[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040226204528.GG12099@wirex.com>
Date: Thu, 26 Feb 2004 12:45:28 -0800
From: Immunix Security Team <security@...unix.com>
To: bugtraq@...urityfocus.com
Subject: Immunix Secured OS 7+ kernel update
[Dearest Bugtraq readers, please do not use challenge-response antispam
tools, please do not report our GPG signature as a virus, and please do
not send us out of office autoreplies. Thanks.]
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: Immunix OS 7+
Affected products: kernel
Bugs fixed: CAN-2004-0077
Date: Thu Feb 26 2004
Advisory ID: IMNX-2004-7+-001-01
Author: Seth Arnold <sarnold@...unix.com>
-----------------------------------------------------------------------
Description:
Paul Starzetz and Wojciech Purczynski report finding a flaw in the
mremap(2) system call due to a missing function return value check.
While they found the flaw on the 2.4 series of Linux kernels, the 2.2
series of Linux kernels is also vulnerable to the same problem.
This updated package includes a patch from Solar Designer to address
this flaw, as well as some additional uninitialized memory leaking to
userspace fixes.
Immunix, Inc., would like to remind Immunix OS 7+ users that support
for 7+ will be terminated on March 1, 2004. We will be happy to host
updated packages sent to us by users; contact the immunix-users mail
list for further information. Users may purchase Immunix OS 7.3 at:
http://www.immunix.com/products/immunixos/
Immunix OS 7.3 includes StackGuard, FormatGuard, SubDomain, the 2.4
version of the Linux kernel with better scalability and device
support, and up2date. More information on Immunix OS 7.3 is at:
http://www.immunix.org/immunix73.html
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i586.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i686.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-enterprise-2.2.19-16_imnx_29.i686.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-ibcs-2.2.19-16_imnx_29.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-pcmcia-cs-2.2.19-16_imnx_29.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i586.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i686.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-source-2.2.19-16_imnx_29.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-utils-2.2.19-16_imnx_29.i386.rpm
Source packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/kernel-2.2.19-16_imnx_29.src.rpm
Immunix OS 7+ md5sums:
c2b9a8f0ab3026491fa8fb04234208ba RPMS/kernel-2.2.19-16_imnx_29.i386.rpm
454c4eb51de6d229c85c33900f85de84 RPMS/kernel-2.2.19-16_imnx_29.i586.rpm
448a88fb052a9e9c1afcecbbbfddc74e RPMS/kernel-2.2.19-16_imnx_29.i686.rpm
4468c2dc2f6c9138d18760699128eb19 RPMS/kernel-BOOT-2.2.19-16_imnx_29.i386.rpm
bc740f31f66f7edbb5b4d5305b61012a RPMS/kernel-doc-2.2.19-16_imnx_29.i386.rpm
78c7b0fa3cabf9519174611f0f9413ae RPMS/kernel-enterprise-2.2.19-16_imnx_29.i686.rpm
a1f34f891a53601b2ece582f8dea184d RPMS/kernel-ibcs-2.2.19-16_imnx_29.i386.rpm
6bc9e0872791f84f7475e4955215652a RPMS/kernel-pcmcia-cs-2.2.19-16_imnx_29.i386.rpm
74e32963fe41ad4a24dc0e8c00a2af2f RPMS/kernel-smp-2.2.19-16_imnx_29.i386.rpm
0599c5197b64db2711f71545de6db67e RPMS/kernel-smp-2.2.19-16_imnx_29.i586.rpm
30ba663d45fc6d7f0b4646b74ac5807b RPMS/kernel-smp-2.2.19-16_imnx_29.i686.rpm
0bdb57e7c70b45add66fdae520e2772a RPMS/kernel-source-2.2.19-16_imnx_29.i386.rpm
a7c4640d6d4a0ad2cf3cbb638bd6c35f RPMS/kernel-utils-2.2.19-16_imnx_29.i386.rpm
cc0d6ab4a6aec94565649bbf7a1926b8 SRPMS/kernel-2.2.19-16_imnx_29.src.rpm
GPG verification:
Our public keys are available at http://download.immunix.org/GPG_KEY
Immunix, Inc., has changed policy with GPG keys. We maintain several
keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
Immunix 7.3 package signing, and 1B7456DA for general security issues.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 7.3 will not be officially supported after March 31 2005.
ImmunixOS 7+ will not be officially supported after March 1 2004.
ImmunixOS 7.0 is no longer officially supported.
ImmunixOS 6.2 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@...unix.com.
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists