lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040226204528.GG12099@wirex.com>
Date: Thu, 26 Feb 2004 12:45:28 -0800
From: Immunix Security Team <security@...unix.com>
To: bugtraq@...urityfocus.com
Subject: Immunix Secured OS 7+ kernel update

[Dearest Bugtraq readers, please do not use challenge-response antispam
tools, please do not report our GPG signature as a virus, and please do
not send us out of office autoreplies. Thanks.]

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	Immunix OS 7+
Affected products:	kernel
Bugs fixed:		CAN-2004-0077
Date:			Thu Feb 26 2004
Advisory ID:		IMNX-2004-7+-001-01
Author:			Seth Arnold <sarnold@...unix.com>
-----------------------------------------------------------------------

Description:
  Paul Starzetz and Wojciech Purczynski report finding a flaw in the
  mremap(2) system call due to a missing function return value check.
  While they found the flaw on the 2.4 series of Linux kernels, the 2.2
  series of Linux kernels is also vulnerable to the same problem.

  This updated package includes a patch from Solar Designer to address
  this flaw, as well as some additional uninitialized memory leaking to
  userspace fixes.

  Immunix, Inc., would like to remind Immunix OS 7+ users that support
  for 7+ will be terminated on March 1, 2004. We will be happy to host
  updated packages sent to us by users; contact the immunix-users mail
  list for further information. Users may purchase Immunix OS 7.3 at:
  http://www.immunix.com/products/immunixos/ 
  Immunix OS 7.3 includes StackGuard, FormatGuard, SubDomain, the 2.4
  version of the Linux kernel with better scalability and device
  support, and up2date. More information on Immunix OS 7.3 is at:
  http://www.immunix.org/immunix73.html

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i586.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i686.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-enterprise-2.2.19-16_imnx_29.i686.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-ibcs-2.2.19-16_imnx_29.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-pcmcia-cs-2.2.19-16_imnx_29.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i586.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i686.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-source-2.2.19-16_imnx_29.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-utils-2.2.19-16_imnx_29.i386.rpm

  Source packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/kernel-2.2.19-16_imnx_29.src.rpm

Immunix OS 7+ md5sums:
  c2b9a8f0ab3026491fa8fb04234208ba RPMS/kernel-2.2.19-16_imnx_29.i386.rpm
  454c4eb51de6d229c85c33900f85de84  RPMS/kernel-2.2.19-16_imnx_29.i586.rpm
  448a88fb052a9e9c1afcecbbbfddc74e  RPMS/kernel-2.2.19-16_imnx_29.i686.rpm
  4468c2dc2f6c9138d18760699128eb19  RPMS/kernel-BOOT-2.2.19-16_imnx_29.i386.rpm
  bc740f31f66f7edbb5b4d5305b61012a  RPMS/kernel-doc-2.2.19-16_imnx_29.i386.rpm
  78c7b0fa3cabf9519174611f0f9413ae  RPMS/kernel-enterprise-2.2.19-16_imnx_29.i686.rpm
  a1f34f891a53601b2ece582f8dea184d  RPMS/kernel-ibcs-2.2.19-16_imnx_29.i386.rpm
  6bc9e0872791f84f7475e4955215652a  RPMS/kernel-pcmcia-cs-2.2.19-16_imnx_29.i386.rpm
  74e32963fe41ad4a24dc0e8c00a2af2f  RPMS/kernel-smp-2.2.19-16_imnx_29.i386.rpm
  0599c5197b64db2711f71545de6db67e  RPMS/kernel-smp-2.2.19-16_imnx_29.i586.rpm
  30ba663d45fc6d7f0b4646b74ac5807b  RPMS/kernel-smp-2.2.19-16_imnx_29.i686.rpm
  0bdb57e7c70b45add66fdae520e2772a  RPMS/kernel-source-2.2.19-16_imnx_29.i386.rpm
  a7c4640d6d4a0ad2cf3cbb638bd6c35f  RPMS/kernel-utils-2.2.19-16_imnx_29.i386.rpm
  cc0d6ab4a6aec94565649bbf7a1926b8  SRPMS/kernel-2.2.19-16_imnx_29.src.rpm


GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.


NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 7.3 will not be officially supported after March 31 2005.
  ImmunixOS 7+ will not be officially supported after March 1 2004.
  ImmunixOS 7.0 is no longer officially supported.
  ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@...unix.com.
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ