LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Trustix alert TSLSA-2004-0022 (kernel)



From:
    	      Trustix Security Advisor <tsl@trustix.org>


To:
    	      tsl-announce@lists.trustix.org


Subject:
    	      TSLSA-2004-0022 - kernel


Date:
    	      Thu, 22 Apr 2004 12:47:00 +0200



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0022

Package name:      kernel
Summary:           root exploit in MCAST_MSFILTER
Date:              2004-04-21
Affected versions: Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Secure Enterprise Linux 2

- --------------------------------------------------------------------------
Package description:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process
  allocation, device input and output, etc.


Problem description:
  A locally exploitable interger overflow has been found the multicast code
  of the Linux kernel versions 2.4.22 to 2.4.25 and 2.6.1 - 2.6.3.  A
  successful exploit could lead to full superuser privileges.  This
  release fixes this hole.
  This has been assigned CAN-2004-0424 by the CVE.


Action:
  We recommend that all systems with this package installed be upgraded.


Location:
  All Trustix updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  Most updates for Trustix Secure Linux are made available for public
  testing some time before release.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/horizon/>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.0/> and
  <URI:http://www.trustix.org/errata/trustix-2.1/>
  or directly at
  <URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0022-kernel.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
43dd714f2b9e88731fd559c4bee08102  TSEL-2/kernel-2.4.25-8tr.i586.rpm
a60d02d18da3502c72efc8c77eb7f655  TSEL-2/kernel-BOOT-2.4.25-8tr.i586.rpm
56508a6ef688ce9be2361145e5c33d97  TSEL-2/kernel-doc-2.4.25-8tr.i586.rpm
cbd3abf08f3ce998c617ff84c2a5e284  TSEL-2/kernel-firewall-2.4.25-8tr.i586.rpm
35593bce715313857536b221a75442ac  TSEL-2/kernel-firewallsmp-2.4.25-8tr.i586.rpm
0222d70c0493d821676d22805a8f5b61  TSEL-2/kernel-smp-2.4.25-8tr.i586.rpm
114176129b268a8aa5b2d36e79f8fc34  TSEL-2/kernel-source-2.4.25-8tr.i586.rpm
4fbb796471ceacd2df29470983802e13  TSEL-2/kernel-utils-2.4.25-8tr.i586.rpm
0184edfc42854942b5f760d3382f6900  2.0/rpms/kernel-2.4.25-8tr.i586.rpm
bbdd76292022d15c3da18bb32f46963f  2.0/rpms/kernel-BOOT-2.4.25-8tr.i586.rpm
2a1d14361208a17c05cb841654c6e9c4  2.0/rpms/kernel-doc-2.4.25-8tr.i586.rpm
77a3f1e8861384b498cc96a30a340174  2.0/rpms/kernel-firewall-2.4.25-8tr.i586.rpm
1e15e0fc36ceaf136b8b449f42435019  2.0/rpms/kernel-firewallsmp-2.4.25-8tr.i586.rpm
5a99b12df1dffdea0a63a908519da9f0  2.0/rpms/kernel-smp-2.4.25-8tr.i586.rpm
200326029106c0ba22340c7cd7a4623d  2.0/rpms/kernel-source-2.4.25-8tr.i586.rpm
88502b25cf25b1c8d7185264726d78fc  2.0/rpms/kernel-utils-2.4.25-8tr.i586.rpm
4fb7e57c4eeb48ca939289e651e863ad  2.1/rpms/kernel-2.4.25-8tr.i586.rpm
dff3e66a113611cbeb033d08c4dfc705  2.1/rpms/kernel-BOOT-2.4.25-8tr.i586.rpm
5c20f65673510342820cf3af56e2a03f  2.1/rpms/kernel-doc-2.4.25-8tr.i586.rpm
a5d77f2554c4718e26393babdf930d78  2.1/rpms/kernel-firewall-2.4.25-8tr.i586.rpm
513684ed8d4df55f3d97d10eec5a0c51  2.1/rpms/kernel-firewallsmp-2.4.25-8tr.i586.rpm
5c14af38d621ac0c68e38eda235ea755  2.1/rpms/kernel-smp-2.4.25-8tr.i586.rpm
5e58c66f5b4df02ec7da33f161c963e9  2.1/rpms/kernel-source-2.4.25-8tr.i586.rpm
ddb1bc89ac82532abc1e4bf819d8fed4  2.1/rpms/kernel-utils-2.4.25-8tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAh6KNi8CEzsK9IksRAqRAAJ42IewUIvoET55iArGV2Rv6wLl2/wCeLyw0
ghCODfZVOoArsPz3V+09tgw=
=xK+Y
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@lists.trustix.org
http://lists.trustix.org/mailman/listinfo/tsl-announce
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds