Trustix alert TSLSA-2004-0022 (kernel)
| From: | Trustix Security Advisor <tsl@trustix.org> | |
| To: | tsl-announce@lists.trustix.org | |
| Subject: | TSLSA-2004-0022 - kernel | |
| Date: | Thu, 22 Apr 2004 12:47:00 +0200 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2004-0022 Package name: kernel Summary: root exploit in MCAST_MSFILTER Date: 2004-04-21 Affected versions: Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2 - -------------------------------------------------------------------------- Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Problem description: A locally exploitable interger overflow has been found the multicast code of the Linux kernel versions 2.4.22 to 2.4.25 and 2.6.1 - 2.6.3. A successful exploit could lead to full superuser privileges. This release fixes this hole. This has been assigned CAN-2004-0424 by the CVE. Action: We recommend that all systems with this package installed be upgraded. Location: All Trustix updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Public testing: Most updates for Trustix Secure Linux are made available for public testing some time before release. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://tsldev.trustix.org/horizon/> You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf" regexp = ".*" } Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.0/> and <URI:http://www.trustix.org/errata/trustix-2.1/> or directly at <URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0022-kernel.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 43dd714f2b9e88731fd559c4bee08102 TSEL-2/kernel-2.4.25-8tr.i586.rpm a60d02d18da3502c72efc8c77eb7f655 TSEL-2/kernel-BOOT-2.4.25-8tr.i586.rpm 56508a6ef688ce9be2361145e5c33d97 TSEL-2/kernel-doc-2.4.25-8tr.i586.rpm cbd3abf08f3ce998c617ff84c2a5e284 TSEL-2/kernel-firewall-2.4.25-8tr.i586.rpm 35593bce715313857536b221a75442ac TSEL-2/kernel-firewallsmp-2.4.25-8tr.i586.rpm 0222d70c0493d821676d22805a8f5b61 TSEL-2/kernel-smp-2.4.25-8tr.i586.rpm 114176129b268a8aa5b2d36e79f8fc34 TSEL-2/kernel-source-2.4.25-8tr.i586.rpm 4fbb796471ceacd2df29470983802e13 TSEL-2/kernel-utils-2.4.25-8tr.i586.rpm 0184edfc42854942b5f760d3382f6900 2.0/rpms/kernel-2.4.25-8tr.i586.rpm bbdd76292022d15c3da18bb32f46963f 2.0/rpms/kernel-BOOT-2.4.25-8tr.i586.rpm 2a1d14361208a17c05cb841654c6e9c4 2.0/rpms/kernel-doc-2.4.25-8tr.i586.rpm 77a3f1e8861384b498cc96a30a340174 2.0/rpms/kernel-firewall-2.4.25-8tr.i586.rpm 1e15e0fc36ceaf136b8b449f42435019 2.0/rpms/kernel-firewallsmp-2.4.25-8tr.i586.rpm 5a99b12df1dffdea0a63a908519da9f0 2.0/rpms/kernel-smp-2.4.25-8tr.i586.rpm 200326029106c0ba22340c7cd7a4623d 2.0/rpms/kernel-source-2.4.25-8tr.i586.rpm 88502b25cf25b1c8d7185264726d78fc 2.0/rpms/kernel-utils-2.4.25-8tr.i586.rpm 4fb7e57c4eeb48ca939289e651e863ad 2.1/rpms/kernel-2.4.25-8tr.i586.rpm dff3e66a113611cbeb033d08c4dfc705 2.1/rpms/kernel-BOOT-2.4.25-8tr.i586.rpm 5c20f65673510342820cf3af56e2a03f 2.1/rpms/kernel-doc-2.4.25-8tr.i586.rpm a5d77f2554c4718e26393babdf930d78 2.1/rpms/kernel-firewall-2.4.25-8tr.i586.rpm 513684ed8d4df55f3d97d10eec5a0c51 2.1/rpms/kernel-firewallsmp-2.4.25-8tr.i586.rpm 5c14af38d621ac0c68e38eda235ea755 2.1/rpms/kernel-smp-2.4.25-8tr.i586.rpm 5e58c66f5b4df02ec7da33f161c963e9 2.1/rpms/kernel-source-2.4.25-8tr.i586.rpm ddb1bc89ac82532abc1e4bf819d8fed4 2.1/rpms/kernel-utils-2.4.25-8tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAh6KNi8CEzsK9IksRAqRAAJ42IewUIvoET55iArGV2Rv6wLl2/wCeLyw0 ghCODfZVOoArsPz3V+09tgw= =xK+Y -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce
(Log in to post comments)