| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040620151601.GA8423@tinysofa.org>
Date: Mon, 21 Jun 2004 01:16:01 +1000
From: tinysofa Security Team <security@...ysofa.org>
To: bugtraq@...urityfocus.com
Subject: TSSA-2004-011 - kernel
===========================================================================
_
|_ . _ _ _ (_ _
|_ | | ) \/ _) (_) | (_|
/
Security Advisory #2004-011
Package name: kernel
Summary: Denial Of Service
Advisory ID: TSSA-2004-011
Date: 2004-06-18
Affected versions: tinysofa enterprise server 1.0
tinysofa enterprise server 1.0-U1
Immune versions:
tinysofa enterprise server 1.0-U2
===========================================================================
Security Fixes
==============
Description
-----------
kernel:
* Linux kernel [0] 2.4.2x and 2.6.x for x86 allows local users to cause a
denial of service (system crash), possibly via an infinite loop that
triggers a signal handler with a certain sequence of fsave and frstor
instructions.
This problem has been assigned the name CAN-2004-0554 [1] by the
Common Vulnerabilities and Exposures (CVE) project.
This problem was first reported by Øyvind Sæther [2].
References
----------
[0] http://www.kernel.org/
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554
[2] http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
Recommended Action
==================
We recommend that all systems with these packages installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location
========
All tinysofa updates are available from
<URI:http://http.tinysofa.org/pub/tinysofa/updates/>
<URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>
Automatic Updates
=================
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
==========
Check out our mailing lists:
<URI:http://www.tinysofa.org/support/>
Verification
============
This advisory is signed with the tinysofa security sign key.
This key is available from:
<URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>
All tinysofa packages are signed with the tinysofa stable sign key.
This key is available from:
<URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>
The advisory is available from the tinysofa errata database at
<URI:http://www.tinysofa.org/support/errata/>
or directly at
<URI:http://www.tinysofa.org/support/errata/2004/011.html>
MD5sums Of The Packages
=======================
f946d5730ca05552c2e4558c30f85385 kernel-2.4.26-7ts.i586.rpm
f6830e8c4fabd1fe2ca6f10ba51d470f kernel-BOOT-2.4.26-7ts.i586.rpm
a2514654659e6d5a3bf3070122ad5ebe kernel-doc-2.4.26-7ts.i586.rpm
f1b166ec413f2bea0e6b8cb3f59cf6d8 kernel-firewall-2.4.26-7ts.i586.rpm
bba4b058793545867b5ef0ba76beea89 kernel-firewallsmp-2.4.26-7ts.i586.rpm
3c318967fee6b34cfb453d64ab7dbaeb kernel-smp-2.4.26-7ts.i586.rpm
5f3ded94047616a0f5dec63fcb227d81 kernel-source-2.4.26-7ts.i586.rpm
ad6419eca94eec034503558e75318663 kernel-utils-2.4.26-7ts.i586.rpm
--
tinysofa Security Team <security at tinysofa dot org>
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists