| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jan 2004 20:00:02 -0800 (PST)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security] Kernel security update (SSA:2004-006-01)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Kernel security update (SSA:2004-006-01)
New kernels are available for Slackware 9.0, 9.1 and -current.
The 9.1 and -current kernels have been upgraded to 2.4.24, and a
fix has been backported to the 2.4.21 kernels in Slackware 9.0
to fix a bounds-checking problem in the kernel's mremap() call
which could be used by a local attacker to gain root privileges.
Sites should upgrade to the 2.4.24 kernel and kernel modules.
After installing the new kernel, be sure to run 'lilo'.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Tue Jan 6 15:01:54 PST 2004
patches/kernels/: Upgraded to Linux 2.4.24. This fixes a bounds-checking
problem in the kernel's mremap() call which could be used by a local attacker
to gain root privileges. Sites should upgrade to the 2.4.24 kernel and
kernel modules. After installing the new kernel, be sure to run 'lilo'.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Thanks to Paul Starzetz for finding and researching this issue.
(* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-2.tgz: Recompiled against
linux-2.4.24.
patches/packages/cvs-1.11.11-i486-1.tgz: Upgraded to cvs-1.11.11.
This version enforces greater security. Changes include pserver
refusing to run as root, and logging attempts to exploit the security
hole fixed in 1.11.10 in the syslog.
patches/packages/kernel-ide-2.4.24-i486-1.tgz: Upgraded bare.i kernel
package to Linux 2.4.24.
patches/packages/kernel-modules-2.4.24-i486-1.tgz: Upgraded to Linux
2.4.24 kernel modules.
patches/packages/kernel-source-2.4.24-noarch-2.tgz: Upgraded to Linux
2.4.24 kernel source, with XFS and Speakup patches included (but not
pre-applied). This uses the XFS and Speakup patches for 2.4.23, which
should be fine since 2.4.24 didn't change much code. Proper XFS
patches for 2.4.24 will probably be out soon to fix the one Makefile
rejection for EXTRAVERSION = -xfs, but likely little else will be
different since XFS development has already gone ahead to what is now
the 2.4.25-pre kernel series.
patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-2.tgz:
Recompiled against linux-2.4.24-xfs.
patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.24-i486-1.tgz:
Upgraded to Linux 2.4.24 kernel modules for the xfs.s (XFS patched)
kernel.
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-ide-2.4.21-i486-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-source-2.4.21-noarch-3.tgz
An alternate kernel may be installed. Those are found in this directory:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/kernels/
Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.24-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-2.4.24-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.24-noarch-1.tgz
An alternate kernel may be installed. Those are found in this directory:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/
The ALSA driver package has also been recompiled for 2.4.24:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-driver-0.9.8-i486-2.tgz
The XFS patched kernel requires different kernel modules. If you use
the XFS filesystem and XFS patched kernel (xfs.s), these packages
contain kernel modules compiled against 2.4.24-xfs:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.24-i486-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-ide-2.4.24-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-2.4.24-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-2.4.24-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-2.4.24-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/alsa-driver-1.0.0rc2-i486-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/kernel-modules-xfs/alsa-driver-xfs-1.0.0rc2-i486-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/kernel-modules-xfs/kernel-modules-xfs-2.4.24-i486-1.tgz
MD5 SIGNATURES:
+-------------+
MD5 signatures may be downloaded from our FTP server:
Slackware 9.0 packages:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/CHECKSUMS.md5
To verify authenticity, this file has been signed with the Slackware
GPG key (use 'gpg --verify'):
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/CHECKSUMS.md5.asc
Slackware 9.1 packages:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5
To verify authenticity, this file has been signed with the Slackware
GPG key (use 'gpg --verify'):
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5.asc
Slackware -current packages:
ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5
ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc
INSTALLATION INSTRUCTIONS:
+------------------------+
Use upgradepkg to install the new kernel, kernel-modules, and alsa packages.
After installing the kernel-ide package you will need to run lilo ('lilo' at
a command prompt) or create a new system boot disk ('makebootdisk'), and
reboot.
If desired, a kernel from the kernels/ directory may be used instead. For
example, to use the kernel in kernels/scsi.s/, you would copy it to the
boot directory like this:
cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.24
Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.24 /boot/vmlinuz
Then, run 'lilo' or create a new system boot disk and reboot.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/+24cakRjwEAQIjMRAjuKAJ9Kt43KdBoCtCJ8SwALDBOgns7YPQCeIb0a
B0XAL19ltxq0bV+K6XCERQA=
=2ju8
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists