From: Linux Mandrake Security Team <security@linux-mandrake.com>
To: Linux Mandrake Security Announcements <security-announce@linux-mandrake.com>
Subject: [Security Announce] MDKSA-2001:082 - kernel22 update
Date: Fri, 26 Oct 2001 11:00:28 -0600
Cc: Linux Mandrake Security <mdk-security@lists.freezer-burn.org>,
Bugtraq <bugtraq@securityfocus.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: kernel22
Date: October 26th, 2001
Advisory ID: MDKSA-2001:082
Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1,
Single Network Firewall 7.2
________________________________________________________________________
Problem Description:
Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux
kernels with the ptrace code and deeply nested symlinks spending an
arbitrary amount of time in the kernel code. The ptrace vulnerability
could be used by local users to gain root privilege, the symlink
vulnerability could result in a local DoS.
NOTE: This update is *not* meant to be done via MandrakeUpdate! You
must download the necessary RPMs and upgrade manually by following
these steps:
1. Type: rpm -ivh kernel-[version].i586.rpm
2. Type: mv kernel-[version].i586.rpm /tmp
3. Type: rpm -Fvh *.rpm
4a. You may wish to edit /etc/lilo.conf to ensure a new entry is in
place. The new kernel will be the last entry. Change any options
you need to change. You will also want to create a new entry with
the initrd and image directives pointing to the old kernel's
vmlinuz and initrd images so you may also boot from the old
images if required.
4b. PPC users must execute some additional instructions. First edit
/etc/yaboot.conf and add a new entry for the kernel and change
any options that you need to change. You must also create a new
initrd image to enable USB support for keyboards and mice by
typing:
mkinitrd --with=usb-ohci /boot/initrd-2.2.19-19.1mdk 2.2.19-19.1mdk
5a. Type: /sbin/lilo -v
5b. PPC users must type: /sbin/ybin -v
You may then reboot and use the new kernel and remove the older kernel
when you are comfortable using the upgraded one.
________________________________________________________________________
References:
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337
________________________________________________________________________
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.
Linux-Mandrake 7.1:
1fd551f299c93b192feb1189bb6b049e 7.1/RPMS/alsa-2.2.19_0.5.10b-5.2mdk.i586.rpm
9f842e01d0cb62b8a30da0f9b483f08c 7.1/RPMS/alsa-source-2.2.19_0.5.10b-5.2mdk.i586.rpm
304420542a92f76c85b465ddf8861e10 7.1/RPMS/kernel-2.2.19-5.2mdk.i586.rpm
bd9934f6244b41948f82239c9e4af973 7.1/RPMS/kernel-doc-2.2.19-5.2mdk.i586.rpm
27e7f4ffe94a21693d10db01ea905cbe 7.1/RPMS/kernel-headers-2.2.19-5.2mdk.i586.rpm
f8b9152a5030992e87950176e31b76dd 7.1/RPMS/kernel-pcmcia-cs-2.2.19-5.2mdk.i586.rpm
45a9b2b89605676ee86b3a989434589b 7.1/RPMS/kernel-secure-2.2.19-5.2mdk.i586.rpm
001b21f47ade48242373a1cdae8aa503 7.1/RPMS/kernel-smp-2.2.19-5.2mdk.i586.rpm
f0d0e0fd0aa32b084bc29ec36939d378 7.1/RPMS/kernel-source-2.2.19-5.2mdk.i586.rpm
032398178fe6b3a826ea730c74461378 7.1/RPMS/kernel-utils-2.2.19-5.2mdk.i586.rpm
43e440aaa651a590287c5adbdbc92a93 7.1/RPMS/reiserfs-utils-2.2.19_3.5.29-5.2mdk.i586.rpm
f13ab9a51bce2f2386213ac68c1a34dd 7.1/SRPMS/kernel-2.2.19-5.2mdk.src.rpm
Linux-Mandrake 7.2:
446ebf53de386f07e183d77c33fdf33a 7.2/RPMS/alsa-2.2.19_0.5.10b-5.1mdk.i586.rpm
a0dc2f262e5deaf93bc270af7a01b340 7.2/RPMS/alsa-source-2.2.19_0.5.10b-5.1mdk.i586.rpm
fcc1907df00924c10c64ae60a7d5a400 7.2/RPMS/kernel-2.2.19-5.1mdk.i586.rpm
003135b5a545bbb22a972ac6301c5b99 7.2/RPMS/kernel-doc-2.2.19-5.1mdk.i586.rpm
d7e072775b3528648770b658d65375dd 7.2/RPMS/kernel-headers-2.2.19-5.1mdk.i586.rpm
a42c6ac0a6ab26c0a5992aaa4574ae5b 7.2/RPMS/kernel-pcmcia-cs-2.2.19-5.1mdk.i586.rpm
d80195dfa4aedf435f5ae82993e8afa3 7.2/RPMS/kernel-secure-2.2.19-5.1mdk.i586.rpm
d535affc1dad7f3dc63a9abe6b719ba8 7.2/RPMS/kernel-smp-2.2.19-5.1mdk.i586.rpm
4bd83c356e51adffdb32b476d0eda558 7.2/RPMS/kernel-source-2.2.19-5.1mdk.i586.rpm
79448d2ec448aeb23eb1a5c519da96c7 7.2/RPMS/kernel-utils-2.2.19-5.1mdk.i586.rpm
757609c3fc09fa9de14d3d7aa6150b46 7.2/RPMS/reiserfs-utils-2.2.19_3.5.29-5.1mdk.i586.rpm
299ef92dba0e4732991c80df2d356a9f 7.2/SRPMS/kernel-2.2.19-5.1mdk.src.rpm
Mandrake Linux 8.0:
777bc89220caef2bf5470867d103c7fb 8.0/RPMS/kernel22-2.2.19-19.1mdk.i586.rpm
96ee291d0bc3a68728e5e53d980b0aa4 8.0/RPMS/kernel22-secure-2.2.19-19.1mdk.i586.rpm
b0c356629c2c35273b646060d8c94b3e 8.0/RPMS/kernel22-smp-2.2.19-19.1mdk.i586.rpm
042d2fe6f409ad5d2380d8e16c8cc004 8.0/RPMS/kernel22-source-2.2.19-19.1mdk.i586.rpm
42ce13c7040dbec1dc37379b57c0f557 8.0/SRPMS/kernel22-2.2.19-19.1mdk.src.rpm
Mandrake Linux 8.0 (PPC):
89174f97906a2f5b1f42113e1cdb5ae3 ppc/8.0/RPMS/kernel22-2.2.19-19.1mdk.ppc.rpm
2f239b3f38b556f3432d444d3b7f941e ppc/8.0/RPMS/kernel22-secure-2.2.19-19.1mdk.ppc.rpm
f7396ee3358a2fe837313ba84987272e ppc/8.0/RPMS/kernel22-smp-2.2.19-19.1mdk.ppc.rpm
86601e4cd3af59061a454b4c2d2d204b ppc/8.0/RPMS/kernel22-source-2.2.19-19.1mdk.ppc.rpm
6b98e69d183424879a90a39b97714ac1 ppc/8.0/SRPMS/kernel22-2.2.19-19.1mdk.src.rpm
Mandrake Linux 8.1:
777bc89220caef2bf5470867d103c7fb 8.1/RPMS/kernel22-2.2.19-19.1mdk.i586.rpm
96ee291d0bc3a68728e5e53d980b0aa4 8.1/RPMS/kernel22-secure-2.2.19-19.1mdk.i586.rpm
b0c356629c2c35273b646060d8c94b3e 8.1/RPMS/kernel22-smp-2.2.19-19.1mdk.i586.rpm
042d2fe6f409ad5d2380d8e16c8cc004 8.1/RPMS/kernel22-source-2.2.19-19.1mdk.i586.rpm
42ce13c7040dbec1dc37379b57c0f557 8.1/SRPMS/kernel22-2.2.19-19.1mdk.src.rpm
Corporate Server 1.0.1:
54c7fd84f4061e6dec4624d9398082d9 1.0.1/RPMS/alsa-2.2.19_0.5.10b-5.3mdk.i586.rpm
c12e09418b9b8b2fcae335f3b71ff703 1.0.1/RPMS/alsa-source-2.2.19_0.5.10b-5.3mdk.i586.rpm
c862259dbaa9ccd59c7f55005fe73444 1.0.1/RPMS/kernel-2.2.19-5.3mdk.i586.rpm
6651117102969aff2afb25c2f6c489b1 1.0.1/RPMS/kernel-doc-2.2.19-5.3mdk.i586.rpm
e0d319ab9e31ac81b3acd5899c084ce9 1.0.1/RPMS/kernel-headers-2.2.19-5.3mdk.i586.rpm
29d2a1da07cd72a66530ffd65e6059be 1.0.1/RPMS/kernel-pcmcia-cs-2.2.19-5.3mdk.i586.rpm
2a489974f4805e82e0992f61d474a980 1.0.1/RPMS/kernel-secure-2.2.19-5.3mdk.i586.rpm
7204b64d976081b346ea2d937b7be77d 1.0.1/RPMS/kernel-smp-2.2.19-5.3mdk.i586.rpm
b45d07dae8e0fb0cba67ccd34d388c4f 1.0.1/RPMS/kernel-source-2.2.19-5.3mdk.i586.rpm
80662f490e035797941dc4973ffc1ca4 1.0.1/RPMS/kernel-utils-2.2.19-5.3mdk.i586.rpm
5fab41266e2665f8dcee47d930040738 1.0.1/RPMS/reiserfs-utils-2.2.19_3.5.29-5.3mdk.i586.rpm
53abac0c6a89df3f66673db59c92feb7 1.0.1/SRPMS/kernel-2.2.19-5.3mdk.src.rpm
Single Network Firewall 7.2:
fcc1907df00924c10c64ae60a7d5a400 snf7.2/RPMS/kernel-2.2.19-5.1mdk.i586.rpm
003135b5a545bbb22a972ac6301c5b99 snf7.2/RPMS/kernel-doc-2.2.19-5.1mdk.i586.rpm
d7e072775b3528648770b658d65375dd snf7.2/RPMS/kernel-headers-2.2.19-5.1mdk.i586.rpm
a42c6ac0a6ab26c0a5992aaa4574ae5b snf7.2/RPMS/kernel-pcmcia-cs-2.2.19-5.1mdk.i586.rpm
d80195dfa4aedf435f5ae82993e8afa3 snf7.2/RPMS/kernel-secure-2.2.19-5.1mdk.i586.rpm
d535affc1dad7f3dc63a9abe6b719ba8 snf7.2/RPMS/kernel-smp-2.2.19-5.1mdk.i586.rpm
4bd83c356e51adffdb32b476d0eda558 snf7.2/RPMS/kernel-source-2.2.19-5.1mdk.i586.rpm
79448d2ec448aeb23eb1a5c519da96c7 snf7.2/RPMS/kernel-utils-2.2.19-5.1mdk.i586.rpm
757609c3fc09fa9de14d3d7aa6150b46 snf7.2/RPMS/reiserfs-utils-2.2.19_3.5.29-5.1mdk.i586.rpm
299ef92dba0e4732991c80df2d356a9f snf7.2/SRPMS/kernel-2.2.19-5.1mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".
You can download the updates directly from one of the mirror sites
listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them.
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other security advisories for Mandrake Linux at:
http://www.linux-mandrake.com/en/security/
If you want to report vulnerabilities, please contact
security@linux-mandrake.com
________________________________________________________________________
Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:
security-announce@linux-mandrake.com
Mandrake Linux's security announcements mailing list. Only
announcements are sent to this list and it is read-only.
security-discuss@linux-mandrake.com
Mandrake Linux's security discussion mailing list. This list is open
to anyone to discuss Mandrake Linux security specifically and Linux
security in general.
To subscribe to either list, send a message to
sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.
To remove yourself from either list, send a message to
sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.
To get more information on either list, send a message to
sympa@linux-mandrake.com
with "info [listname]" in the body of the message.
Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:
http://www.linux-mandrake.com/en/flists.php3#security
________________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security@linux-mandrake.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE72ZZhmqjQ0CJFipgRAvNbAKCfsrjAZIBjVatpdCLptIEuNt1+NwCgl7am
4gFXpjCNW+Xrb8BEQsmlylA=
=HAcH
-----END PGP SIGNATURE-----