Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Mandrake: kernel Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Mandrake This patch fixes a large variety of kernel bugs, including an assortment of filesystem related vulnerabilities.

Mandrakelinux Security Update Advisory

 Package name:           kernel
 Advisory ID:            MDKSA-2004:029
 Date:                   April 14th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2

 Problem Description:

 A vulnerability was found in the R128 DRI driver by Alan Cox.  This
 could allow local privilege escalation.  The previous fix, in
 MDKSA-2004:015 only partially corrected the problem; the full fix is
 included (CAN-2004-0003).
 A local root vulnerability was discovered in the isofs component of
 the Linux kernel by iDefense.  This vulnerability can be triggered by
 performing a directory listing on a maliciously constructed ISO
 filesystem, or attempting to access a file via a malformed symlink on
 such a filesystem (CAN-2004-0109).
 An information leak was discovered in the ext3 filesystem code by Solar
 Designer.  It was discovered that when creating or writing to an ext3
 filesystem, some amount of other in-memory data gets written to the
 device.  The data is not the file's contents, not something on the same
 filesystem, or even anything that was previously in a file at all.  To
 obtain this data, a user needs to read the raw device (CAN-2004-0177).
 The same vulnerability was also found in the XFS filesystem code
 (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181).
 Finally, a vulnerability in the OSS code for SoundBlaster 16 devices
 was discovered by Andreas Kies.  It is possible for local users with
 access to the sound system to crash the machine (CAN-2004-0178).
 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels.
 To update your kernel, please follow the directions located at:


 Updated Packages:
 Mandrakelinux 10.0:
 b4826b1ef3e764cbbcea5a7b304bbe65  10.0/RPMS/kernel-
 29feca23f05a67de8b98840b9fff7d93  10.0/RPMS/kernel-
 d7cf169ab6feca0ff328bdb2b83dfd10  10.0/RPMS/kernel-enterprise-
 fc42c4a0e5c33c065575bd8377f793a5  10.0/RPMS/kernel-enterprise-
 353aa9636d7e34c6afab193defe46713  10.0/RPMS/kernel-i686-up-4GB-
 5c434e6d9992f139371b58c05aa811e5  10.0/RPMS/kernel-i686-up-4GB-
 86c6adedf3f4e56580f4041d997ad63f  10.0/RPMS/kernel-p3-smp-64GB-
 80a5571c8a6cea4a050d25ad69e1fd89  10.0/RPMS/kernel-p3-smp-64GB-
 58585213cf9adb3e3036c483b2564eb8  10.0/RPMS/kernel-secure-
 97d27da1d1123ba70e26d418313aa928  10.0/RPMS/kernel-smp-
 4a23217607dc4986fbca670eb364cf84  10.0/RPMS/kernel-smp-
 0b8c7da330198d355be83decd03ceccb  10.0/RPMS/kernel-source-2.4.25-3mdk.i586.rpm
 d5c065c5767044e2f7fad85a01011665  10.0/RPMS/kernel-source-2.6.3-8mdk.i586.rpm
 bcfde8a0e87da6aa97b21550d95106ca  10.0/RPMS/kernel-source-stripped-2.6.3-8mdk.i586.rpm
 20a1cb909fe21afe66c9d3e6ba839c12  10.0/SRPMS/kernel-
 fd51f33b89b1647f212649fbed23c6ad  10.0/SRPMS/kernel-

 Corporate Server 2.1:
 eb4998651f1831bd1c065b121d380329  corporate/2.1/RPMS/kernel-
 002afdc620495d8d69db0630c92eeaf1  corporate/2.1/RPMS/kernel-enterprise-
 5a668737d29e37fc13247d009e3168fb  corporate/2.1/RPMS/kernel-secure-
 3e9bbfacb9b157df46be188234939ccb  corporate/2.1/RPMS/kernel-smp-
 6222532d2d8d16e6b92c84d2015fd166  corporate/2.1/RPMS/kernel-source-2.4.19-39mdk.i586.rpm
 d5dd3f59ed6cf66414c886002622954a  corporate/2.1/SRPMS/kernel-

 Corporate Server 2.1/x86_64:
 8c79eb0882cdbc3087a849bc0d002d12  x86_64/corporate/2.1/RPMS/kernel-
 bd1b3af1103a5162c3fa71d8a7a20e29  x86_64/corporate/2.1/RPMS/kernel-secure-
 5ce3957e78b6c2556d8d01b436049e1c  x86_64/corporate/2.1/RPMS/kernel-smp-
 eb8813335600b8509343a5d376f50586  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-40mdk.x86_64.rpm
 749ba262824efc6db6bf9a348db9572b  x86_64/corporate/2.1/SRPMS/kernel-

 Mandrakelinux 9.1:
 b5394346fa238739fe342671009b8eca  9.1/RPMS/kernel-
 40c38603b9dad47b497cc2fdccfc21cd  9.1/RPMS/kernel-enterprise-
 c107a74efbd71017c5e7cae4a4b84fb4  9.1/RPMS/kernel-secure-
 362e1ddc3add24372bbb59a74941c598  9.1/RPMS/kernel-smp-
 1745c4fec12d10c7dd2d5331f03a254c  9.1/RPMS/kernel-source-2.4.21-0.29mdk.i586.rpm
 20a2d293559cd1bdabc86c533a907a4a  9.1/SRPMS/kernel-

 Mandrakelinux 9.1/PPC:
 fc4fb39fe1df50af8932679c0b138e8d  ppc/9.1/RPMS/kernel-
 e2a42a0898cabfe4b59d5ecf9167e4e0  ppc/9.1/RPMS/kernel-enterprise-
 7d4a095287f8f1076113ab445a286d36  ppc/9.1/RPMS/kernel-smp-
 760f415f8eb70ebd37f243a0b43a176f  ppc/9.1/RPMS/kernel-source-2.4.21-0.29mdk.ppc.rpm
 20a2d293559cd1bdabc86c533a907a4a  ppc/9.1/SRPMS/kernel-

 Mandrakelinux 9.2:
 409ab93daa6c6690a2a015871f23f832  9.2/RPMS/kernel-
 f25ad40adcbaa0869335a227d4264a58  9.2/RPMS/kernel-enterprise-
 f94fe10996090682e9ac6d13d374b920  9.2/RPMS/kernel-i686-up-4GB-
 52c9cb8f53fb15a2d7587215193c9753  9.2/RPMS/kernel-p3-smp-64GB-
 d6d06b86c72135c32118cba6f4c9ddd4  9.2/RPMS/kernel-secure-
 1781ebccb4a1a866d1cd6da9ead17e1a  9.2/RPMS/kernel-smp-
 aa9795ab47d2857e8a47ef9f1b4f3a40  9.2/RPMS/kernel-source-2.4.22-29mdk.i586.rpm
 4971af624bb652a0e14d50703977aad5  9.2/SRPMS/kernel-

 Mandrakelinux 9.2/AMD64:
 794e8ac9edc946b02213557c135fe06a  amd64/9.2/RPMS/kernel-
 c78816d4821cf0a8a82895240d2c7882  amd64/9.2/RPMS/kernel-secure-
 231cf40c4c78d756a354e7fc9ef435ea  amd64/9.2/RPMS/kernel-smp-
 17738c560feeb16e8a50acda87f1ed7d  amd64/9.2/RPMS/kernel-source-2.4.22-29mdk.amd64.rpm
 4971af624bb652a0e14d50703977aad5  amd64/9.2/SRPMS/kernel-

 Multi Network Firewall 8.2:
 143a4b55641d29e5a346e8d7685e5e1b  mnf8.2/RPMS/kernel-secure-
 d5dd3f59ed6cf66414c886002622954a  mnf8.2/SRPMS/kernel-

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to

 You can view other update advisories for Mandrakelinux at:

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by

 If you want to report vulnerabilities, please contact

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.