MDKSA-2005:111

Package name

kernel-2.4

Date

2005-06-30

Advisory ID

MDKSA-2005:111

Affected versions

CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , MNF8.2 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels: Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys via a timing attack on memory cache misses. This has been corrected by disabling HT support in all kernels (CAN-2005-0109). When forwarding fragmented packets, a hardware assisted checksum could only be used once which could lead to a Denial of Service attack or crash by remote users (CAN-2005-0209). A flaw in the Linux PPP driver was found where on systems allowing remote users to connect to a server via PPP, a remote client could cause a crash, resulting in a Denial of Service (CAN-2005-0384). An information leak in the ext2 filesystem code was found where when a new directory is created, the ext2 block written to disk is not initialized (CAN-2005-0400). A signedness error in the copy_from_read_buf function in n_tty.c allows local users to read kernel memory via a negative argument (CAN-2005-0530). George Guninski discovered a buffer overflow in the ATM driver where the atm_get_addr() function does not validate its arguments sufficiently which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could potentially lead to the execution of arbitrary code (CAN-2005-0531). A flaw when freeing a pointer in load_elf_library was found that could be abused by a local user to potentially crash the machine causing a Denial of Service (CAN-2005-0749). A problem with the Bluetooth kernel stack in kernels 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker to gain root access or crash the machine (CAN-2005-0750). A race condition in the Radeon DRI driver allows a local user with DRI privileges to execute arbitrary code as root (CAN-2005-0767). Paul Starzetz found an integer overflow in the ELF binary format loader's code dump function in kernels prior to and including 2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially crafted ELF executable, a local attacker could exploit this to execute arbitrary code with root and kernel privileges (CAN-2005-1263).

Updated packages

CS2.1 x86_64

 2bf8630a1b3439a62cd226675afac5fa  x86_64/corporate/2.1/RPMS/kernel-2.4.19.49mdk-1-1mdk.x86_64.rpm
81f5f76607480270437d4e176cbc052c  x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.49mdk-1-1mdk.x86_64.rpm
68e934d793f23b77f0072e1d9dfffff8  x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.49mdk-1-1mdk.x86_64.rpm
76e6aed1997bd297034978fd177e9c6c  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-49mdk.x86_64.rpm
9b8252d59a1f75bf80d134ff394e631f  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.49mdk-1-1mdk.src.rpm

10.0 amd64

 b25d2470f809eb14d8ba4c27ffc720b0  amd64/10.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.amd64.rpm
6073c44537913b11d9ce81a506d4f698  amd64/10.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.amd64.rpm
a2fe6dfa98e85ca097aea0c3cd01cac4  amd64/10.0/RPMS/kernel-source-2.4.25-14mdk.amd64.rpm
49ca54a42f3df341c89deea3cc60752b  amd64/10.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

10.1 i586

 2bb1a55a701e1f9bf8d9c004873fbec3  10.1/RPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
e7dc646e68cde7f58de3379ab581c436  10.1/RPMS/kernel-enterprise-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
aa252943a193bb218ff6c7b80d40d575  10.1/RPMS/kernel-i586-up-1GB-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
f953475453e85586b8878024496708d6  10.1/RPMS/kernel-smp-2.4.28.0.rc1.6mdk-1-1mdk.i586.rpm
9472f72434bcd3152c440d886b8b8d0a  10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.6mdk.i586.rpm
da09cdd87f8658578a134b35afc3634e  10.1/SRPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.src.rpm

10.0 i586

 6e064c284eee32e9b8aa444d5c8b1f51  10.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.i586.rpm
34b6b9caac88e1ff34788bc9a99eb023  10.0/RPMS/kernel-enterprise-2.4.25.14mdk-1-1mdk.i586.rpm
6464002754031a7fcd663d6df76c0871  10.0/RPMS/kernel-i686-up-4GB-2.4.25.14mdk-1-1mdk.i586.rpm
5d9c42cd422d34521514becb2b99f5ee  10.0/RPMS/kernel-p3-smp-64GB-2.4.25.14mdk-1-1mdk.i586.rpm
da21d692d1c1b4ac76930491cb977355  10.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.i586.rpm
e1680f042ca01793cd3526ca890a6359  10.0/RPMS/kernel-source-2.4.25-14mdk.i586.rpm
49ca54a42f3df341c89deea3cc60752b  10.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

CS3.0 x86_64

 9f9a2331e209bc05e1f673f6ba4496c3  x86_64/corporate/3.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.x86_64.rpm
cba23e8d414c01245b7bfd9d40fb976d  x86_64/corporate/3.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.x86_64.rpm
e1891c175b7544470017aa7979ae2fb9  x86_64/corporate/3.0/RPMS/kernel-source-2.4.25-14mdk.x86_64.rpm
49ca54a42f3df341c89deea3cc60752b  x86_64/corporate/3.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

CS3.0 i586

 6e064c284eee32e9b8aa444d5c8b1f51  corporate/3.0/RPMS/kernel-2.4.25.14mdk-1-1mdk.i586.rpm
34b6b9caac88e1ff34788bc9a99eb023  corporate/3.0/RPMS/kernel-enterprise-2.4.25.14mdk-1-1mdk.i586.rpm
6464002754031a7fcd663d6df76c0871  corporate/3.0/RPMS/kernel-i686-up-4GB-2.4.25.14mdk-1-1mdk.i586.rpm
5d9c42cd422d34521514becb2b99f5ee  corporate/3.0/RPMS/kernel-p3-smp-64GB-2.4.25.14mdk-1-1mdk.i586.rpm
da21d692d1c1b4ac76930491cb977355  corporate/3.0/RPMS/kernel-smp-2.4.25.14mdk-1-1mdk.i586.rpm
e1680f042ca01793cd3526ca890a6359  corporate/3.0/RPMS/kernel-source-2.4.25-14mdk.i586.rpm
49ca54a42f3df341c89deea3cc60752b  corporate/3.0/SRPMS/kernel-2.4.25.14mdk-1-1mdk.src.rpm

MNF8.2 i586

 5c8e475f0f0d3dd14f79e2a3d875596d  mnf8.2/RPMS/kernel-secure-2.4.19.49mdk-1-1mdk.i586.rpm
9b8252d59a1f75bf80d134ff394e631f  mnf8.2/SRPMS/kernel-2.4.19.49mdk-1-1mdk.src.rpm

CS2.1 i586

 3d62f084903092436aa7074a57b8f50a  corporate/2.1/RPMS/kernel-2.4.19.49mdk-1-1mdk.i586.rpm
057c35e5704d2cb40db72d6731798c45  corporate/2.1/RPMS/kernel-enterprise-2.4.19.49mdk-1-1mdk.i586.rpm
5c8e475f0f0d3dd14f79e2a3d875596d  corporate/2.1/RPMS/kernel-secure-2.4.19.49mdk-1-1mdk.i586.rpm
0bdd8e582fa2c8996853c583581c5a1c  corporate/2.1/RPMS/kernel-smp-2.4.19.49mdk-1-1mdk.i586.rpm
cc34893f190d9a2b914b2b133687d483  corporate/2.1/RPMS/kernel-source-2.4.19-49mdk.i586.rpm
9b8252d59a1f75bf80d134ff394e631f  corporate/2.1/SRPMS/kernel-2.4.19.49mdk-1-1mdk.src.rpm

10.1 x86_64

 45b22f87c2aca0cd3cb660aee55b309c  x86_64/10.1/RPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.x86_64.rpm
de98bf86d25660a7d1209391718941cd  x86_64/10.1/RPMS/kernel-smp-2.4.28.0.rc1.6mdk-1-1mdk.x86_64.rpm
8037b0d02ff5958009c1ce06fc80ecb7  x86_64/10.1/RPMS/kernel-source-2.4-2.4.28-0.rc1.6mdk.x86_64.rpm
da09cdd87f8658578a134b35afc3634e  x86_64/10.1/SRPMS/kernel-2.4.28.0.rc1.6mdk-1-1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0209
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0530
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0531
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0767
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263