aru Posted January 8, 2004 Report Share Posted January 8, 2004 MandrakeSoft Security Advisory MDKSA-2004:001 : kernel January 7th, 2004 Updated kernel packages fix local root vulnerability A flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC (real time clock) routines was fixed as well. All Mandrake Linux users are encouraged to upgrade to these packages immediately. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1) and bootloader-utils (9.2) packages prior to upgrading the kernel as they contain a fixed installkernel script that fixes instances where the loop module was not being loaded and would cause mkinitrd to fail. Users requiring commercial NVIDIA drivers can find drivers for Mandrake Linux 9.2 at MandrakeClub. The released versions of Mandrake GNU/Linux affected are: 9.0 9.1 9.2 9.2/AMD64 Multi Network Firewall 8.2 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:001 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0985 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0984 Posted automatically by aru (mdksec2mub v0.0.7) Link to comment Share on other sites More sharing options...
Recommended Posts