lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040618140022.GA1749@tsunami.trustix.net>
Date: Fri, 18 Jun 2004 16:00:22 +0200
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2004-0035 - kernel


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0035

Package name:      kernel
Summary:           Possible security holes in drivers
Date:              2004-06-18
Affected versions: Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

Problem description:
  During checks of the Linux 2.6 source using an automated tool called sparse,
  several issues were discovered.  Some of these were discovered to also
  apply to the 2.4 series of the Linux kernel.  See CAN-2004-0495 at 
  http://cve.mitre.org/ for more information on this issue.

  The patches used were provided by Alexander Viro and fix issues in the
  following drivers: aironet, asus_acpi, decnet, mpu401, msnd, and pss.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by a
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  Most updates for Trustix Secure Linux are made available for public
  testing some time before release.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/horizon/>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.0/> and
  <URI:http://www.trustix.org/errata/trustix-2.1/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0035>


MD5sums of the packages:
- --------------------------------------------------------------------------
22195923138313be0364b8e61dda9976  2.1/rpms/kernel-2.4.26-3tr.i586.rpm
f57e5647681740e8dede3f2b42b641d8  2.1/rpms/kernel-BOOT-2.4.26-3tr.i586.rpm
41d153652628df20dd31b333cd7c8446  2.1/rpms/kernel-doc-2.4.26-3tr.i586.rpm
3952ccb23e1a7e2dbf13500f30777ce3  2.1/rpms/kernel-firewall-2.4.26-3tr.i586.rpm
8f0a3fa07eb8794e67443ebcd75f8a2b  2.1/rpms/kernel-firewallsmp-2.4.26-3tr.i586.rpm
b5dd1969e52498693093346751583425  2.1/rpms/kernel-smp-2.4.26-3tr.i586.rpm
5a32b0abe3374b84479543e0ab71dc76  2.1/rpms/kernel-source-2.4.26-3tr.i586.rpm
3e51119fa72b1c35aebb8ea3841ee6d1  2.1/rpms/kernel-utils-2.4.26-3tr.i586.rpm
cc535941d1fb028b063451cff3e1c9f5  2.0/rpms/kernel-2.4.26-3tr.i586.rpm
e40a0219ac5bb7b7170cd8bdbcbb8da9  2.0/rpms/kernel-BOOT-2.4.26-3tr.i586.rpm
e958d97d02fd8d62a9caa37f0d55c32c  2.0/rpms/kernel-doc-2.4.26-3tr.i586.rpm
d241d68a96e16e7b7762046a4b07360a  2.0/rpms/kernel-firewall-2.4.26-3tr.i586.rpm
7e7dd026a55c737dce00fcc006cec405  2.0/rpms/kernel-firewallsmp-2.4.26-3tr.i586.rpm
61da0c5b2e3bb0cecbc36feeba97ce15  2.0/rpms/kernel-smp-2.4.26-3tr.i586.rpm
d3e09b45ba347a8981d39bfa0652c0dd  2.0/rpms/kernel-source-2.4.26-3tr.i586.rpm
9e26f39614829fa6b4f8060138648b6f  2.0/rpms/kernel-utils-2.4.26-3tr.i586.rpm
7c6eac6ac266e4d81a06ca8b86b5e0a3  e2/kernel-2.4.26-3tr.i586.rpm
bf501f2ae0145913e727285a02c32242  e2/kernel-BOOT-2.4.26-3tr.i586.rpm
6bc291b29b78b7ce41b012f9f84de5de  e2/kernel-doc-2.4.26-3tr.i586.rpm
a5f92a80acbe411223b0c26f85b558d6  e2/kernel-firewall-2.4.26-3tr.i586.rpm
4dc76136c8d858e5fcf3321b6e17fb15  e2/kernel-firewallsmp-2.4.26-3tr.i586.rpm
9784f4dc71e45fc2518e7e92f543ff6b  e2/kernel-smp-2.4.26-3tr.i586.rpm
636cad177c6248b7e7beb689c53aa947  e2/kernel-source-2.4.26-3tr.i586.rpm
406dfc1826d219e8942bcc4401d119ef  e2/kernel-utils-2.4.26-3tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFA0vGJi8CEzsK9IksRAvaJAJ9kc5UUlMuLsauQ6vrRUHWQPN1xsQCeIRlM
I8jghBhCFzYlJlhQhHXuibg=
=Ig09
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ