aru Posted June 23, 2004 Report Share Posted June 23, 2004 Mandrakesoft Security Advisories MDKSA-2004:062 : kernel Updated kernel packages fix multiple vulnerabilities June 23rd, 2004 A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered by Chris Wright.The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory (CAN-2004-0535). A vulnerability was also discovered in the kernel were a certain C program would trigger a floating point exception that would crash the kernel.This vulnerability can only be triggered locally by users with shell access (CAN-2004-0554). The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 10.0 MNF8.2 CS2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 http://www.kb.cert.org/vuls/id/973654 Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts