[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200405212142.00647.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 21/May/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 21/May/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) kernel -> Multiple vulnerabilities within the kernel
===========================================================
* kernel -> Multiple vulnerabilities within the kernel
===========================================================
More information :
The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
- Real time clock (RTC) routines in Linux kernel does not properly initialize their structures,
which could leak kernel data to user space.
- The R128 driver has a vulnerability.
- Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel.
- Buffer overflow in the ISO9660 file system component for Linux kernel.
- The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes,
which allows local users to cause a denial of service (crash).
- The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written
to the device for an ext3 file system, which allows local users to obtain sensitive information by
reading the raw device.
- A "potential" buffer overflow exists in the panic() function in kernel.
- The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter
when an error occurs after the mm_struct for a child process has been activated,
which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion).
Impact :
The vulnerabilities may allow an attacker to cause a denial of
service to the kernel and gain sensitive information from your system.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turboupdate
# turbopkg
# zabom update kernel kernel-BOOT kernel-doc kernel-headers \
kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
kernel-2.4.25-3.src.rpm
36845560 43f987c9ba58bef4d2052d517bae91a3
Binary Packages
Size : MD5
kernel-2.4.25-3.i586.rpm
13768395 961cb1242dc89e6b815cece76aecfe42
kernel-BOOT-2.4.25-3.i586.rpm
6894271 f2ed3e7abd7cba9d90a50a8996aa8115
kernel-doc-2.4.25-3.i586.rpm
1573387 4d5f79df18f678771d1a8470d21810e0
kernel-headers-2.4.25-3.i586.rpm
1986966 7c265f85713748fc7fd20df340c8d7ee
kernel-pcmcia-cs-2.4.25-3.i586.rpm
365681 f74d9b0d52602a69df8825831d92edca
kernel-smp-2.4.25-3.i586.rpm
14161425 9cc5b89c2f126904a2cca9ebd7700531
kernel-smp64G-2.4.25-3.i586.rpm
14139065 65dcf2069df77cd6ecd74b234187df8a
kernel-source-2.4.25-3.i586.rpm
27434031 a965e854d02602e541b26409e4d1d244
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
kernel-2.4.25-3.src.rpm
36845560 43f987c9ba58bef4d2052d517bae91a3
Binary Packages
Size : MD5
kernel-2.4.25-3.i586.rpm
13768395 961cb1242dc89e6b815cece76aecfe42
kernel-BOOT-2.4.25-3.i586.rpm
6894271 f2ed3e7abd7cba9d90a50a8996aa8115
kernel-doc-2.4.25-3.i586.rpm
1573387 4d5f79df18f678771d1a8470d21810e0
kernel-headers-2.4.25-3.i586.rpm
1986966 7c265f85713748fc7fd20df340c8d7ee
kernel-pcmcia-cs-2.4.25-3.i586.rpm
365681 f74d9b0d52602a69df8825831d92edca
kernel-smp-2.4.25-3.i586.rpm
14161425 9cc5b89c2f126904a2cca9ebd7700531
kernel-smp64G-2.4.25-3.i586.rpm
14139065 65dcf2069df77cd6ecd74b234187df8a
kernel-source-2.4.25-3.i586.rpm
27434031 a965e854d02602e541b26409e4d1d244
<Turbolinux 10 Desktop>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kernel-2.6.0-8.src.rpm
47387817 b0e9f3c652a6692b6d4741cd2e539453
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-2.6.0-8.i586.rpm
13148949 99104a31b0a0d5c71028a76d8bd00ad9
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-doc-2.6.0-8.i586.rpm
1662274 c2db44905b2022da855158cd38f0de33
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-extramodules-2.6.0-8.i586.rpm
2965265 69554343ca7d2a30a9636bd5255b0b45
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-headers-2.6.0-8.i586.rpm
1753842 9d31c7f0e6a0a075a6bc6bc5f4ce20c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-pcmcia-cs-2.6.0-8.i586.rpm
315306 495778a6eb08807ce19ec0a7e3dae0db
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-smp-2.6.0-8.i586.rpm
13768557 2361cbb154eb9aa3eaac8531fe6f3ed8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-source-2.6.0-8.i586.rpm
28488662 0a9026a322b4706f1778c27cae6e199a
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
Notice : You have to reboot your system after this update is finished.
kernel-2.4.25-3 CAN-2004-0010, CAN-2004-0394, CAN-2004-0427
kernel-2.6.0-8 CAN-2004-0109, CAN-2004-0427
kernel-2.4.18-19 CAN-2003-0984, CAN-2004-0003, CAN-2004-0010, CAN-2004-0109
CAN-2004-0178, CAN-2004-0181, CAN-2004-0394, CAN-2004-0427
References:
CVE
[CAN-2003-0984]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984
[CAN-2004-0003]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
[CAN-2004-0010]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0010
[CAN-2004-0109]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109
[CAN-2004-0178]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178
[CAN-2004-0181]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181
[CAN-2004-0394]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
[CAN-2004-0427]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFArfkUK0LzjOqIJMwRAjiaAKCwR1fuBQGtyjEgHkUdkbyPywz5eQCfXCBX
dKcvDeuxkyjyHnGcfKedwsg=
=pfn/
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists