[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0312021005080.2179@bob.slackware.com>
Date: Tue, 2 Dec 2003 10:05:30 -0800 (PST)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security] Kernel security update (SSA:2003-336-01)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Kernel security update (SSA:2003-336-01)
New kernels are available for Slackware 9.1 and -current. These
have been upgraded to Linux kernel version 2.4.23, which fixes a
bug in the kernel's do_brk() function that could be exploited to
gain root privileges. These updated kernels and modules should be
installed by any sites running a 2.4 kernel earlier than 2.4.23.
Linux 2.0 and 2.2 kernels are not vulnerable.
More details about the Apache issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Mon Dec 1 21:36:30 PST 2003
patches/kernels/: Upgraded to Linux 2.4.23. This fixes a bug in the
kernel's do_brk() function which a local user could exploit to gain
root privileges. For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
Sites should upgrade to the 2.4.23 kernel and kernel modules. After
installing the new kernel, be sure to run 'lilo'.
(* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-1.tgz: Upgraded to
alsa-driver-0.9.8, compiled against linux-2.4.23.
patches/packages/alsa-lib-0.9.8-i486-1.tgz: Upgraded to alsa-lib-0.9.8.
patches/packages/alsa-oss-0.9.8-i486-1.tgz: Upgraded to alsa-oss-0.9.8.
patches/packages/alsa-utils-0.9.8-i486-1.tgz: Upgraded to
alsa-utils-0.9.8.
patches/packages/kernel-ide-2.4.23-i486-1.tgz: Upgraded bare.i kernel
package to Linux 2.4.23.
patches/packages/kernel-modules-2.4.23-i486-1.tgz: Upgraded to Linux
2.4.23 kernel modules.
patches/packages/kernel-source-2.4.23-noarch-2.tgz: Upgraded to Linux
2.4.23 kernel source, with XFS and Speakup patches included (but not
pre-applied).
patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz:
Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs.
patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz:
Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched)
kernel.
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.23-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-2.4.23-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.23-noarch-2.tgz
An alternate kernel may be installed. Those are found in this directory:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/
ALSA has also been updated to 0.9.8 and compiled for 2.4.23. These
packages will also be required to use the ALSA sound system:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-driver-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-lib-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-oss-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-utils-0.9.8-i486-1.tgz
The XFS patched kernel requires different kernel modules. If you use
the XFS filesystem and XFS patched kernel (xfs.s), these packages
contain kernel modules compiled against 2.4.23-xfs:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-ide-2.4.23-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-2.4.23-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-2.4.23-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-2.4.23-noarch-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/alsa-utils-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/alsa-driver-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/alsa-lib-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/alsa-oss-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz
MD5 SIGNATURES:
+-------------+
MD5 signatures may be downloaded from our FTP server:
Slackware 9.1 packages:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5
To verify authenticity, this file has been signed with the Slackware
GPG key (use 'gpg --verify'):
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5.asc
Slackware -current packages:
ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5
ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc
INSTALLATION INSTRUCTIONS:
+------------------------+
Use upgradepkg to install the new kernel, kernel-modules, and alsa packages.
After installing the kernel-ide package you will need to run lilo ('lilo' at
a command prompt) or create a new system boot disk ('makebootdisk'), and
reboot.
If desired, a kernel from the kernels/ directory may be used instead. For
example, to use the kernel in kernels/scsi.s/, you would copy it to the
boot directory like this:
cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.23
Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.23 /boot/vmlinuz
Then, run 'lilo' or create a new system boot disk and reboot.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/zNRFakRjwEAQIjMRAmieAJ46ssILaq+a++J0uPHPKsQPzgNtagCdHAJI
ADkH93iyir0mcOuaVFdAjBo=
=121f
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists