lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060721131738.GA8458@tsunami.trustix.net>
Date: Fri, 21 Jul 2006 15:17:38 +0200
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2006-0042 - multi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0042

Package names:	   gnupg, kernel, samba
Summary:           Multiple vulnerabilities
Date:              2006-07-21
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2
 
- --------------------------------------------------------------------------
Package description:
  gnupg
  GnuPG is a complete and free replacement for PGP. Because it does not
  use IDEA it can be used without any restrictions. GnuPG is in compliance
  with the OpenPGP specification (RFC2440).

  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process 
  allocation, device input and output, etc.

  samba
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines. Samba
  uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI
  (Microsoft Raw NetBIOS frame) protocol.

Problem description:
  gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - SECURITY Fix: A vulnerability has been reported in GnuPG, cause due
    to an input validation error within "parse-packet.c" when handling
    the length of a message packet. This can be exploited to cause gpg
    to consume large amount of memory or crash via an overly large packet
    length in a message packet. This can be further exploited to cause an
    integer overflow which leads to a possible memory corruption that
    crashes gpg.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2006-3082 to this issue.

  kernel < TSL 3.0 >
  - New upstream.
  - Upgraded 3ware 9xxx RAID driver, Bug #1823.
  - SECURITY FIX: A vulnerability has been reported in the Linux kernel,
    which can be exploited by malicious, local users to gain escalated
    privileges. The vulnerability is caused due to a race condition in
    "/proc" when changing file status. Successful exploitation allows
    execution of arbitrary code with root privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2006-3626 to this issue.
  
  samba < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - SECURITY Fix: A vulnerability has been reported in Samba, caused due
    to an error when handling a lot of share connection requests. This
    can be exploited to cause smbd to exhaust memory resources via a
    large number of share connections.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2006-3403 to this issue. 

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2006/0042/>


MD5sums of the packages:
- --------------------------------------------------------------------------
f86810db08844c94b81fd105e664fe01  3.0/rpms/gnupg-1.4.4-1tr.i586.rpm
63bfe9bd1aec22b236da29ccbf8a4655  3.0/rpms/gnupg-utils-1.4.4-1tr.i586.rpm
166a291d8ada662af9ec23e022f10f45  3.0/rpms/kernel-2.6.17.6-1tr.i586.rpm
685242b444e0d1d778ec768a4a96f15f  3.0/rpms/kernel-doc-2.6.17.6-1tr.i586.rpm
d31937a2a5adf40196bc85370d441127  3.0/rpms/kernel-headers-2.6.17.6-1tr.i586.rpm
f07a32eeade28a2d0420df161e95fb58  3.0/rpms/kernel-smp-2.6.17.6-1tr.i586.rpm
a7e3cd4f1c9bcd6d4dca4aeb17ca0738  3.0/rpms/kernel-smp-headers-2.6.17.6-1tr.i586.rpm
66ff5b16345091c8870a202405cbeb3f  3.0/rpms/kernel-source-2.6.17.6-1tr.i586.rpm
5f1b3333e0e4ca35f47f753471da4602  3.0/rpms/kernel-utils-2.6.17.6-1tr.i586.rpm
d84b4f9c672459d3d8aa8d31ccb41831  3.0/rpms/samba-3.0.22-2tr.i586.rpm
13f99d5c950dfe7068937b3e9a26d84a  3.0/rpms/samba-client-3.0.22-2tr.i586.rpm
845519745dc778ae2e6420f5b6fbe130  3.0/rpms/samba-common-3.0.22-2tr.i586.rpm
e942e48ac256273d6dccb28b4ed5c3e4  3.0/rpms/samba-devel-3.0.22-2tr.i586.rpm
60c46bad4adc0d51b0c78852e47db908  3.0/rpms/samba-mysql-3.0.22-2tr.i586.rpm

870f8111fbe4cea1623678c977e97514  2.2/rpms/gnupg-1.2.6-3tr.i586.rpm
2276e7687268bf607d378ab05665e2c7  2.2/rpms/gnupg-utils-1.2.6-3tr.i586.rpm
bb3b9c56f4fd44ac10e7dda01a5c69df  2.2/rpms/samba-3.0.22-2tr.i586.rpm
ebf3d7854e10c8bb65b4a307bd9cf5ae  2.2/rpms/samba-client-3.0.22-2tr.i586.rpm
75db20c88bdf7e35077ab70c628a3f6d  2.2/rpms/samba-common-3.0.22-2tr.i586.rpm
f22d5e489fb365fa2d72aac15ab5cb32  2.2/rpms/samba-devel-3.0.22-2tr.i586.rpm
5ba89867dd0ef342d480e61c9a53b124  2.2/rpms/samba-mysql-3.0.22-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEwNHmi8CEzsK9IksRAnwVAJ9Z6VoyOrmgzNq9jxXNa4fMBT0M3QCgqbUc
W9m229UX0fkyL4HxqAMjwHA=
=o9l8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ