TSLSA-2004-0068 - kernel

From: Trustix Security Advisor (tsl_at_trustix.org)
Date: 12/20/04

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200412-15 ] Ethereal: Multiple vulnerabilities"
    Date: Mon, 20 Dec 2004 11:32:17 +0100
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Trustix Secure Linux Advisory #2004-0068

    Package name: kernel
    Summary: Remote hole, local DoS
    Date: 2004-01-19
    Affected versions: Trustix Secure Linux 2.0
                       Trustix Secure Linux 2.1
                       Trustix Secure Linux 2.2
                       Trustix Operating System - Enterprise Server 2

    - --------------------------------------------------------------------------
    Package description:
      The kernel package contains the Linux kernel (vmlinuz), the core of your
      Trustix Secure Linux operating system. The kernel handles the basic
      functions of the operating system: memory allocation, process allocation,
      device input and output, etc.

    Problem description:
      Problem 1:
      Paul Starzetz discovered a bug in the IGMP networking modules of the
      Linux kernel. This allows for a remote DoS and local root exploit.

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has
      assigned the name CAN-2004-1137 to this issue.

      Problem 2:
      Paul Starzetz discovered a bug in the socket API of the Linux kernel.
      This allows for a local DoS.

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has
      assigned the name CAN-2004-1016 to this issue.

    Action:
      We recommend that all systems with this package installed be upgraded.
      Please note that if you do not need the functionality provided by this
      package, you may want to remove it from your system.

    Location:
      All Trustix Secure Linux updates are available from
      <URI:http://http.trustix.org/pub/trustix/updates/>
      <URI:ftp://ftp.trustix.org/pub/trustix/updates/>

    About Trustix Secure Linux:
      Trustix Secure Linux is a small Linux distribution for servers. With focus
      on security and stability, the system is painlessly kept safe and up to
      date from day one using swup, the automated software updater.

    Automatic updates:
      Users of the SWUP tool can enjoy having updates automatically
      installed using 'swup --upgrade'.

    Questions?
      Check out our mailing lists:
      <URI:http://www.trustix.org/support/>

    Verification:
      This advisory along with all Trustix packages are signed with the
      TSL sign key.
      This key is available from:
      <URI:http://www.trustix.org/TSL-SIGN-KEY>

      The advisory itself is available from the errata pages at
      <URI:http://www.trustix.org/errata/trustix-2.0/>,
      <URI:http://www.trustix.org/errata/trustix-2.1/> and
      <URI:http://www.trustix.org/errata/trustix-2.2/>
      or directly at
      <URI:http://www.trustix.org/errata/2004/0068/>

    MD5sums of the packages:
    - --------------------------------------------------------------------------
    781655c929326e7e9d3ade0c474582ca 2.2/rpms/kernel-2.4.28-7tr.i586.rpm
    b993766375aa81c6714be71475a5b447 2.2/rpms/kernel-BOOT-2.4.28-7tr.i586.rpm
    9ab7b909185640dff72a333fbfffcb14 2.2/rpms/kernel-doc-2.4.28-7tr.i586.rpm
    6b561081a1183a809cc2eb89ff076d4d 2.2/rpms/kernel-smp-2.4.28-7tr.i586.rpm
    ee7ca7031f29928941d726be9a1f3dc4 2.2/rpms/kernel-source-2.4.28-7tr.i586.rpm
    b4bc5dbc4811c43479896630f8d0b39a 2.2/rpms/kernel-utils-2.4.28-7tr.i586.rpm

    5afee2abe55f335c143d303cc329b81d 2.1/rpms/kernel-2.4.28-2tr.i586.rpm
    1ffe80f443589b8ffff7f32d3eb7a6b5 2.1/rpms/kernel-BOOT-2.4.28-2tr.i586.rpm
    9b85940ca0ee1274de09cb5128e39950 2.1/rpms/kernel-doc-2.4.28-2tr.i586.rpm
    e1b6a2dfe47c1aac555b57553b5aee70 2.1/rpms/kernel-firewall-2.4.28-2tr.i586.rpm
    eef015869b503ab599462c38e702875f 2.1/rpms/kernel-firewallsmp-2.4.28-2tr.i586.rpm
    a6fd219cd7d2cb45523c35c912a7ffbc 2.1/rpms/kernel-smp-2.4.28-2tr.i586.rpm
    4f741300d8664e4b79c3ee9b96014723 2.1/rpms/kernel-source-2.4.28-2tr.i586.rpm
    103207dad12fc60d3ee265a44e41cfa5 2.1/rpms/kernel-utils-2.4.28-2tr.i586.rpm

    4c774553e1ea27bc54877564c9f05272 2.0/rpms/kernel-2.4.28-1tr.i586.rpm
    d8a32bd9ea3bd3098202d45abccbc51b 2.0/rpms/kernel-BOOT-2.4.28-1tr.i586.rpm
    e79bd34a8f9d99f4dde68ecae86c8af8 2.0/rpms/kernel-doc-2.4.28-1tr.i586.rpm
    716264ba652ce2a34f643628b5776fe9 2.0/rpms/kernel-firewall-2.4.28-1tr.i586.rpm
    14ea5a9e9e7e40620ba7a8d2659eb18f 2.0/rpms/kernel-firewallsmp-2.4.28-1tr.i586.rpm
    f9b96b32950b523b0722025f2959989a 2.0/rpms/kernel-smp-2.4.28-1tr.i586.rpm
    c4dc601b7e8ab4ca3816129d20d1de11 2.0/rpms/kernel-source-2.4.28-1tr.i586.rpm
    ff850ebad1dedb0971d3f774272d10cf 2.0/rpms/kernel-utils-2.4.28-1tr.i586.rpm
    - --------------------------------------------------------------------------

    Trustix Security Team

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQFBxphyi8CEzsK9IksRAh50AJ9/XSQjkQlbXXsafgcrGRdENX9hlQCfdB9/
    xm65cBrz+0qSzjvWXUEOyLM=
    =BwnO
    -----END PGP SIGNATURE-----


  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200412-15 ] Ethereal: Multiple vulnerabilities"

    Relevant Pages

    • Updated: TSLSA-2004-0068 - kernel
      ... this update of the advisory is to correct that. ... Package name: kernel ... Affected versions: Trustix Secure Linux 2.0 ... The kernel package contains the Linux kernel, ...
      (Bugtraq)
    • TSLSA-2004-0042 - rsync
      ... Affected versions: Trustix Secure Linux 1.5 ... Package description: ... Rsync uses a quick and reliable algorithm to very quickly bring remote ... From the official rsync advisory: ...
      (Bugtraq)
    • TSLSA-2006-0024 - multi
      ... Trustix Secure Linux Security Advisory #2006-0024 ... Affected versions: Trustix Secure Linux 2.2 ... Package description: ... Mu Security has reported a vulnerability in Cyrus SASL ...
      (Bugtraq)
    • TSLSA-2004-0053 - cyrus-sasl
      ... Trustix Secure Linux Security Advisory #2004-0053 ... Package name: cyrus-sasl ... Affected versions: Trustix Secure Linux 2.0 ... This advisory along with all Trustix packages are signed with the ...
      (Bugtraq)
    • TSLSA-2004-0064 - nfs-utils
      ... Package name: nfs-utils ... Affected versions: Trustix Secure Linux 2.0 ... traditional Linux NFS server used by most users. ... This advisory along with all Trustix packages are signed with the ...
      (Bugtraq)