[Security Announce] [ MDKSA-2006:124 ] - Updated kernel packages fix privilege escalation vulnerability
Posted on: 07/18/2006 08:22 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:124
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : July 18, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A race condition in the Linux kernel 2.6.17.4 and earlier allows local
users to obtain root privileges due to a race condition in the /proc
filesystem.

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels immediately
and reboot to effect the fixes.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3626
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
e3f50de9b2576f6c7849efee5fa7ccc4 2006.0/RPMS/kernel-2.6.12.24mdk-1-1mdk.i586.rpm
ac091b0d6eafcf2f2cbcb981bc7f1567 2006.0/RPMS/kernel-BOOT-2.6.12.24mdk-1-1mdk.i586.rpm
241c8edfd46c8a1af69c97346738715f 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.24mdk-1-1mdk.i586.rpm
2652cbf99438921d4dd473284173d83a 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.24mdk-1-1mdk.i586.rpm
96eed9404633064ac54247bfaf79e6b0 2006.0/RPMS/kernel-smp-2.6.12.24mdk-1-1mdk.i586.rpm
2ebc8c0f8080712c943aadbe34c955a7 2006.0/RPMS/kernel-source-2.6.12.24mdk-1-1mdk.i586.rpm
f4380595eb6fa81429f56706cdd32c55 2006.0/RPMS/kernel-source-stripped-2.6.12.24mdk-1-1mdk.i586.rpm
2477f821e4f1351013c3b8f941a8c18d 2006.0/RPMS/kernel-xbox-2.6.12.24mdk-1-1mdk.i586.rpm
79605a820271776ad7c01ba93e5707dd 2006.0/RPMS/kernel-xen0-2.6.12.24mdk-1-1mdk.i586.rpm
2af343ed6022e305de43b6c6d6771e97 2006.0/RPMS/kernel-xenU-2.6.12.24mdk-1-1mdk.i586.rpm
e4a10a2ed21c36c4c36a4555b6a79433 2006.0/SRPMS/kernel-2.6.12.24mdk-1-1mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
87c2a427fc462c4b274f1d31d8030ca3 x86_64/2006.0/RPMS/kernel-2.6.12.24mdk-1-1mdk.x86_64.rpm
1d3f71f5bff6761b76e659089f1dd04f x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.24mdk-1-1mdk.x86_64.rpm
56075fe597ff1b28fe73c76463cb057e x86_64/2006.0/RPMS/kernel-smp-2.6.12.24mdk-1-1mdk.x86_64.rpm
194ab270414b5e83d57205f423ae10a8 x86_64/2006.0/RPMS/kernel-source-2.6.12.24mdk-1-1mdk.x86_64.rpm
087efaca0ebc4274884f7811b168358d x86_64/2006.0/RPMS/kernel-source-stripped-2.6.12.24mdk-1-1mdk.x86_64.rpm
e4a10a2ed21c36c4c36a4555b6a79433 x86_64/2006.0/SRPMS/kernel-2.6.12.24mdk-1-1mdk.src.rpm

Corporate 3.0:
11825513fe1c738bf6ec48eed5c62807 corporate/3.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.i586.rpm
169b6d012e5d003ee55c730335968257 corporate/3.0/RPMS/kernel-BOOT-2.6.3.33mdk-1-1mdk.i586.rpm
9958b7e383199559c7d10ce9a2b908a1 corporate/3.0/RPMS/kernel-enterprise-2.6.3.33mdk-1-1mdk.i586.rpm
4bfc5af3a33bbd068d5ec7530ebc986f corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.33mdk-1-1mdk.i586.rpm
3d3aba1eafca57c61b2e13003aa13120 corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.33mdk-1-1mdk.i586.rpm
2a6f8c6c36eb3d9c94b24c0e12deb8ac corporate/3.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.i586.rpm
f7cd743bde04b4604f20178e84085829 corporate/3.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.i586.rpm
8b0522f993b6aa19c90d45898b1359fa corporate/3.0/RPMS/kernel-source-2.6.3-33mdk.i586.rpm
a608bd9be549327e59f8d61d83516d26 corporate/3.0/RPMS/kernel-source-stripped-2.6.3-33mdk.i586.rpm
cfe5332861963310091c7fca6c81881e corporate/3.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm

Corporate 3.0/X86_64:
5602ec8c0a742c57e7b5c426e08972eb x86_64/corporate/3.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.x86_64.rpm
6fda1cf0adebaa87c362e583a449ea97 x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.33mdk-1-1mdk.x86_64.rpm
690f4bc5987e923f110b0224b7d18c6f x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.x86_64.rpm
ad947e405b1ec2d169f6d8e6f0be949a x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.x86_64.rpm
deaf89ce9c2a2ab6ca66fcc9563eb5bc x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-33mdk.x86_64.rpm
7a13854690a641b7257231d574895de2 x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-33mdk.x86_64.rpm
cfe5332861963310091c7fca6c81881e x86_64/corporate/3.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm

Multi Network Firewall 2.0:
8f589cb12460747b38d715968cf15c21 mnf/2.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.i586.rpm
c94f96a4467b6241789100a7dd942dcd mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.33mdk-1-1mdk.i586.rpm
3c58da2c8bca7299dabf713a2c5d3b18 mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.33mdk-1-1mdk.i586.rpm
ee74fbe17f8af2c2d6c4396094e4477e mnf/2.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.i586.rpm
5b1d9a2e52f4264b5d85514a958a092a mnf/2.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.i586.rpm
b76c22b9814c6005177916b235565b23 mnf/2.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvQTfmqjQ0CJFipgRAuHjAJ4mUwgs3i0Wlfu+DoaoiaEEe8jYDgCfSwZi
tAQR33UQxWXo2O+0h9tkuRY=
=M1F6
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006124__updated_kernel_packages_fix_privilege_escalation_vulnerability.html)