[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200402231624.25712.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 23/Feb/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 23/Feb/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) kernel -> kernel mremap vulnerability
===========================================================
* kernel -> kernel mremap vulnerability
===========================================================
More information :
The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
The kernel handles the basic functions of the operating system.
The Linux memory management subsystem (mremap) isssue have been discovered in Kernel2.4.
This vulnerability is a different than TLSA-2004-1.
Impact :
The local users may be able to gain root privileges.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs \
kernel-smp kernel-smp64G kernel-source
---------------------------------------------
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-17.src.rpm
41913933 5ccb9a89c3be94deab1c97ab586c09c9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-17.i586.rpm
14075980 30ccd11d880a7e0e32bbee21439ec709
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
7101289 e30110e267be513da3c358ad0d4b4550
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
1457830 24714114e93a4a93a814cdf4498159bc
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
1816441 85f24c7dd6dd7cf8da00e8050c124195
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
329393 488edeb522ce0790bf4298e8d11b25eb
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
14549351 a17c70329b0912939a60bb4ca9017049
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
14542476 c5346adab1623182b4c75e6392a08d62
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
26544848 6fe1468ae10699ea55b0421c8e89db32
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-17.src.rpm
41913933 5ccb9a89c3be94deab1c97ab586c09c9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-17.i586.rpm
14075980 30ccd11d880a7e0e32bbee21439ec709
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
7101289 e30110e267be513da3c358ad0d4b4550
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
1457830 24714114e93a4a93a814cdf4498159bc
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
1816441 85f24c7dd6dd7cf8da00e8050c124195
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
329393 488edeb522ce0790bf4298e8d11b25eb
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
14549351 a17c70329b0912939a60bb4ca9017049
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
14542476 c5346adab1623182b4c75e6392a08d62
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
26544848 6fe1468ae10699ea55b0421c8e89db32
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-17.src.rpm
41913933 5ccb9a89c3be94deab1c97ab586c09c9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-17.i586.rpm
14075980 30ccd11d880a7e0e32bbee21439ec709
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
7101289 e30110e267be513da3c358ad0d4b4550
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
1457830 24714114e93a4a93a814cdf4498159bc
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
1816441 85f24c7dd6dd7cf8da00e8050c124195
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
329393 488edeb522ce0790bf4298e8d11b25eb
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
14549351 a17c70329b0912939a60bb4ca9017049
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
14542476 c5346adab1623182b4c75e6392a08d62
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
26544848 6fe1468ae10699ea55b0421c8e89db32
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-17.src.rpm
41913933 5ccb9a89c3be94deab1c97ab586c09c9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-17.i586.rpm
14075980 30ccd11d880a7e0e32bbee21439ec709
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
7101289 e30110e267be513da3c358ad0d4b4550
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
1457830 24714114e93a4a93a814cdf4498159bc
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
1816441 85f24c7dd6dd7cf8da00e8050c124195
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
329393 488edeb522ce0790bf4298e8d11b25eb
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
14549351 a17c70329b0912939a60bb4ca9017049
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
14542476 c5346adab1623182b4c75e6392a08d62
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
26544848 6fe1468ae10699ea55b0421c8e89db32
References :
CVE
[CAN-2004-0077]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAOaqCK0LzjOqIJMwRAjSwAKCYURsgoIQi5KaUxAX7R8EAm8VFdACdHSrQ
Kz0qI7oMT7Qc+4jcYCf36gE=
=OxkY
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists