lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200405212142.00647.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 21/May/2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 21/May/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) kernel -> Multiple vulnerabilities within the kernel

===========================================================
* kernel -> Multiple vulnerabilities within the kernel
===========================================================

 More information :
    The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.

    - Real time clock (RTC) routines in Linux kernel does not properly initialize their structures,
      which could leak kernel data to user space.
    - The R128 driver has a vulnerability.
    - Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel.
    - Buffer overflow in the ISO9660 file system component for Linux kernel.
    - The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes,
      which allows local users to cause a denial of service (crash).
    - The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written
      to the device for an ext3 file system, which allows local users to obtain sensitive information by
      reading the raw device. 
    - A "potential" buffer overflow exists in the panic() function in kernel.
    - The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter
      when an error occurs after the mm_struct for a child process has been activated,
      which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion).

 Impact :
    The vulnerabilities may allow an attacker to cause a denial of
    service to the kernel and gain sensitive information from your system. 

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turboupdate

 # turbopkg

 # zabom update kernel kernel-BOOT kernel-doc kernel-headers \
                kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   kernel-2.4.25-3.src.rpm
     36845560 43f987c9ba58bef4d2052d517bae91a3

   Binary Packages
   Size : MD5

   kernel-2.4.25-3.i586.rpm
     13768395 961cb1242dc89e6b815cece76aecfe42
   kernel-BOOT-2.4.25-3.i586.rpm
      6894271 f2ed3e7abd7cba9d90a50a8996aa8115
   kernel-doc-2.4.25-3.i586.rpm
      1573387 4d5f79df18f678771d1a8470d21810e0
   kernel-headers-2.4.25-3.i586.rpm
      1986966 7c265f85713748fc7fd20df340c8d7ee
   kernel-pcmcia-cs-2.4.25-3.i586.rpm
       365681 f74d9b0d52602a69df8825831d92edca
   kernel-smp-2.4.25-3.i586.rpm
     14161425 9cc5b89c2f126904a2cca9ebd7700531
   kernel-smp64G-2.4.25-3.i586.rpm
     14139065 65dcf2069df77cd6ecd74b234187df8a
   kernel-source-2.4.25-3.i586.rpm
     27434031 a965e854d02602e541b26409e4d1d244

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   kernel-2.4.25-3.src.rpm
     36845560 43f987c9ba58bef4d2052d517bae91a3

   Binary Packages
   Size : MD5

   kernel-2.4.25-3.i586.rpm
     13768395 961cb1242dc89e6b815cece76aecfe42
   kernel-BOOT-2.4.25-3.i586.rpm
      6894271 f2ed3e7abd7cba9d90a50a8996aa8115
   kernel-doc-2.4.25-3.i586.rpm
      1573387 4d5f79df18f678771d1a8470d21810e0
   kernel-headers-2.4.25-3.i586.rpm
      1986966 7c265f85713748fc7fd20df340c8d7ee
   kernel-pcmcia-cs-2.4.25-3.i586.rpm
       365681 f74d9b0d52602a69df8825831d92edca
   kernel-smp-2.4.25-3.i586.rpm
     14161425 9cc5b89c2f126904a2cca9ebd7700531
   kernel-smp64G-2.4.25-3.i586.rpm
     14139065 65dcf2069df77cd6ecd74b234187df8a
   kernel-source-2.4.25-3.i586.rpm
     27434031 a965e854d02602e541b26409e4d1d244

 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kernel-2.6.0-8.src.rpm
     47387817 b0e9f3c652a6692b6d4741cd2e539453

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-2.6.0-8.i586.rpm
     13148949 99104a31b0a0d5c71028a76d8bd00ad9
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-doc-2.6.0-8.i586.rpm
      1662274 c2db44905b2022da855158cd38f0de33
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-extramodules-2.6.0-8.i586.rpm
      2965265 69554343ca7d2a30a9636bd5255b0b45
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-headers-2.6.0-8.i586.rpm
      1753842 9d31c7f0e6a0a075a6bc6bc5f4ce20c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-pcmcia-cs-2.6.0-8.i586.rpm
       315306 495778a6eb08807ce19ec0a7e3dae0db
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-smp-2.6.0-8.i586.rpm
     13768557 2361cbb154eb9aa3eaac8531fe6f3ed8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-source-2.6.0-8.i586.rpm
     28488662 0a9026a322b4706f1778c27cae6e199a

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-19.src.rpm
     42490854 5761fc3d88ea02e8a9f4df3df14bcf23

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-19.i586.rpm
     14113738 2d76e70834488d6f50d66a9afa1f597a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
      7155061 bd1dd1d261efa45d5ceaf82053236c8f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
      1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
      1823440 88f3e57e5b28a482bca32b77c36767d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
       330265 a0484c72d42f1b915201932daea34627
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
     14622675 a9939b840cd5d091ca04c8b4e10b2990
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
     14606327 a8ea380db63bef81b78b37bd66cd23b7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
     26627664 99fc6ae43a40a3257e63e7f09853f681

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-19.src.rpm
     42490854 5761fc3d88ea02e8a9f4df3df14bcf23

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-19.i586.rpm
     14113738 2d76e70834488d6f50d66a9afa1f597a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
      7155061 bd1dd1d261efa45d5ceaf82053236c8f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
      1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
      1823440 88f3e57e5b28a482bca32b77c36767d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
       330265 a0484c72d42f1b915201932daea34627
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
     14622675 a9939b840cd5d091ca04c8b4e10b2990
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
     14606327 a8ea380db63bef81b78b37bd66cd23b7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
     26627664 99fc6ae43a40a3257e63e7f09853f681

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-19.src.rpm
     42490854 5761fc3d88ea02e8a9f4df3df14bcf23

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-19.i586.rpm
     14113738 2d76e70834488d6f50d66a9afa1f597a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
      7155061 bd1dd1d261efa45d5ceaf82053236c8f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
      1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
      1823440 88f3e57e5b28a482bca32b77c36767d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
       330265 a0484c72d42f1b915201932daea34627
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
     14622675 a9939b840cd5d091ca04c8b4e10b2990
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
     14606327 a8ea380db63bef81b78b37bd66cd23b7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
     26627664 99fc6ae43a40a3257e63e7f09853f681

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-19.src.rpm
     42490854 5761fc3d88ea02e8a9f4df3df14bcf23

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-19.i586.rpm
     14113738 2d76e70834488d6f50d66a9afa1f597a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
      7155061 bd1dd1d261efa45d5ceaf82053236c8f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
      1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
      1823440 88f3e57e5b28a482bca32b77c36767d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
       330265 a0484c72d42f1b915201932daea34627
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
     14622675 a9939b840cd5d091ca04c8b4e10b2990
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
     14606327 a8ea380db63bef81b78b37bd66cd23b7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
     26627664 99fc6ae43a40a3257e63e7f09853f681


 Notice : You have to reboot your system after this update is finished.

   kernel-2.4.25-3    CAN-2004-0010, CAN-2004-0394, CAN-2004-0427
   kernel-2.6.0-8     CAN-2004-0109, CAN-2004-0427
   kernel-2.4.18-19   CAN-2003-0984, CAN-2004-0003, CAN-2004-0010, CAN-2004-0109
                      CAN-2004-0178, CAN-2004-0181, CAN-2004-0394, CAN-2004-0427

 References:

 CVE
  [CAN-2003-0984]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984
  [CAN-2004-0003]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
  [CAN-2004-0010]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0010
  [CAN-2004-0109]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109
  [CAN-2004-0178]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178
  [CAN-2004-0181]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181
  [CAN-2004-0394]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
  [CAN-2004-0427]
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFArfkUK0LzjOqIJMwRAjiaAKCwR1fuBQGtyjEgHkUdkbyPywz5eQCfXCBX
dKcvDeuxkyjyHnGcfKedwsg=
=pfn/
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ