lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021122152410.1AD6C11D319@juggernaut.guardiandigital.com>
From: security at guardiandigital.com (EnGarde Secure Linux)
Subject: [ESA-20021122-030] local kernel vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory               November 22, 2002 |
| http://www.engardelinux.org/                          ESA-20021122-030 |
|                                                                        |
| Package: kernel                                                        |
| Summary: local vulnerabilities.                                        |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, e-commerce, and integrated open source
  security tools.

OVERVIEW
- --------
  Solar Designer kindly pointed out to us that our last kernel update
  (ESA-20021022-026) was incomplete because 2.2.22-rc1 did not contain
  all the critical security fixes.  This update backports the remaining
  fixes.

  This update also fixes a denial of service attack where a local user
  could lock the machine.

  All users are recommended to upgrade immediately using the special
  SOLUTION in this advisory.

SOLUTION
- --------
  Users of the EnGarde Professional edition can use the Guardian Digital
  Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
  as outlined in this advisory.  Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Please read and understand this entire section before you attempt to
  upgrade the kernel.

  Initial Steps
  -------------
    1) Verify the machine is either:

       a) booted into a "standard" kernel; or
       b) LIDS is disabled (/sbin/lidsadm -S -- -LIDS_GLOBAL)

    2) Determine which kernels you currently have installed:

         # rpm -qa --qf "%{NAME}\n" | grep kernel

    3) Download the new kernels that match what you have installed
       (based on step 2) from the "UPDATED PACKAGES" section of this
       advisory.

  Installation Steps
  ------------------
    4) Install the new packages.  The packages will automagically
       update /etc/lilo.conf by commenting out any old EnGarde images
       and replacing them with the new ones:

         # rpm --replacefiles -i <kernel 1> <kernel 2> ...

    5) Re-run LILO.  If you see any errors then open /etc/lilo.conf in
       your favorite text editor and make the appropriate changes:

         #  /sbin/lilo

  Final Steps
  -----------
    6) If you did not see any LILO errors then your new kernel is now
       installed and your machine is ready to be rebooted:

         # reboot

UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux Community
  Edition.

  Source Packages:

    SRPMS/kernel-2.2.19-1.0.29.src.rpm
      MD5 Sum: 9b4826ca5257cf76f4cc80b7d2b8f970

  Binary Packages:

    i386/kernel-2.2.19-1.0.29.i386.rpm
      MD5 Sum: d7832ded322e444b1754aab6aa3369ae

    i386/kernel-lids-mods-2.2.19-1.0.29.i386.rpm
      MD5 Sum: 711f92dde4726474c526766e8be18be4

    i386/kernel-smp-lids-mods-2.2.19-1.0.29.i386.rpm
      MD5 Sum: 4c8524458b94d65a5df1401707a59355

    i386/kernel-smp-mods-2.2.19-1.0.29.i386.rpm
      MD5 Sum: 5b3df58bf41b98451f20700d25107b3d

    i686/kernel-2.2.19-1.0.29.i686.rpm
      MD5 Sum: ff4b48ed55eff840324f9ef27db0c21d

    i686/kernel-lids-mods-2.2.19-1.0.29.i686.rpm
      MD5 Sum: e6cc2cd48bca65ff29ba82bd82a926d1

    i686/kernel-smp-lids-mods-2.2.19-1.0.29.i686.rpm
      MD5 Sum: f39a8f68e1dedcd4e2ebf21b11a7a78f

    i686/kernel-smp-mods-2.2.19-1.0.29.i686.rpm
      MD5 Sum: d217eabb58429da7cebd9e07a0d29daa

REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Official Web Site of the Linux Kernel:
    http://www.kernel.org/

  Security Contact:   security@...rdiandigital.com
  EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20021122-030-kernel,v 1.3 2002/11/22 15:16:04 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@...rdiandigital.com>
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE93kwZHD5cqd57fu0RAr8FAJoDjfno6prsRaabUPSzHZVtqom/DQCaA9Vt
aDnfQHqzYsy+CK/AUwDpfz0=
=+4my
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
     To unsubscribe email engarde-security-request@...ardelinux.org
         with "unsubscribe" in the subject of the message.

Copyright(c) 2002 Guardian Digital, Inc.                EnGardeLinux.org
------------------------------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ