lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1G2uds-0002ig-C6@mercury.mandriva.com>
Date: Tue, 18 Jul 2006 12:50:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:124
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : July 18, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A race condition in the Linux kernel 2.6.17.4 and earlier allows local
 users to obtain root privileges due to a race condition in the /proc
 filesystem.
 
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels immediately
 and reboot to effect the fixes.
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3626
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 e3f50de9b2576f6c7849efee5fa7ccc4  2006.0/RPMS/kernel-2.6.12.24mdk-1-1mdk.i586.rpm
 ac091b0d6eafcf2f2cbcb981bc7f1567  2006.0/RPMS/kernel-BOOT-2.6.12.24mdk-1-1mdk.i586.rpm
 241c8edfd46c8a1af69c97346738715f  2006.0/RPMS/kernel-i586-up-1GB-2.6.12.24mdk-1-1mdk.i586.rpm
 2652cbf99438921d4dd473284173d83a  2006.0/RPMS/kernel-i686-up-4GB-2.6.12.24mdk-1-1mdk.i586.rpm
 96eed9404633064ac54247bfaf79e6b0  2006.0/RPMS/kernel-smp-2.6.12.24mdk-1-1mdk.i586.rpm
 2ebc8c0f8080712c943aadbe34c955a7  2006.0/RPMS/kernel-source-2.6.12.24mdk-1-1mdk.i586.rpm
 f4380595eb6fa81429f56706cdd32c55  2006.0/RPMS/kernel-source-stripped-2.6.12.24mdk-1-1mdk.i586.rpm
 2477f821e4f1351013c3b8f941a8c18d  2006.0/RPMS/kernel-xbox-2.6.12.24mdk-1-1mdk.i586.rpm
 79605a820271776ad7c01ba93e5707dd  2006.0/RPMS/kernel-xen0-2.6.12.24mdk-1-1mdk.i586.rpm
 2af343ed6022e305de43b6c6d6771e97  2006.0/RPMS/kernel-xenU-2.6.12.24mdk-1-1mdk.i586.rpm
 e4a10a2ed21c36c4c36a4555b6a79433  2006.0/SRPMS/kernel-2.6.12.24mdk-1-1mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 87c2a427fc462c4b274f1d31d8030ca3  x86_64/2006.0/RPMS/kernel-2.6.12.24mdk-1-1mdk.x86_64.rpm
 1d3f71f5bff6761b76e659089f1dd04f  x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.24mdk-1-1mdk.x86_64.rpm
 56075fe597ff1b28fe73c76463cb057e  x86_64/2006.0/RPMS/kernel-smp-2.6.12.24mdk-1-1mdk.x86_64.rpm
 194ab270414b5e83d57205f423ae10a8  x86_64/2006.0/RPMS/kernel-source-2.6.12.24mdk-1-1mdk.x86_64.rpm
 087efaca0ebc4274884f7811b168358d  x86_64/2006.0/RPMS/kernel-source-stripped-2.6.12.24mdk-1-1mdk.x86_64.rpm
 e4a10a2ed21c36c4c36a4555b6a79433  x86_64/2006.0/SRPMS/kernel-2.6.12.24mdk-1-1mdk.src.rpm

 Corporate 3.0:
 11825513fe1c738bf6ec48eed5c62807  corporate/3.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.i586.rpm
 169b6d012e5d003ee55c730335968257  corporate/3.0/RPMS/kernel-BOOT-2.6.3.33mdk-1-1mdk.i586.rpm
 9958b7e383199559c7d10ce9a2b908a1  corporate/3.0/RPMS/kernel-enterprise-2.6.3.33mdk-1-1mdk.i586.rpm
 4bfc5af3a33bbd068d5ec7530ebc986f  corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.33mdk-1-1mdk.i586.rpm
 3d3aba1eafca57c61b2e13003aa13120  corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.33mdk-1-1mdk.i586.rpm
 2a6f8c6c36eb3d9c94b24c0e12deb8ac  corporate/3.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.i586.rpm
 f7cd743bde04b4604f20178e84085829  corporate/3.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.i586.rpm
 8b0522f993b6aa19c90d45898b1359fa  corporate/3.0/RPMS/kernel-source-2.6.3-33mdk.i586.rpm
 a608bd9be549327e59f8d61d83516d26  corporate/3.0/RPMS/kernel-source-stripped-2.6.3-33mdk.i586.rpm
 cfe5332861963310091c7fca6c81881e  corporate/3.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 5602ec8c0a742c57e7b5c426e08972eb  x86_64/corporate/3.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.x86_64.rpm
 6fda1cf0adebaa87c362e583a449ea97  x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.33mdk-1-1mdk.x86_64.rpm
 690f4bc5987e923f110b0224b7d18c6f  x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.x86_64.rpm
 ad947e405b1ec2d169f6d8e6f0be949a  x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.x86_64.rpm
 deaf89ce9c2a2ab6ca66fcc9563eb5bc  x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-33mdk.x86_64.rpm
 7a13854690a641b7257231d574895de2  x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-33mdk.x86_64.rpm
 cfe5332861963310091c7fca6c81881e  x86_64/corporate/3.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm

 Multi Network Firewall 2.0:
 8f589cb12460747b38d715968cf15c21  mnf/2.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.i586.rpm
 c94f96a4467b6241789100a7dd942dcd  mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.33mdk-1-1mdk.i586.rpm
 3c58da2c8bca7299dabf713a2c5d3b18  mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.33mdk-1-1mdk.i586.rpm
 ee74fbe17f8af2c2d6c4396094e4477e  mnf/2.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.i586.rpm
 5b1d9a2e52f4264b5d85514a958a092a  mnf/2.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.i586.rpm
 b76c22b9814c6005177916b235565b23  mnf/2.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvQTfmqjQ0CJFipgRAuHjAJ4mUwgs3i0Wlfu+DoaoiaEEe8jYDgCfSwZi
tAQR33UQxWXo2O+0h9tkuRY=
=M1F6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ