|
Mandrake update for Kernel
|
|
Secunia Advisory:
|
SA9319
|
|
|
Release Date:
|
2003-07-22
|
|
Last Update:
|
2003-07-28
|
|
Popularity:
|
6,273 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
Privilege escalation
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Mandrake Linux 9.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2003-0001
CVE-2003-0244
CVE-2003-0246
CVE-2003-0247
CVE-2003-0248
CVE-2003-0462
|
|
Description:
Mandrake has issued updated packages for the kernel. These fix multiple vulnerabilities, which are listed below.
1) Many ethernet NIC (Network Interface Card) device drivers pad frames with content from previous packets or kernel memory instead of using NULL-bytes. This may be exploited by malicious people to obtain potentially sensitive information by sending specially crafted packets to a vulnerable system.
2) An error in the way that the Linux Kernel handles caching of routing information can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system.
3) An error in the "ioperm" system call can allow unprivileged, local users to gain read and write access to I/O ports in the I/O address range 0x000-0x3FF (0-1023) on a system, which includes access to serial ports, parallel port, diskette drive controller, graphics controller, and keyboard.
4) An unspecified error in the TTY layer allows malicious people to cause a DoS.
5) An error in the "mxcsr" code allows manipulation of CPU state registers.
For more information:
http://secunia.com/advisories/8786/
http://secunia.com/advisories/8823/
http://secunia.com/advisories/8936/
http://secunia.com/advisories/9154/
http://secunia.com/advisories/9316/
Solution:
Updated packages:
Mandrake Linux 9.1:
419058c00d6cbc637c3a8fc8856438ef 9.1/RPMS/kernel-2.4.21.0.25mdk-1-1mdk.i586.rpm
9a4382eef9022e9d650171e9b99e40e8 9.1/RPMS/kernel-BOOT-2.4.21.0.25mdk-1-1mdk.i586.rpm
8fb033ae79f8d62ef7db8116dbd8a258 9.1/RPMS/kernel-doc-2.4.21-0.25mdk.i586.rpm
7c4446a519dc48c70a13e8765c19c35f 9.1/RPMS/kernel-enterprise-2.4.21.0.25mdk-1-1mdk.i586.rpm
7b1824f5cc6e22f7a2ff8d21be497e57 9.1/RPMS/kernel-secure-2.4.21.0.25mdk-1-1mdk.i586.rpm
1a1b38775940278848e30ad740552748 9.1/RPMS/kernel-smp-2.4.21.0.25mdk-1-1mdk.i586.rpm
680b79e2591161ba6829fd3656f16abb 9.1/RPMS/kernel-source-2.4.21-0.25mdk.i586.rpm
ecb903bcd0dd169eeb53f534638b7cd7 9.1/SRPMS/kernel-2.4.21.0.25mdk-1-1mdk.src.rpm
Mandrake Linux 9.1/PPC:
558d5d6784f15775a5c9b8da0855fdeb ppc/9.1/RPMS/kernel-2.4.21.0.25mdk-1-1mdk.ppc.rpm
b402ff80467c57470eff93b59e929045 ppc/9.1/RPMS/kernel-doc-2.4.21-0.25mdk.ppc.rpm
bbf10a690a4ad709b20aed72efd59319 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.25mdk-1-1mdk.ppc.rpm
8f55bcf38b775c0ddfb3d6c2e9f8bcae ppc/9.1/RPMS/kernel-smp-2.4.21.0.25mdk-1-1mdk.ppc.rpm
770db5f9460490b2ad47ea2863be1c38 ppc/9.1/RPMS/kernel-source-2.4.21-0.25mdk.ppc.rpm
ecb903bcd0dd169eeb53f534638b7cd7 ppc/9.1/SRPMS/kernel-2.4.21.0.25mdk-1-1mdk.src.rpm
Changelog:
2003-07-28 Updated packages due to errors in the earlier packages. If you have installed the previous packages you ought to upgrade to the new versions.
Original Advisory:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:066-2
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
