lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200402231624.25712.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 23/Feb/2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 23/Feb/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) kernel -> kernel mremap vulnerability


===========================================================
* kernel -> kernel mremap vulnerability
===========================================================

 More information :
    The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
    The kernel handles the basic functions of the operating system.
    The Linux memory management subsystem (mremap) isssue have been discovered in Kernel2.4.
    This vulnerability is a different than TLSA-2004-1.

 Impact :
    The local users may be able to gain root privileges.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 # zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs \
                kernel-smp kernel-smp64G kernel-source
 ---------------------------------------------


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-17.src.rpm
     41913933 5ccb9a89c3be94deab1c97ab586c09c9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-17.i586.rpm
     14075980 30ccd11d880a7e0e32bbee21439ec709
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
      7101289 e30110e267be513da3c358ad0d4b4550
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
      1457830 24714114e93a4a93a814cdf4498159bc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
      1816441 85f24c7dd6dd7cf8da00e8050c124195
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
       329393 488edeb522ce0790bf4298e8d11b25eb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
     14549351 a17c70329b0912939a60bb4ca9017049
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
     14542476 c5346adab1623182b4c75e6392a08d62
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
     26544848 6fe1468ae10699ea55b0421c8e89db32

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-17.src.rpm
     41913933 5ccb9a89c3be94deab1c97ab586c09c9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-17.i586.rpm
     14075980 30ccd11d880a7e0e32bbee21439ec709
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
      7101289 e30110e267be513da3c358ad0d4b4550
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
      1457830 24714114e93a4a93a814cdf4498159bc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
      1816441 85f24c7dd6dd7cf8da00e8050c124195
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
       329393 488edeb522ce0790bf4298e8d11b25eb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
     14549351 a17c70329b0912939a60bb4ca9017049
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
     14542476 c5346adab1623182b4c75e6392a08d62
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
     26544848 6fe1468ae10699ea55b0421c8e89db32

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-17.src.rpm
     41913933 5ccb9a89c3be94deab1c97ab586c09c9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-17.i586.rpm
     14075980 30ccd11d880a7e0e32bbee21439ec709
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
      7101289 e30110e267be513da3c358ad0d4b4550
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
      1457830 24714114e93a4a93a814cdf4498159bc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
      1816441 85f24c7dd6dd7cf8da00e8050c124195
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
       329393 488edeb522ce0790bf4298e8d11b25eb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
     14549351 a17c70329b0912939a60bb4ca9017049
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
     14542476 c5346adab1623182b4c75e6392a08d62
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
     26544848 6fe1468ae10699ea55b0421c8e89db32

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-17.src.rpm
     41913933 5ccb9a89c3be94deab1c97ab586c09c9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-17.i586.rpm
     14075980 30ccd11d880a7e0e32bbee21439ec709
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm
      7101289 e30110e267be513da3c358ad0d4b4550
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm
      1457830 24714114e93a4a93a814cdf4498159bc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm
      1816441 85f24c7dd6dd7cf8da00e8050c124195
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm
       329393 488edeb522ce0790bf4298e8d11b25eb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm
     14549351 a17c70329b0912939a60bb4ca9017049
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm
     14542476 c5346adab1623182b4c75e6392a08d62
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-17.i586.rpm
     26544848 6fe1468ae10699ea55b0421c8e89db32


 References :

 CVE
   [CAN-2004-0077]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAOaqCK0LzjOqIJMwRAjSwAKCYURsgoIQi5KaUxAX7R8EAm8VFdACdHSrQ
Kz0qI7oMT7Qc+4jcYCf36gE=
=OxkY
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ