lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050113170805.GA22640@tsunami.trustix.net>
Date: Thu, 13 Jan 2005 18:08:05 +0100
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2005-0001 - multi


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0001

Package name:      fcron, kernel
Summary:           Security 
Date:              2005-01-13
Affected versions: Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  fcron:
  Fcron is a scheduler.  It is used to run specified tasks at specified times.

  kernel:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

Problem description:
  fcron:
  Security vulnerabilites have been found in fcronsighup, the program used
  by fcrontab to tell fcron it should reload its configuration.
  Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup's overall
  security.


  kernel:
  Paul Starzetz discovered an exploitable flaw in the page fault handler.
  This only affects SMP kernels.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-0001 to this issue.

  Paul Starzetz discovered an exploitable flaw in the binary loaders for
  ELF and a.out.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the names CAN-2004-1235 and CAN-2004-1074 to this issue.

  Chris Wright fixed a user triggerable BUG() when a user created a large
  vma that overlapped with arg pages during exec.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-0003 to this issue.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.5/>,
  <URI:http://www.trustix.org/errata/trustix-2.0/>,
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/xxxx/>


MD5sums of the packages:
- --------------------------------------------------------------------------
3fc55fd0937594be4d7f3691d8d2b848  2.2/rpms/fcron-2.9.5-2tr.i586.rpm
573b2d3472ca2f7045a899e1ef11f612  2.2/rpms/kernel-2.4.28-7tr.i586.rpm
24377fa035ae34b883cc3e6ed23b7a07  2.2/rpms/kernel-BOOT-2.4.28-7tr.i586.rpm
98b1bc8129b0cc9e870c9f0b80302f52  2.2/rpms/kernel-doc-2.4.28-7tr.i586.rpm
135d125be3f1d0aefd25c3496f84608a  2.2/rpms/kernel-smp-2.4.28-7tr.i586.rpm
467c553d32b93d0b89dd7b5096af6f18  2.2/rpms/kernel-source-2.4.28-7tr.i586.rpm
6fdba81878841ec179ddb19b57682f0d  2.2/rpms/kernel-utils-2.4.28-7tr.i586.rpm

60708932f68ea9b22366c0b4d480b1a1  2.1/rpms/fcron-2.9.5.1-1tr.i586.rpm
09e6834988d360bbfc30589fb8a6c690  2.1/rpms/kernel-2.4.28-3tr.i586.rpm
8bc1236ef6a3f6a1141d782fa3c0f61d  2.1/rpms/kernel-BOOT-2.4.28-3tr.i586.rpm
60ddeefe597383bb10fd332247f3bbce  2.1/rpms/kernel-doc-2.4.28-3tr.i586.rpm
3353625a06bc4f9c2fc69a4832cd7cd0  2.1/rpms/kernel-firewall-2.4.28-3tr.i586.rpm
568b5491424463bcd9edadac734dfb0f  2.1/rpms/kernel-firewallsmp-2.4.28-3tr.i586.rpm
24ccd6eeaffc59c457f2510c8779c3ca  2.1/rpms/kernel-smp-2.4.28-3tr.i586.rpm
bd42164aee09465748a27d53c181a85b  2.1/rpms/kernel-source-2.4.28-3tr.i586.rpm
9ab0e533f809df322acbd053c4efb955  2.1/rpms/kernel-utils-2.4.28-3tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFB5qgGi8CEzsK9IksRAkv/AJ9nwFqe89y8aXxsUJdn2Qa8cZ0w9gCffwUG
i6/JJuUtqD5tHhe+UEIfQkc=
=wt50
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ