Immunix Secured OS 7.3 kernel update

From: Immunix Security Team (
Date: 01/06/04

  • Next message: Matt Zimmerman: "[SECURITY] [DSA 411-1] New mpg321 packages fix format string vulnerability"
    Date: Mon, 5 Jan 2004 17:25:14 -0800

            Immunix Secured OS Security Advisory

    Packages updated: kernel
    Affected products: Immunix 7.3
    Bugs fixed: CAN-2003-0985
    Date: Mon Jan 5 2004
    Advisory ID: IMNX-2004-73-001-01
    Author: Seth Arnold <>

      Paul Starzetz has discovered a mishandled boundary condition in the
      mremap(2) systemcall; Starzetz reports this vulnerability may be
      exploited by local untrusted users to gain root privileges. Neither
      StackGuard nor SubDomain will prevent exploitation of this
      vulnerability, though they may frustrate attempts to exploit this
      problem through a remote vulnerability. Even though we currently know
      of no active use of this vulnerability, we recommend upgrading your
      kernels when convenient.

      We've chosen to use the patch provided by Solar Designer to address
      CAN-2003-0985 -- it appears to provide stronger long-term protection
      against similar bugs than the fix provided by Andrea Arcangeli. We
      thank Solar Designer, Andrea Arcangeli, Paul Starzetz, and Wojciech
      Purczynski for their efforts to fix this problem.


      Immunix 7.3 users may use our up2date service to install fixed
      packages: you may run either "up2date" within X, and follow the
      directions, or run "up2date -u" to ensure your system is current.

      By default, kernel packages are not automatically upgraded by up2date.
      To install updated kernel packages via up2date, please run "up2date
      -fv kernel" (or "kernel-smp", "kernel-bigmem", etc.) To install
      updated kernel packages via rpm, please run "rpm -ivh <filename>".

      Ensure your /etc/grub.conf (or /etc/lilo.conf, if you've configured
      your Immunix system to use lilo) automatically selects the proper
      kernel for your configuration at boot. (If you use lilo, re-run lilo
      to install the new boot block.) For details on grub and lilo, please
      see the grub(8) and lilo(8) manpages.

    Package names and locations:
      Precompiled binary packages for Immunix 7.3 are available at:

      Source packages for Immunix 7.3 are available at:

    Immunix OS 7.3 md5sums:
      e7f4bf52e9085a4caecb44bedf3472f4 RPMS/kernel-2.4.20-20_imnx_11.athlon.rpm
      a801c7f4c5615974753b7776a1864ed4 RPMS/kernel-2.4.20-20_imnx_11.i386.rpm
      a652b813d2e362dd2a819c53f537528b RPMS/kernel-2.4.20-20_imnx_11.i586.rpm
      1533edf8fbffeea90467fde1f5c937f1 RPMS/kernel-2.4.20-20_imnx_11.i686.rpm
      8200a07c78ecb6e6a4aeb704e5957b01 RPMS/kernel-BOOT-2.4.20-20_imnx_11.i386.rpm
      6fe0e219731e6feb1a831197c36a0cd6 RPMS/kernel-bigmem-2.4.20-20_imnx_11.i686.rpm
      cf771e85d93bf9dc127a7e272e8b393e RPMS/kernel-doc-2.4.20-20_imnx_11.i386.rpm
      a70a411b1154f2d3fc12d8e9573a9b7c RPMS/kernel-smp-2.4.20-20_imnx_11.athlon.rpm
      3f728f9c682fd0ede1f0df5019d6de43 RPMS/kernel-smp-2.4.20-20_imnx_11.i586.rpm
      3d44b3907b01f20661c8ddcf45a088b8 RPMS/kernel-smp-2.4.20-20_imnx_11.i686.rpm
      2756a204b4bcef0a6ee8b6fe3e308691 RPMS/kernel-source-2.4.20-20_imnx_11.i386.rpm
      f028d960cc9c94d62f46233c70cdbb6d SRPMS/kernel-2.4.20-20_imnx_11.src.rpm

    GPG verification:
      Our public keys are available at
      Immunix, Inc., has changed policy with GPG keys. We maintain several
      keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
      Immunix 7.3 package signing, and 1B7456DA for general security issues.

      Ibiblio is graciously mirroring our updates, so if the links above are
      slow, please try:
      or one of the many mirrors available at:

      ImmunixOS 7.3 will not be officially supported after March 31 2005.
      ImmunixOS 7+ will not be officially supported after March 1 2004.
      ImmunixOS 7.0 is no longer officially supported.
      ImmunixOS 6.2 is no longer officially supported.

    Contact information:
      To report vulnerabilities, please contact
      Immunix attempts to conform to the RFP vulnerability disclosure protocol


  • Next message: Matt Zimmerman: "[SECURITY] [DSA 411-1] New mpg321 packages fix format string vulnerability"