Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Mandrake: kernel mulitple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Mandrake Multiple vulnerabilities were discovered and fixed in the Linux kernel.


                Mandrake Linux Security Update Advisory

Package name:           kernel
Advisory ID:            MDKSA-2003:074
Date:                   July 15th, 2003

Affected versions:	8.2, 9.0, Corporate Server 2.1,
			Multi Network Firewall 8.2

Problem Description:

 Multiple vulnerabilities were discovered and fixed in the Linux kernel.
 * CAN-2003-0001: Multiple ethernet network card drivers do not pad
   frames with null bytes which allows remote attackers to obtain
   information from previous packets or kernel memory by using
   special malformed packets.
 * CAN-2003-0244: The route cache implementation in the 2.4 kernel and
   the Netfilter IP conntrack module allows remote attackers to cause a
   Denial of Service (DoS) via CPU consumption due to packets with
   forged source addresses that cause a large number of hash table
   collisions related to the PREROUTING chain.
 * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier
   kernels does not properly restrict privileges, which allows local
   users to gain read or write access to certain I/O ports.
 * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel
   allows attackers to cause a kernel oops resulting in a DoS.
 * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to
   modify CPU state registers via a malformed address.
 * CAN-2003-0462: A file read race existed in the execve() system call.
 Kernels for 9.1/x86 are also available (see MDKSA-2003:066).
 MandrakeSoft encourages all users to upgrade to these new kernels.
 For full instructions on how to properly upgrade your kernel, please


Updated Packages:
 Corporate Server 2.1:
 7d1353ce3e9fb208432efbdd2b88ce1d  corporate/2.1/RPMS/kernel-
 0326b72151288d0019f8931c00ee0e09  corporate/2.1/RPMS/kernel-BOOT-
 32b1a09f83f47f5ff1a5d57a80ccb20a  corporate/2.1/RPMS/kernel-enterprise-
 980ba2d5c0a1d8a9912c2a69acbbfe78  corporate/2.1/RPMS/kernel-secure-
 958b18995fe86327c810f61f4f0dde19  corporate/2.1/RPMS/kernel-smp-
 8820530236f374ef7785894da1d9d335  corporate/2.1/RPMS/kernel-source-2.4.19-35mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  corporate/2.1/SRPMS/kernel-

 Mandrake Linux 8.2:
 2619584b889187747e02fea73a4f1a8e  8.2/RPMS/kernel-
 3eaea1e08d39961b53d5738b29aea33e  8.2/RPMS/kernel-BOOT-
 b4692c3e92c7e6a43f96bd1f6d7f9358  8.2/RPMS/kernel-doc-2.4.19-35mdk.i586.rpm
 e84542a0bdb5b41cec474bf4e4e3c604  8.2/RPMS/kernel-enterprise-
 491ae5f0690d23df6219cca1ed1eba18  8.2/RPMS/kernel-secure-
 c776ded96b8a2c348243f2597dd86502  8.2/RPMS/kernel-smp-
 cef13c1241944b7bd2d7504cb7352305  8.2/RPMS/kernel-source-2.4.19-35mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  8.2/SRPMS/kernel-

 Mandrake Linux 8.2/PPC:
 be46c251cf9c926a343d4669a841ea2c  ppc/8.2/RPMS/kernel-
 b89668f6f92f1066f5cbdd04780fa7b5  ppc/8.2/RPMS/kernel-doc-2.4.19-35mdk.ppc.rpm
 da58d7320c3a22304e00a1a2498d9062  ppc/8.2/RPMS/kernel-enterprise-
 128aff5750789a51db0985ee17ad466b  ppc/8.2/RPMS/kernel-smp-
 82eab7a11ded653b85f741f1d5892338  ppc/8.2/RPMS/kernel-source-2.4.19-35mdk.ppc.rpm
 32603ada685f5e679c4be90942bb3a82  ppc/8.2/SRPMS/kernel-

 Mandrake Linux 9.0:
 7d1353ce3e9fb208432efbdd2b88ce1d  9.0/RPMS/kernel-
 0326b72151288d0019f8931c00ee0e09  9.0/RPMS/kernel-BOOT-
 efb37c9fe34a782d4bc9425e0ac19dda  9.0/RPMS/kernel-doc-2.4.19-35mdk.i586.rpm
 32b1a09f83f47f5ff1a5d57a80ccb20a  9.0/RPMS/kernel-enterprise-
 980ba2d5c0a1d8a9912c2a69acbbfe78  9.0/RPMS/kernel-secure-
 958b18995fe86327c810f61f4f0dde19  9.0/RPMS/kernel-smp-
 8820530236f374ef7785894da1d9d335  9.0/RPMS/kernel-source-2.4.19-35mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  9.0/SRPMS/kernel-

 Multi Network Firewall 8.2:
 491ae5f0690d23df6219cca1ed1eba18  mnf8.2/RPMS/kernel-secure-
 32603ada685f5e679c4be90942bb3a82  mnf8.2/SRPMS/kernel-

Bug IDs fixed (see for more information):

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to

You can view other update advisories for Mandrake Linux at:

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by

If you want to report vulnerabilities, please contact

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.