| |||||||||||||
|
| |||||||||||||
Trustix alert TSLSA-2005-0022 (kernel,)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0022 Package name: kernel, squid Summary: Security issues Date: 2005-05-13 Affected versions: Trustix Secure Linux 1.5 Trustix Secure Linux 2.1 Trustix Secure Linux 2.2 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: kernel: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. squid: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Problem description: kernel: A locally exploitable flaw has been found by Paul Starzetz in the Linux ELF binary format loader's core dump function that allows Local users to trigger a BUG() in the kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1263 to this issue. squid: Security Fix: A vulnerability has been reported in Squid, which can be exploited by malicious people to spoof DNS lookups. The vulnerability is caused due to an unspecified error in the DNS client when handling DNS responses and can be exploited to spoof DNS lookups. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>> <URI:ftp://ftp.trustix.org/pub/trustix/updates/>> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/>> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY>> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-1.5/>>, <URI:http://www.trustix.org/errata/trustix-2.1/>> and <URI:http://www.trustix.org/errata/trustix-2.2/>> or directly at <URI:http://www.trustix.org/errata/2005/0022/>> MD5sums of the packages: - -------------------------------------------------------------------------- eb216091e9dd02985d05226fdcba9acc 1.5/rpms/kernel-2.2.26-2tr.i586.rpm 9cbda0bfe03d1e06ecbd2718f503bba6 1.5/rpms/kernel-BOOT-2.2.26-2tr.i586.rpm 7d57ce041664a3b39f819b66fffef7eb 1.5/rpms/kernel-doc-2.2.26-2tr.i586.rpm 5f2a24da5f61721be68a8b3c5bdf3be0 1.5/rpms/kernel-headers-2.2.26-2tr.i586.rpm 1710ce5c745268f70bca93c4baf93dea 1.5/rpms/kernel-smp-2.2.26-2tr.i586.rpm 24f52eb0b6ca1c2860337056aa9feaeb 1.5/rpms/kernel-source-2.2.26-2tr.i586.rpm 37a3b61d33b17a961cccd0805b2f1cd9 1.5/rpms/kernel-utils-2.2.26-2tr.i586.rpm 6e00b6c14c515ddd25912cd0aaa73b1a 2.1/rpms/kernel-2.4.30-3tr.i586.rpm 713e93415236406f93cc8626826a72b0 2.1/rpms/kernel-BOOT-2.4.30-3tr.i586.rpm 88b1329979398ff88c67c521d8242c53 2.1/rpms/kernel-doc-2.4.30-3tr.i586.rpm 872cabdba51f80de2dc118adb76282ac 2.1/rpms/kernel-firewall-2.4.30-3tr.i586.rpm 48b8f5ea4adeeb14a3c90c7aff743268 2.1/rpms/kernel-firewallsmp-2.4.30-3tr.i586.rpm c2f4d5cd0ea297aa3cc9d463162d72e1 2.1/rpms/kernel-smp-2.4.30-3tr.i586.rpm 3da5009288919861756b7455f54d4552 2.1/rpms/kernel-source-2.4.30-3tr.i586.rpm 9b53240f35425810040233cdff074892 2.1/rpms/kernel-utils-2.4.30-3tr.i586.rpm eb1424037817a4943c2ee43c45efd2cd 2.1/rpms/squid-2.5.STABLE9-3tr.i586.rpm 7942e345a8b92d22a000286ac3b3e5bf 2.2/rpms/kernel-2.4.30-4tr.i586.rpm 438a262a917b69ab9dd821beedf02290 2.2/rpms/kernel-BOOT-2.4.30-4tr.i586.rpm 91a4b9c555a84387625837ee9a1a5a06 2.2/rpms/kernel-doc-2.4.30-4tr.i586.rpm 4f70e9029525f687eab0796bf674eea6 2.2/rpms/kernel-smp-2.4.30-4tr.i586.rpm f7c9129ae59ea7421180a373aec255f1 2.2/rpms/kernel-source-2.4.30-4tr.i586.rpm 44135c9dd23da7ed85f58cff9c27061e 2.2/rpms/kernel-utils-2.4.30-4tr.i586.rpm 01b561b3993cd33d91d3c5f42aa6802e 2.2/rpms/squid-2.5.STABLE9-6tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFChLtai8CEzsK9IksRAsnWAJ43oqkrxz3+kXdRAjcweb11V78degCeL7mF 32+XJ9Y4rSf4FI7dbY53JI4= =mlaJ -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce (Log in to post comments)
|
|
||||||||||||