| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040106012514.GJ28516@wirex.com>
Date: Mon, 5 Jan 2004 17:25:14 -0800
From: Immunix Security Team <security@...unix.com>
To: bugtraq@...urityfocus.com
Subject: Immunix Secured OS 7.3 kernel update
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: kernel
Affected products: Immunix 7.3
Bugs fixed: CAN-2003-0985
Date: Mon Jan 5 2004
Advisory ID: IMNX-2004-73-001-01
Author: Seth Arnold <sarnold@...unix.com>
-----------------------------------------------------------------------
Description:
Paul Starzetz has discovered a mishandled boundary condition in the
mremap(2) systemcall; Starzetz reports this vulnerability may be
exploited by local untrusted users to gain root privileges. Neither
StackGuard nor SubDomain will prevent exploitation of this
vulnerability, though they may frustrate attempts to exploit this
problem through a remote vulnerability. Even though we currently know
of no active use of this vulnerability, we recommend upgrading your
kernels when convenient.
We've chosen to use the patch provided by Solar Designer to address
CAN-2003-0985 -- it appears to provide stronger long-term protection
against similar bugs than the fix provided by Andrea Arcangeli. We
thank Solar Designer, Andrea Arcangeli, Paul Starzetz, and Wojciech
Purczynski for their efforts to fix this problem.
References: http://isec.pl/vulnerabilities/isec-0012-mremap.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Immunix 7.3 users may use our up2date service to install fixed
packages: you may run either "up2date" within X, and follow the
directions, or run "up2date -u" to ensure your system is current.
By default, kernel packages are not automatically upgraded by up2date.
To install updated kernel packages via up2date, please run "up2date
-fv kernel" (or "kernel-smp", "kernel-bigmem", etc.) To install
updated kernel packages via rpm, please run "rpm -ivh <filename>".
Ensure your /etc/grub.conf (or /etc/lilo.conf, if you've configured
your Immunix system to use lilo) automatically selects the proper
kernel for your configuration at boot. (If you use lilo, re-run lilo
to install the new boot block.) For details on grub and lilo, please
see the grub(8) and lilo(8) manpages.
Package names and locations:
Precompiled binary packages for Immunix 7.3 are available at:
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.athlon.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.i386.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.i586.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.i686.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-bigmem-2.4.20-20_imnx_11.i686.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-smp-2.4.20-20_imnx_11.athlon.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-smp-2.4.20-20_imnx_11.i586.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-smp-2.4.20-20_imnx_11.i686.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-doc-2.4.20-20_imnx_11.i386.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-source-2.4.20-20_imnx_11.i386.rpm
Source packages for Immunix 7.3 are available at:
http://download.immunix.org/ImmunixOS/7.3/Updates/SRPMS/kernel-2.4.20-20_imnx_11.src.rpm
Immunix OS 7.3 md5sums:
e7f4bf52e9085a4caecb44bedf3472f4 RPMS/kernel-2.4.20-20_imnx_11.athlon.rpm
a801c7f4c5615974753b7776a1864ed4 RPMS/kernel-2.4.20-20_imnx_11.i386.rpm
a652b813d2e362dd2a819c53f537528b RPMS/kernel-2.4.20-20_imnx_11.i586.rpm
1533edf8fbffeea90467fde1f5c937f1 RPMS/kernel-2.4.20-20_imnx_11.i686.rpm
8200a07c78ecb6e6a4aeb704e5957b01 RPMS/kernel-BOOT-2.4.20-20_imnx_11.i386.rpm
6fe0e219731e6feb1a831197c36a0cd6 RPMS/kernel-bigmem-2.4.20-20_imnx_11.i686.rpm
cf771e85d93bf9dc127a7e272e8b393e RPMS/kernel-doc-2.4.20-20_imnx_11.i386.rpm
a70a411b1154f2d3fc12d8e9573a9b7c RPMS/kernel-smp-2.4.20-20_imnx_11.athlon.rpm
3f728f9c682fd0ede1f0df5019d6de43 RPMS/kernel-smp-2.4.20-20_imnx_11.i586.rpm
3d44b3907b01f20661c8ddcf45a088b8 RPMS/kernel-smp-2.4.20-20_imnx_11.i686.rpm
2756a204b4bcef0a6ee8b6fe3e308691 RPMS/kernel-source-2.4.20-20_imnx_11.i386.rpm
f028d960cc9c94d62f46233c70cdbb6d SRPMS/kernel-2.4.20-20_imnx_11.src.rpm
GPG verification:
Our public keys are available at http://download.immunix.org/GPG_KEY
Immunix, Inc., has changed policy with GPG keys. We maintain several
keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
Immunix 7.3 package signing, and 1B7456DA for general security issues.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 7.3 will not be officially supported after March 31 2005.
ImmunixOS 7+ will not be officially supported after March 1 2004.
ImmunixOS 7.0 is no longer officially supported.
ImmunixOS 6.2 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@...unix.com.
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists