lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 20/Oct/2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 20/Oct/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) kernel -> Multiple vulnerabilities in kernel
 (2) kdebase -> Two issues have been discovered in KDM


===========================================================
* kernel -> Multiple vulnerabilities in kernel
===========================================================

 More information :
    The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
    The kernel handles the basic functions of the operating system.
    - /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links,
      which could allow local users to obtain potentially sensitive information such as
      the length of passwords.
    - A race condition in the way env_start and env_end pointers are initialized in the execve
      system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause
      a denial of service (crash).
    - The STP protocol implementation does not properly verify certain lengths,
      which could allow attackers to cause a denial of service. 

 Impact :
     The vulnerabilities allow an attacker to make the cause of the denial of
     service of the kernel and to gain sensitive information on your system.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation


 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 # zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
 ---------------------------------------------


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-14.src.rpm
     41830023 9765a2ec6220266e8b2700b93459670b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-14.i586.rpm
     14058234 82db3c20c79b9f0ef84eba74f4ec7b77
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-14.i586.rpm
      7089082 08b378fdfe39bea52f3a6d1adeaa6064
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-14.i586.rpm
      1456572 6777d197a1914eada0d4896da311a343
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-14.i586.rpm
      1815315 89ecfca39f5887e447acd37a017e3396
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-14.i586.rpm
       328971 a72ece851b562ae62d123416c0ff676e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-14.i586.rpm
     14541620 38b18536f9f3bf8d16aa67f97a8a88c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-14.i586.rpm
     14529456 297bff4f2d3bd19d5c9e2f2e1045d302
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-14.i586.rpm
     26614965 cea03467b12fe632b16a9cd4dc8f24ad

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-14.src.rpm
     41830023 9765a2ec6220266e8b2700b93459670b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-14.i586.rpm
     14058234 82db3c20c79b9f0ef84eba74f4ec7b77
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-14.i586.rpm
      7089082 08b378fdfe39bea52f3a6d1adeaa6064
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-14.i586.rpm
      1456572 6777d197a1914eada0d4896da311a343
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-14.i586.rpm
      1815315 89ecfca39f5887e447acd37a017e3396
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-14.i586.rpm
       328971 a72ece851b562ae62d123416c0ff676e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-14.i586.rpm
     14541620 38b18536f9f3bf8d16aa67f97a8a88c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-14.i586.rpm
     14529456 297bff4f2d3bd19d5c9e2f2e1045d302
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-14.i586.rpm
     26614965 cea03467b12fe632b16a9cd4dc8f24ad

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-14.src.rpm
     41830023 9765a2ec6220266e8b2700b93459670b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-14.i586.rpm
     14058234 82db3c20c79b9f0ef84eba74f4ec7b77
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-14.i586.rpm
      7089082 08b378fdfe39bea52f3a6d1adeaa6064
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-14.i586.rpm
      1456572 6777d197a1914eada0d4896da311a343
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-14.i586.rpm
      1815315 89ecfca39f5887e447acd37a017e3396
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-14.i586.rpm
       328971 a72ece851b562ae62d123416c0ff676e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-14.i586.rpm
     14541620 38b18536f9f3bf8d16aa67f97a8a88c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-14.i586.rpm
     14529456 297bff4f2d3bd19d5c9e2f2e1045d302
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-14.i586.rpm
     26614965 cea03467b12fe632b16a9cd4dc8f24ad

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-14.src.rpm
     41830023 9765a2ec6220266e8b2700b93459670b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-14.i586.rpm
     14058234 82db3c20c79b9f0ef84eba74f4ec7b77
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-14.i586.rpm
      7089082 08b378fdfe39bea52f3a6d1adeaa6064
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-14.i586.rpm
      1456572 6777d197a1914eada0d4896da311a343
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-14.i586.rpm
      1815315 89ecfca39f5887e447acd37a017e3396
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-14.i586.rpm
       328971 a72ece851b562ae62d123416c0ff676e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-14.i586.rpm
     14541620 38b18536f9f3bf8d16aa67f97a8a88c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-14.i586.rpm
     14529456 297bff4f2d3bd19d5c9e2f2e1045d302
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-14.i586.rpm
     26614965 cea03467b12fe632b16a9cd4dc8f24ad


 Notice : You have to reboot your system after this update is finished.

 Enhancement :
    updated acpi-thermal-40,i2c-2.8.0 drivers
    added qla2xxx drivers

 References :

 CVE
   [CAN-2003-0461]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0461
   [CAN-2003-0462]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0462
   [CAN-2003-0551]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0551

 Turbolinux Security Advisory
   [TLSA-2003-41]
   http://www.turbolinux.com/security/TLSA-2003-41.txt

 --------------------------------------------------------------------------
 Revision History
    20 Oct 2003 Initial release
 --------------------------------------------------------------------------

===========================================================
* kdebase -> Two issues have been discovered in KDM
===========================================================

 More information :
    Privilege escalation with specific PAM modules.
    Session cookies generated by KDM are potentially insecure.

 Impact :
    The local users may be able to gain root privileges.
    The weak cookie generation may allow non-authorized users to guess the session cookie by
    a brute force attack.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 af04ccdf4ccf9720df849613b7c20866

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     16158716 f5e1c81fd4ead3e1bf05f66569b3114e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54350 f61ce9b68c463465ae5846f68879a24e

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 ec056e9910b8715a716bce2a4596fe07

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     16157388 79f26858cec0b67cb83097baf35f7ea0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54264 0687ccf6695c7f0c79cfcbb709e90506

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 75b7decef759e4cd9682c40f1e439bc2

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     15775946 917d992f65ac098ce3cc785650c83655
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54281 7dada55383a049a4fd6c845a5013e7ea

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 b2912df0daf619ae9277cb9305a64896

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     15761012 c99d88aa9a2a5a2c6915986c3c2ba9d0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54299 5f9a84f714168c3b846eca52328ef5e0


 References :

 KDE Security Advisory
   http://www.kde.org/info/security/advisory-20030916-1.txt

 CVE
   [CAN-2003-0690]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
   [CAN-2003-0692]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692


 --------------------------------------------------------------------------
 Revision History
    20 Oct 2003 Initial release
 --------------------------------------------------------------------------


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/k8I/K0LzjOqIJMwRAgbbAJ4ktFX4Mf6X0FI9iJRdgGxOBa22UACfZf3n
M0I82Zo5SE27kaDhxDf8xYI=
=KsVL
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists