-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:124 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kernel Date : July 18, 2006 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A race condition in the Linux kernel 2.6.17.4 and earlier allows local users to obtain root privileges due to a race condition in the /proc filesystem. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3626 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: e3f50de9b2576f6c7849efee5fa7ccc4 2006.0/RPMS/kernel-2.6.12.24mdk-1-1mdk.i586.rpm ac091b0d6eafcf2f2cbcb981bc7f1567 2006.0/RPMS/kernel-BOOT-2.6.12.24mdk-1-1mdk.i586.rpm 241c8edfd46c8a1af69c97346738715f 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.24mdk-1-1mdk.i586.rpm 2652cbf99438921d4dd473284173d83a 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.24mdk-1-1mdk.i586.rpm 96eed9404633064ac54247bfaf79e6b0 2006.0/RPMS/kernel-smp-2.6.12.24mdk-1-1mdk.i586.rpm 2ebc8c0f8080712c943aadbe34c955a7 2006.0/RPMS/kernel-source-2.6.12.24mdk-1-1mdk.i586.rpm f4380595eb6fa81429f56706cdd32c55 2006.0/RPMS/kernel-source-stripped-2.6.12.24mdk-1-1mdk.i586.rpm 2477f821e4f1351013c3b8f941a8c18d 2006.0/RPMS/kernel-xbox-2.6.12.24mdk-1-1mdk.i586.rpm 79605a820271776ad7c01ba93e5707dd 2006.0/RPMS/kernel-xen0-2.6.12.24mdk-1-1mdk.i586.rpm 2af343ed6022e305de43b6c6d6771e97 2006.0/RPMS/kernel-xenU-2.6.12.24mdk-1-1mdk.i586.rpm e4a10a2ed21c36c4c36a4555b6a79433 2006.0/SRPMS/kernel-2.6.12.24mdk-1-1mdk.src.rpm Mandriva Linux 2006.0/X86_64: 87c2a427fc462c4b274f1d31d8030ca3 x86_64/2006.0/RPMS/kernel-2.6.12.24mdk-1-1mdk.x86_64.rpm 1d3f71f5bff6761b76e659089f1dd04f x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.24mdk-1-1mdk.x86_64.rpm 56075fe597ff1b28fe73c76463cb057e x86_64/2006.0/RPMS/kernel-smp-2.6.12.24mdk-1-1mdk.x86_64.rpm 194ab270414b5e83d57205f423ae10a8 x86_64/2006.0/RPMS/kernel-source-2.6.12.24mdk-1-1mdk.x86_64.rpm 087efaca0ebc4274884f7811b168358d x86_64/2006.0/RPMS/kernel-source-stripped-2.6.12.24mdk-1-1mdk.x86_64.rpm e4a10a2ed21c36c4c36a4555b6a79433 x86_64/2006.0/SRPMS/kernel-2.6.12.24mdk-1-1mdk.src.rpm Corporate 3.0: 11825513fe1c738bf6ec48eed5c62807 corporate/3.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.i586.rpm 169b6d012e5d003ee55c730335968257 corporate/3.0/RPMS/kernel-BOOT-2.6.3.33mdk-1-1mdk.i586.rpm 9958b7e383199559c7d10ce9a2b908a1 corporate/3.0/RPMS/kernel-enterprise-2.6.3.33mdk-1-1mdk.i586.rpm 4bfc5af3a33bbd068d5ec7530ebc986f corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.33mdk-1-1mdk.i586.rpm 3d3aba1eafca57c61b2e13003aa13120 corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.33mdk-1-1mdk.i586.rpm 2a6f8c6c36eb3d9c94b24c0e12deb8ac corporate/3.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.i586.rpm f7cd743bde04b4604f20178e84085829 corporate/3.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.i586.rpm 8b0522f993b6aa19c90d45898b1359fa corporate/3.0/RPMS/kernel-source-2.6.3-33mdk.i586.rpm a608bd9be549327e59f8d61d83516d26 corporate/3.0/RPMS/kernel-source-stripped-2.6.3-33mdk.i586.rpm cfe5332861963310091c7fca6c81881e corporate/3.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm Corporate 3.0/X86_64: 5602ec8c0a742c57e7b5c426e08972eb x86_64/corporate/3.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.x86_64.rpm 6fda1cf0adebaa87c362e583a449ea97 x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.33mdk-1-1mdk.x86_64.rpm 690f4bc5987e923f110b0224b7d18c6f x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.x86_64.rpm ad947e405b1ec2d169f6d8e6f0be949a x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.x86_64.rpm deaf89ce9c2a2ab6ca66fcc9563eb5bc x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-33mdk.x86_64.rpm 7a13854690a641b7257231d574895de2 x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-33mdk.x86_64.rpm cfe5332861963310091c7fca6c81881e x86_64/corporate/3.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm Multi Network Firewall 2.0: 8f589cb12460747b38d715968cf15c21 mnf/2.0/RPMS/kernel-2.6.3.33mdk-1-1mdk.i586.rpm c94f96a4467b6241789100a7dd942dcd mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.33mdk-1-1mdk.i586.rpm 3c58da2c8bca7299dabf713a2c5d3b18 mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.33mdk-1-1mdk.i586.rpm ee74fbe17f8af2c2d6c4396094e4477e mnf/2.0/RPMS/kernel-secure-2.6.3.33mdk-1-1mdk.i586.rpm 5b1d9a2e52f4264b5d85514a958a092a mnf/2.0/RPMS/kernel-smp-2.6.3.33mdk-1-1mdk.i586.rpm b76c22b9814c6005177916b235565b23 mnf/2.0/SRPMS/kernel-2.6.3.33mdk-1-1mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEvQTfmqjQ0CJFipgRAuHjAJ4mUwgs3i0Wlfu+DoaoiaEEe8jYDgCfSwZi tAQR33UQxWXo2O+0h9tkuRY= =M1F6 -----END PGP SIGNATURE-----