[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1BDlzO-000oeuC__47247.4812566817$1081970733@finlandia.Infodrom.North.DE>
Date: Wed, 14 Apr 2004 17:07:46 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 480-1] New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 480-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
April 14th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : kernel-image-2.4.17-hppa kernel-image-2.4.18-hppa
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178
Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 and 2.4.18 for the hppa
(PA-RISC) architecture. The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with this
update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the Linux
kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could
lead an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian
Krahmer and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.
CAN-2004-0178
Andreas Kies discovered a denial of service condition in the Sound
Blaster driver in Linux. He also developed a correction for this.
These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.
For the stable distribution (woody) these problems have been fixed in
version 32.4 for Linux 2.4.17 and in version 62.3 for Linux 2.4.18.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.dsc
Size/MD5 checksum: 713 d6e475210d87586fafc91e1d557a1a81
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.tar.gz
Size/MD5 checksum: 29958654 8357b4f2946cd1256a0ddf51395aaa1b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.dsc
Size/MD5 checksum: 713 a7dd8816219af9d8af30e0dd5d4933ae
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.tar.gz
Size/MD5 checksum: 30341920 73ebcb15f4e1245792af77ab2edc8133
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.4_all.deb
Size/MD5 checksum: 24111814 32a7c5a4b9b7f56f76a3810ee1c671bd
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-source-2.4.18-hppa_62.3_all.deb
Size/MD5 checksum: 24403622 c5600ecd5365f4699e3937328536d997
HP Precision architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.4_hppa.deb
Size/MD5 checksum: 3531374 1ace6b1a6f1575bb05cfa38eef8ae28e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.4_hppa.deb
Size/MD5 checksum: 2738008 7460b70d3551740b099f47cc00f75a9a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.4_hppa.deb
Size/MD5 checksum: 2870152 3012e161b10a40ef75b5ca7dc99f646a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.4_hppa.deb
Size/MD5 checksum: 3024374 dc9b851d809cbe09e4d4db58c905c8a8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.4_hppa.deb
Size/MD5 checksum: 3165848 b6b8cbf7f48fbf729c859350c7d09e11
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-headers-2.4.18-hppa_62.3_hppa.deb
Size/MD5 checksum: 3545648 cdc19e048e49678e4f42bef608a24461
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32_62.3_hppa.deb
Size/MD5 checksum: 2763774 f51ec93fcb6101a2e3ecf4d9767237c8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32-smp_62.3_hppa.deb
Size/MD5 checksum: 2903956 88e4ca002820f71fcc5101762f8b24e4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64_62.3_hppa.deb
Size/MD5 checksum: 3061206 9ef449c857ec8a57c505fdee26b7a936
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64-smp_62.3_hppa.deb
Size/MD5 checksum: 3199070 e59926283c57ef868881e6cc1e501e6b
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAfVO+W5ql+IAeqTIRAiSeAJ93ehL1LmbRBheMrhISXJb2IcMRSQCgna2i
QZMFDWSgY4WZsGOz8HAYDcg=
=pO1N
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists