lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 22 May 2004 05:18:24 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:050
 Date:                   May 21st, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 Brad Spender discovered an exploitable bug in the cpufreq code in
 the Linux 2.6 kernel (CAN-2004-0228).
 
 As well, a permissions problem existed on some SCSI drivers; a fix
 from Olaf Kirch is provided that changes the mode from 0777 to 0600.
 
 This update also provides a 10.0/amd64 kernel with fixes for the
 previous MDKSA-2004:037 advisory as well as the above-noted fixes.
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandrakesoft.com/kernelupdate
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0228
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c27bdbed859af49a0e7400b2608394e9  10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.i586.rpm
 2aa96fed17d8a9a82e9603b9f1ca112b  10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.i586.rpm
 32df9053e07cac55d09a0bb962323e65  10.0/RPMS/kernel-enterprise-2.4.25.5mdk-1-1mdk.i586.rpm
 9e4406b3df09e62913928d13fc1638a6  10.0/RPMS/kernel-enterprise-2.6.3.13mdk-1-1mdk.i586.rpm
 fd4e9bedce11cd21bdcf0dc40301f2f1  10.0/RPMS/kernel-i686-up-4GB-2.4.25.5mdk-1-1mdk.i586.rpm
 48ca6d4b319ff4b93c3f49242d9dab91  10.0/RPMS/kernel-i686-up-4GB-2.6.3.13mdk-1-1mdk.i586.rpm
 7126bd36be90cda4292f16d43cd8df3f  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.5mdk-1-1mdk.i586.rpm
 1f4569fb3ee33a8ee392ec06833e85ae  10.0/RPMS/kernel-p3-smp-64GB-2.6.3.13mdk-1-1mdk.i586.rpm
 d396431c7e9ec430a3a67f1e844bac74  10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.i586.rpm
 41958f6522922947a8fee8d199454946  10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.i586.rpm
 44b3d21a879e488b36ec6522f2ba1f56  10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.i586.rpm
 462effd5b3b452749994887cba792109  10.0/RPMS/kernel-source-2.4.25-5mdk.i586.rpm
 3bbac2f69ac134f15211fdbfe48adca8  10.0/RPMS/kernel-source-2.6.3-13mdk.i586.rpm
 f5ec5f36685134e6cc13f8e140c811a2  10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.i586.rpm
 ca54ddc53be37e332531e9c7574b282f  10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
 dd67df2cffe071aef5fad4691d4fcf01  10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 30130b0a95df43ab8bbc78034abb982e  amd64/10.0/RPMS/kernel-2.4.25.5mdk-1-1mdk.amd64.rpm
 6de514e0a70381d91358dcccc17b2047  amd64/10.0/RPMS/kernel-2.6.3.13mdk-1-1mdk.amd64.rpm
 7d428529767fdb4f1e0586161c450252  amd64/10.0/RPMS/kernel-secure-2.6.3.13mdk-1-1mdk.amd64.rpm
 20ed7696fa02ac41de642f18b4be5367  amd64/10.0/RPMS/kernel-smp-2.4.25.5mdk-1-1mdk.amd64.rpm
 6820f8941edf150f0d31c7266a889604  amd64/10.0/RPMS/kernel-smp-2.6.3.13mdk-1-1mdk.amd64.rpm
 2733b3696b80c6b6f14a1e5cd6aa7636  amd64/10.0/RPMS/kernel-source-2.4.25-5mdk.amd64.rpm
 cf3cc155e7cf92790a7271d9bfc32337  amd64/10.0/RPMS/kernel-source-2.6.3-13mdk.amd64.rpm
 c35af18fa10fd0293940cc0264a9fb30  amd64/10.0/RPMS/kernel-source-stripped-2.6.3-13mdk.amd64.rpm
 ca54ddc53be37e332531e9c7574b282f  amd64/10.0/SRPMS/kernel-2.4.25.5mdk-1-1mdk.src.rpm
 dd67df2cffe071aef5fad4691d4fcf01  amd64/10.0/SRPMS/kernel-2.6.3.13mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2:
 83b384a70158a22b07d1675b348a756e  9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.i586.rpm
 d8dd19717e444638a4d86150a9b16f88  9.2/RPMS/kernel-enterprise-2.4.22.32mdk-1-1mdk.i586.rpm
 231b42c760bb976d56f34f17fe524ed6  9.2/RPMS/kernel-i686-up-4GB-2.4.22.32mdk-1-1mdk.i586.rpm
 2dd6754351b6d5a1a004e4ba94c6df4b  9.2/RPMS/kernel-p3-smp-64GB-2.4.22.32mdk-1-1mdk.i586.rpm
 839e5c6fc4c346c187f6c6e9e847d407  9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.i586.rpm
 96d80a6197d075e3380aa27f64ad17d4  9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.i586.rpm
 299b347b46e5eafb070cfa9e75519fa5  9.2/RPMS/kernel-source-2.4.22-32mdk.i586.rpm
 da504294cf4d64769b8cc3855c05e306  9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 2d16c561573580aba9a645b5db364fd0  amd64/9.2/RPMS/kernel-2.4.22.32mdk-1-1mdk.amd64.rpm
 3d578c646f2b708e65e210e6f829c7c9  amd64/9.2/RPMS/kernel-secure-2.4.22.32mdk-1-1mdk.amd64.rpm
 ae1baf4717dad49787ac9de697eb42b7  amd64/9.2/RPMS/kernel-smp-2.4.22.32mdk-1-1mdk.amd64.rpm
 1959cb64b5eafafc8afba80db2cd50ee  amd64/9.2/RPMS/kernel-source-2.4.22-32mdk.amd64.rpm
 da504294cf4d64769b8cc3855c05e306  amd64/9.2/SRPMS/kernel-2.4.22.32mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAruKfmqjQ0CJFipgRAjZcAJ9M7JN8l+t3tZhvO0N5WlXUP1fCKgCgxGnb
ZYzKnsLHpec+SYNFdmHxLMM=
=zVv0
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists