lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4045FABE.7060009@smoothwall.org>
From: neuro at smoothwall.org (William Anderson)
Subject: SmoothWall Limited Product Advisory SWL-2004:002

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------
~ SmoothWall Limited Product Advisory SWL-2004:002
- -------------------------------------------------------------

~    Summary: Updates for SmoothWall Corporate Server and
~             Corporate Guardian to correct local
~             vulnerabilities in Linux kernel.
~ Importance: Severe
~      Issue: Possible local vulnerabilities
~  CVE Names: CAN-2004-0077
~   Released: 2004-03-03
SW-specific: no

Affected Products:

~  SmoothWall Corporate Server 3.0 (fixes7)
~  SmoothWall Corporate Guardian 3.0 (fixes2)

The products shown must be updated to the fix level as
shown above before applying any updates mentioned in this
advisory.

- -------------------------------------------------------------
~ Description
- -------------------------------------------------------------

Critical security vulnerabilities have been found in the
Linux kernel in the following areas:

- - Locally exploitable vulnerabilities in memory management
~  code (mremap system calls)

These vulnerabilities can result in privilege escalation or
unwanted availability of sensitive information.

- -------------------------------------------------------------
~ Corrective Actions
- -------------------------------------------------------------

You should download and install the required update for
your product(s).  The updates can be downloaded from the
web links below, along with installation instructions and
any further caveats or updates.

SmoothWall Corporate Server 3.0 fixes 8
- - http://smoothwall.net/u/corpserv/3.0/fixes8.html
SmoothWall Corporate Server 3.0 fixes 3
- - http://smoothwall.net/u/corpserv/3.0/fixes3.html

- -------------------------------------------------------------
~ Further Information
- -------------------------------------------------------------

CVE Candidate CAN-2004-0077
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
Linux kernel do_mremap VMA limit local privilege escalation
- - http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Linux Kernel 2.4.25 Changelog
- - http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25

____ smoothwall - delivering versatile, affordable security _

- --
_ __/|  William Anderson            | Martin: Alright, I'll give it a shot.
\`O_o'  neuro at smoothwall dot org | Oatman: No, no, don't give it a shot!
=(_ _)= http://smoothwall.org/team/ |         Don't shoot anything!
~   U  - Thhbt! GPG 0x7C4D858F       |  -- Grosse Pointe Blank (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFARfq++2Hw2nxNhY8RAlSGAJ4zRQHrC6TedQanIPGV33boqXEuzQCfXBJ1
c7+mKN5YbrOTjVDWeME67rk=
=YsGz
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists