0767
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0839
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0937
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1041
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1264
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1369
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 fde15b50eb6b25c01363906ac9311a99  10.0/RPMS/kernel-2.6.3.27mdk-1-1mdk.i586.rpm
 4bac2ba6182cfc7a0b096643e5cf4864  10.0/RPMS/kernel-enterprise-2.6.3.27mdk-1-1mdk.i586.rpm
 11f460372ed0f9bcbdf4d1d2ef172021  10.0/RPMS/kernel-i686-up-4GB-2.6.3.27mdk-1-1mdk.i586.rpm
 c5c7869f7ba96fa2d323678aa64bbbff  10.0/RPMS/kernel-p3-smp-64GB-2.6.3.27mdk-1-1mdk.i586.rpm
 c191f0627aaf8c4ec4882114241bd990  10.0/RPMS/kernel-secure-2.6.3.27mdk-1-1mdk.i586.rpm
 e545c57e7ecd4cf7391c002f810488d2  10.0/RPMS/kernel-smp-2.6.3.27mdk-1-1mdk.i586.rpm
 a6ab3a8dfb0da9376a2ef75953ee4eca  10.0/RPMS/kernel-source-2.6.3-27mdk.i586.rpm
 81549411e82297db4fadf45db8d91147  10.0/RPMS/kernel-source-stripped-2.6.3-27mdk.i586.rpm
 0161e0b7c6783f7484e2b13e80565a9a  10.0/SRPMS/kernel-2.6.3.27mdk-1-1mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e776c1c98e4030da8c836e4291257dda  amd64/10.0/RPMS/kernel-2.6.3.27mdk-1-1mdk.amd64.rpm
 bf5c1a5412f35167ef3ac32257a80d5b  amd64/10.0/RPMS/kernel-secure-2.6.3.27mdk-1-1mdk.amd64.rpm
 fd97913601dca600a22c4c6afcd92999  amd64/10.0/RPMS/kernel-smp-2.6.3.27mdk-1-1mdk.amd64.rpm
 0c95a5bf2565e80cdbb236c730d563c7  amd64/10.0/RPMS/kernel-source-2.6.3-27mdk.amd64.rpm
 a2feebf592ad2041cfa7ec7e2758206c  amd64/10.0/RPMS/kernel-source-stripped-2.6.3-27mdk.amd64.rpm
 0161e0b7c6783f7484e2b13e80565a9a  amd64/10.0/SRPMS/kernel-2.6.3.27mdk-1-1mdk.src.rpm

 Mandrakelinux 10.1:
 f9bc117f5575bb120fdae314f65ad1f9  10.1/RPMS/kernel-2.6.8.1.25mdk-1-1mdk.i586.rpm
 b321c503f18429f4b3883c16230e158f  10.1/RPMS/kernel-enterprise-2.6.8.1.25mdk-1-1mdk.i586.rpm
 08d2a5d4447588818f78f8ad4e9db138  10.1/RPMS/kernel-i586-up-1GB-2.6.8.1.25mdk-1-1mdk.i586.rpm
 7f677908eb0fb03ff5db2a3eefc381d9  10.1/RPMS/kernel-i686-up-64GB-2.6.8.1.25mdk-1-1mdk.i586.rpm
 7a1319d8c53d56582f0434f0f7898d2d  10.1/RPMS/kernel-secure-2.6.8.1.25mdk-1-1mdk.i586.rpm
 352a4af3300e60399f78bca4e77945d0  10.1/RPMS/kernel-smp-2.6.8.1.25mdk-1-1mdk.i586.rpm
 224358bcd6d086bf7fafa727a9322902  10.1/RPMS/kernel-source-2.6-2.6.8.1-25mdk.i586.rpm
 725a2ff7ee8dee45cdf1d296c4af899c  10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-25mdk.i586.rpm
 2b3bd96a8746eed953c950e13d257d5d  10.1/SRPMS/kernel-2.6.8.1.25mdk-1-1mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 deba2195393307cfbc3eda4da5ba9b55  x86_64/10.1/RPMS/kernel-2.6.8.1.25mdk-1-1mdk.x86_64.rpm
 2dd4ba5eb8f59af931ea08e13895953c  x86_64/10.1/RPMS/kernel-secure-2.6.8.1.25mdk-1-1mdk.x86_64.rpm
 29b46c7761117fa78b6ac84b78c2c95f  x86_64/10.1/RPMS/kernel-smp-2.6.8.1.25mdk-1-1mdk.x86_64.rpm
 a5894bf0dedc2b92507c0a3aaf72b070  x86_64/10.1/RPMS/kernel-source-2.6-2.6.8.1-25mdk.x86_64.rpm
 d9fc9585545fe50959ae48075bdb8611  x86_64/10.1/RPMS/kernel-source-stripped-2.6-2.6.8.1-25mdk.x86_64.rpm
 2b3bd96a8746eed953c950e13d257d5d  x86_64/10.1/SRPMS/kernel-2.6.8.1.25mdk-1-1mdk.src.rpm

 Mandrakelinux 10.2:
 f8da585477aff19802764a73a832cb1c  10.2/RPMS/kernel-2.6.11.12mdk-1-1mdk.i586.rpm
 07b27b601ebe941fbfa0f9ce61e4fc1f  10.2/RPMS/kernel-i586-up-1GB-2.6.11.12mdk-1-1mdk.i586.rpm
 bc40a826454080bb9444f6572508d4d6  10.2/RPMS/kernel-i686-up-4GB-2.6.11.12mdk-1-1mdk.i586.rpm
 1a7393ef7ad8a776d33577d06b666944  10.2/RPMS/kernel-smp-2.6.11.12mdk-1-1mdk.i586.rpm
 81615112f862f81a0479715c590e7e06  10.2/RPMS/kernel-source-2.6-2.6.11-12mdk.i586.rpm
 28fe68ece81b564741b1a679b23afe8c  10.2/RPMS/kernel-source-stripped-2.6-2.6.11-12mdk.i586.rpm
 94c55fab597d0c982d092efe204f20bb  10.2/RPMS/kernel-xbox-2.6.11.12mdk-1-1mdk.i586.rpm
 eccc248c8d65d091a93ac01cec3f1110  10.2/SRPMS/kernel-2.6.11.12mdk-1-1mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 6aa43ead23e6297fd1ca024a91b00129  x86_64/10.2/RPMS/kernel-2.6.11.12mdk-1-1mdk.x86_64.rpm
 6a04e09e487c04ac9a60506fc5e37773  x86_64/10.2/RPMS/kernel-smp-2.6.11.12mdk-1-1mdk.x86_64.rpm
 a3c12e575259175a5433c4aa6b282b9e  x86_64/10.2/RPMS/kernel-source-2.6-2.6.11-12mdk.x86_64.rpm
 e4a470f6f4ebba211dd9dca0eb5ac246  x86_64/10.2/RPMS/kernel-source-stripped-2.6-2.6.11-12mdk.x86_64.rpm
 eccc248c8d65d091a93ac01cec3f1110  x86_64/10.2/SRPMS/kernel-2.6.11.12mdk-1-1mdk.src.rpm

 Corporate 3.0:
 fde15b50eb6b25c01363906ac9311a99  corporate/3.0/RPMS/kernel-2.6.3.27mdk-1-1mdk.i586.rpm
 4bac2ba6182cfc7a0b096643e5cf4864  corporate/3.0/RPMS/kernel-enterprise-2.6.3.27mdk-1-1mdk.i586.rpm
 11f460372ed0f9bcbdf4d1d2ef172021  corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.27mdk-1-1mdk.i586.rpm
 c5c7869f7ba96fa2d323678aa64bbbff  corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.27mdk-1-1mdk.i586.rpm
 c191f0627aaf8c4ec4882114241bd990  corporate/3.0/RPMS/kernel-secure-2.6.3.27mdk-1-1mdk.i586.rpm
 e545c57e7ecd4cf7391c002f810488d2  corporate/3.0/RPMS/kernel-smp-2.6.3.27mdk-1-1mdk.i586.rpm
 a6ab3a8dfb0da9376a2ef75953ee4eca  corporate/3.0/RPMS/kernel-source-2.6.3-27mdk.i586.rpm
 81549411e82297db4fadf45db8d91147  corporate/3.0/RPMS/kernel-source-stripped-2.6.3-27mdk.i586.rpm
 0161e0b7c6783f7484e2b13e80565a9a  corporate/3.0/SRPMS/kernel-2.6.3.27mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 96fdece51d557ea9dc86b77d80ef6537  x86_64/corporate/3.0/RPMS/kernel-2.6.3.27mdk-1-1mdk.x86_64.rpm
 e89fd0dcef1c123fb5730179e9930529  x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.27mdk-1-1mdk.x86_64.rpm
 3bac8cfb55ed2843d192e556dbafd62c  x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.27mdk-1-1mdk.x86_64.rpm
 a77c835b23e270bb23944630e4677b1b  x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-27mdk.x86_64.rpm
 93ba3be628ae43ab9a2f2b2656c06f7f  x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-27mdk.x86_64.rpm
 0161e0b7c6783f7484e2b13e80565a9a  x86_64/corporate/3.0/SRPMS/kernel-2.6.3.27mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCxHZImqjQ0CJFipgRAkMEAKCX1kdUX10vBecjPh17Rx4ZIvMpzgCg2fua
tz7OksiI2Fwd9Kqwct50axU=
=55r8
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel-2.4
 Advisory ID:            MDKSA-2005:111
 Date:                   June 30th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities in the Linux kernel have been discovered and
 fixed in this update.  The following have been fixed in the 2.4
 kernels:
 
 Colin Percival discovered a vulnerability in Intel's Hyper-Threading
 technology could allow a local user to use a malicious thread to create
 covert channels, monitor the execution of other threads, and obtain
 sensitive information such as cryptographic keys via a timing attack on
 memory cache misses.  This has been corrected by disabling HT support
 in all kernels (CAN-2005-0109).
 
 When forwarding fragmented packets, a hardware assisted checksum could
 only be used once which could lead to a Denial of Service attack or
 crash by remote users (CAN-2005-0209).
 
 A flaw in the Linux PPP driver was found where on systems allowing
 remote users to connect to a server via PPP, a remote client could
 cause a crash, resulting in a Denial of Service (CAN-2005-0384).
 
 An information leak in the ext2 filesystem code was found where when a
 new directory is created, the ext2 block written to disk is not
 initialized (CAN-2005-0400).
 
 A signedness error in the copy_from_read_buf function in n_tty.c
 allows local users to read kernel memory via a negative argument
 (CAN-2005-0530).
 
 George Guninski discovered a buffer overflow in the ATM driver
 where the atm_get_addr() function does not validate its arguments
 sufficiently which could allow a local attacker to overwrite large
 portions of kernel memory by supplying a negative length argument. This
 could potentially lead to the execution of arbitrary code
 (CAN-2005-0531).
 
 A flaw when freeing a pointer in load_elf_library was found that could
 be abused by a local user to potentially crash the machine causing a
 Denial of Service (CAN-2005-0749).
 
 A problem with the Bluetooth kernel stack in kernels 2.4.6 through
 2.4.30-rc1 and 2.6 through 2.6.11.5  could be used by a local attacker
 to gain root access or crash the machine (CAN-2005-0750).
 
 A race condition in the Radeon DRI driver allows a local user with DRI
 privileges to execute arbitrary code as root (CAN-2005-0767).
 
 Paul Starzetz found an integer overflow in the ELF binary format
 loader's code dump function in kernels prior to and including 2.4.31-pre1
 and 2.6.12-rc4.  By creating and executing a specially
 crafted ELF executable, a local attacker could exploit this to
 execute arbitrary code with root and kernel privileges
 (CAN-2005-1263).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0209
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0530
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0531
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0767
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6e064c284eee32e9b8aa444d5c8b1f51  10.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.i586.rpm
 34b6b9caac88e1ff34788bc9a99eb023  10.0/RPMS/kernel-enterprise-2.4.25.14mdk-1-1mdk.i586.rpm
 6464002754031a7fcd663d6df76c0871  10.0/RPMS/kernel-i686-up-4GB-2.4.25.14mdk-1-1mdk.i586.rpm
 5d9c42cd422d34521514becb2b99f5ee  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.14mdk-1-1mdk.i586.rpm
 da21d692d1c1b4ac76930491cb977355  10.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.i586.rpm
 e1680f042ca01793cd3526ca890a6359  10.0/RPMS/kernel-source-2.4.25-14mdk.i586.rpm
 49ca54a42f3df341c89deea3cc60752b  10.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 b25d2470f809eb14d8ba4c27ffc720b0  amd64/10.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.amd64.rpm
 6073c44537913b11d9ce81a506d4f698  amd64/10.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.amd64.rpm
 a2fe6dfa98e85ca097aea0c3cd01cac4  amd64/10.0/RPMS/kernel-source-2.4.25-14mdk.amd64.rpm
 49ca54a42f3df341c89deea3cc60752b  amd64/10.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

 Mandrakelinux 10.1:
 2bb1a55a701e1f9bf8d9c004873fbec3  10.1/RPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
 e7dc646e68cde7f58de3379ab581c436  10.1/RPMS/kernel-enterprise-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
 aa252943a193bb218ff6c7b80d40d575  10.1/RPMS/kernel-i586-up-1GB-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
 f953475453e85586b8878024496708d6  10.1/RPMS/kernel-smp-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
 9472f72434bcd3152c440d886b8b8d0a  10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.6mdk.i586.rpm
 da09cdd87f8658578a134b35afc3634e  10.1/SRPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 45b22f87c2aca0cd3cb660aee55b309c  x86_64/10.1/RPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.x86_64.rpm
 de98bf86d25660a7d1209391718941cd  x86_64/10.1/RPMS/kernel-smp-2.4.28.0.rc1.6mdk-1-1mdk.x86_64.rpm
 8037b0d02ff5958009c1ce06fc80ecb7  x86_64/10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.6mdk.x86_64.rpm
 da09cdd87f8658578a134b35afc3634e  x86_64/10.1/SRPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.src.rpm

 Corporate Server 2.1:
 3d62f084903092436aa7074a57b8f50a  corporate/2.1/RPMS/kernel-2.4.19.49mdk-1-1mdk.i586.rpm
 057c35e5704d2cb40db72d6731798c45  corporate/2.1/RPMS/kernel-enterprise-2.4.19.49mdk-1-1mdk.i586.rpm
 5c8e475f0f0d3dd14f79e2a3d875596d  corporate/2.1/RPMS/kernel-secure-2.4.19.49mdk-1-1mdk.i586.rpm
 0bdd8e582fa2c8996853c583581c5a1c  corporate/2.1/RPMS/kernel-smp-2.4.19.49mdk-1-1mdk.i586.rpm
 cc34893f190d9a2b914b2b133687d483  corporate/2.1/RPMS/kernel-source-2.4.19-49mdk.i586.rpm
 9b8252d59a1f75bf80d134ff394e631f  corporate/2.1/SRPMS/kernel-2.4.19.49mdk-1-1mdk.src.rpm

 Corporate Server 2.1/X86_64:
 2bf8630a1b3439a62cd226675afac5fa  x86_64/corporate/2.1/RPMS/kernel-2.4.19.49mdk-1-1mdk.x86_64.rpm
 81f5f76607480270437d4e176cbc052c  x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.49mdk-1-1mdk.x86_64.rpm
 68e934d793f23b77f0072e1d9dfffff8  x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.49mdk-1-1mdk.x86_64.rpm
 76e6aed1997bd297034978fd177e9c6c  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-49mdk.x86_64.rpm
 9b8252d59a1f75bf80d134ff394e631f  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.49mdk-1-1mdk.src.rpm

 Corporate 3.0:
 6e064c284eee32e9b8aa444d5c8b1f51  corporate/3.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.i586.rpm
 34b6b9caac88e1ff34788bc9a99eb023  corporate/3.0/RPMS/kernel-enterprise-2.4.25.14mdk-1-1mdk.i586.rpm
 6464002754031a7fcd663d6df76c0871  corporate/3.0/RPMS/kernel-i686-up-4GB-2.4.25.14mdk-1-1mdk.i586.rpm
 5d9c42cd422d34521514becb2b99f5ee  corporate/3.0/RPMS/kernel-p3-smp-64GB-2.4.25.14mdk-1-1mdk.i586.rpm
 da21d692d1c1b4ac76930491cb977355  corporate/3.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.i586.rpm
 e1680f042ca01793cd3526ca890a6359  corporate/3.0/RPMS/kernel-source-2.4.25-14mdk.i586.rpm
 49ca54a42f3df341c89deea3cc60752b  corporate/3.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 9f9a2331e209bc05e1f673f6ba4496c3  x86_64/corporate/3.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.x86_64.rpm
 cba23e8d414c01245b7bfd9d40fb976d  x86_64/corporate/3.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.x86_64.rpm
 e1891c175b7544470017aa7979ae2fb9  x86_64/corporate/3.0/RPMS/kernel-source-2.4.25-14mdk.x86_64.rpm
 49ca54a42f3df341c89deea3cc60752b  x86_64/corporate/3.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 5c8e475f0f0d3dd14f79e2a3d875596d  mnf8.2/RPMS/kernel-secure-2.4.19.49mdk-1-1mdk.i586.rpm
 9b8252d59a1f75bf80d134ff394e631f  mnf8.2/SRPMS/kernel-2.4.19.49mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCxHb/mqjQ0CJFipgRAtCMAJ0YYnhche8bj85e7fdZHvczd07NoQCghvSF
XSqzrCXV9rrdDBhhrlDVb5M=
=Oehe
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQsUkl4pao72zK539AQHeTgP/RJTUJMoTquXjCKqRg/t7MaUgNu6Ip8r+
Z12ht7NF0dMLuGf36MKSkiTcguiOPTuDb2WF2ClEvJqdcF7DluNfLXQl6+yFnRMf
Tx31GfkGIaT0gECqh4PnTJ+WH9j1W2asPXiwspQyQx8gzeTwCqlbgmJ5rtHNGIV5
7IjrsH2uAYI=
=CIsX
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________