lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050405141044.GA28714@tsunami.trustix.net>
Date: Tue, 5 Apr 2005 16:10:44 +0200
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2005-0011 - kernel


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0011

Package name:      kernel
Summary:           Various security bugs
Date:              2005-04-05
Affected versions: Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.


Problem description:
  Mathieu Lafon didcovered an information leak in the ext2 mkdir() function
  where random kernel memory is written to disk.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-0400 to this issue.


  Herbert Xu discovered a potential DOS in load_elf_library.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-0749 to this issue.


  Ilja van Sprundel discovered an exploitable integer overflow in
  af_bluetooth which could lead to priviliege escalation.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-0750 to this issue.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0011/>


MD5sums of the packages:
- --------------------------------------------------------------------------
5a101df55c1b7913557af4f6973de263  2.2/rpms/kernel-2.4.30-2tr.i586.rpm
8168ff203ce1d9d8abfac4e8ea43bc56  2.2/rpms/kernel-BOOT-2.4.30-2tr.i586.rpm
2c7f4c7f9a7b6f4046712aa11bc54a81  2.2/rpms/kernel-doc-2.4.30-2tr.i586.rpm
de8a41479e466904e1e4ac48f404d15d  2.2/rpms/kernel-smp-2.4.30-2tr.i586.rpm
09bc2ed6711f8cd78eacd4231b10c3a2  2.2/rpms/kernel-source-2.4.30-2tr.i586.rpm
6443f710872c3c70f7bcc3b4ed14d20c  2.2/rpms/kernel-utils-2.4.30-2tr.i586.rpm

1b56583fb5e9c9c6feb7bd2210be9f4b  2.1/rpms/kernel-2.4.30-1tr.i586.rpm
3d56c6e78d2efef344fc40d0909dc0ed  2.1/rpms/kernel-BOOT-2.4.30-1tr.i586.rpm
b8587c2e64c1f78f3dc0f450fa7958f9  2.1/rpms/kernel-doc-2.4.30-1tr.i586.rpm
e2eca2719a9cb1243ba6e67dc59d8fde  2.1/rpms/kernel-firewall-2.4.30-1tr.i586.rpm
28469f57323a08a810315e8120bf212e  2.1/rpms/kernel-firewallsmp-2.4.30-1tr.i586.rpm
7df6788b4799278b7f573ca6c32cd2b2  2.1/rpms/kernel-smp-2.4.30-1tr.i586.rpm
f54c959f4c7bbd08ff1d8d6f4fcf3e8e  2.1/rpms/kernel-source-2.4.30-1tr.i586.rpm
15358a847f862cf00d9130682e58844d  2.1/rpms/kernel-utils-2.4.30-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCUpovi8CEzsK9IksRAjTyAJ9vFZ/l4PKsPKtptwp7swMpR5n3nQCcD/9D
kr7wqn50Gvl5Fn5W+ZxNXLU=
=Cbpv
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ