| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200312052002.SAA05867@frajuto.distro.conectiva> Date: Fri, 5 Dec 2003 18:02:46 -0200 From: Conectiva Updates <secure@...ectiva.com.br> To: conectiva-updates@...aleguas.conectiva.com.br, lwn@....net, bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com, linsec@...ts.seifried.org Subject: [CLA-2003:796] Conectiva Security Announcement - kernel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kernel SUMMARY : Fix for local do_brk() vulnerability DATE : 2003-12-05 18:00:00 ID : CLA-2003:796 RELEVANT RELEASES : 8, 9 - ------------------------------------------------------------------------- DESCRIPTION The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. A vulnerability in the do_brk() function allows local attackers to obtain root privileges. Exploits for this vulnerability have already been published. Additionally, the following vulnerabilities have been fixed in a previous kernel release which was available on the ftp server but lacked an official announcement: - CAN-2003-0550[2] and CAN-2003-0551[3]: fixes for the STP protocol - CAN-2003-0501[4]: fix for /proc/information disclosure - CAN-2003-0464[5]: fix for RPC code (affects only CL9) - CAN-2003-0476[6]: fix for the execve system call which could allow local users to gain access to restricted file descriptors Specific for Conectiva Linux 8 (already fixed in a previous announcement for CL9[7]): - CAN-2003-0619[8]: fix for XDR code - CAN-2003-0246[9]: ioperm fix - CAN-2003-0248[10]: mxcsr fix - CAN-2003-0364[11]: TCP/IP fragments denial of service - CAN-2003-0244[12]: denial of service in routing table - CAN-2003-0247[13]: denial of service in the TTY layer Starting with this update, Conectiva Linux 9 has support for the PPTP protocol, which also requires an update for the iptables package. SOLUTION It is recommended that all Conectiva Linux users upgrade the kernel package. IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 9 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed). Generic kernel update instructions can be obtained in the manuals and in our updates page[15]. More detailed instructions are also available in Portuguese at our Moin[14] page. REFERENCES 1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0550 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0551 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0501 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0464 6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0476 7.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000701&idioma=en 8.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0619 9.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246 10.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248 11.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364 12.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244 13.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247 14.https://moin.conectiva.com.br/UpdatingKernelPackages 15.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_18cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/devfsd-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_18cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_18cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_18cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_18cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_18cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_18cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/iptables-1.2.9-26694U90_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_11cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/iptables-1.2.9-26694U90_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_11cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_11cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_11cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_11cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_11cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_11cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_11cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_11cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_11cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_11cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_11cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_11cl.pentium4.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@...aleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@...aleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/0ORl42jd0JmAcZARAt3kAKDZmeLbJhy+2RKWLY6ZzTzEppCgewCfX0n1 fz2ldPSluqJjjP89wHCRrbk= =fZeN -----END PGP SIGNATURE-----
Powered by blists - more mailing lists