Conectiva alert: kernel

Posted by dave on Feb 20, 2004 9:13 AM EDT
Mailing list
Mail this story
Print this story

Paul Starzetz identified a new vulnerability in the linux memory management code that can be used by local attackers to obtain root privileges.

Hash: SHA1

- -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - --------------------------------------------------------------------------

PACKAGE : kernel SUMMARY : Fixes for kernel vulnerabilities DATE : 2004-02-20 14:47:00 ID : CLA-2004:820 RELEVANT RELEASES : 8, 9

- -------------------------------------------------------------------------

DESCRIPTION The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. Paul Starzetz identified[1] a new vulnerability[2] in the linux memory management code that can be used by local attackers to obtain root privileges. Two other, unrelated, fixes have also been included in this update: - CAN-2004-0010[4]: vulnerability in the ncp file system (ncpfs); - local kmod denial of service (no CAN alocated to this issue)[5].

SOLUTION It is recommended that all users upgrade the kernel packages. IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 9 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed). Generic kernel update instructions can be obtained in the manuals and in our faq page[3]. REFERENCES 1. 2. 3. 4. 5.|src/|src/kernel|hist/kernel/kmod.c


ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades:

- run: apt-get update - after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at

- ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at Instructions on how to check the signatures of the RPM packages can be found at

- ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at

- ------------------------------------------------------------------------- Copyright (c) 2004 Conectiva Inc.

- ------------------------------------------------------------------------- subscribe: [] unsubscribe: [] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see

iD8DBQFANjqV42jd0JmAcZARAlnPAKC9kdzB8q4OU4t06wsT66Dy14tJCgCfeIuU 005RK4NvNsyHuN8/lqzOcYI= =Y6Z6 -----END PGP SIGNATURE-----

» Read more about: Story Type: Security; Groups: Conectiva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.