User: Password:
|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2007-0002 (kernel)

From:  Trustix Security Advisor <tsl@trustix.org>
To:  tsl-announce@lists.trustix.org
Subject:  TSLSA-2007-0002 - kernel
Date:  Fri, 5 Jan 2007 13:50:19 +0000

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2007-0002 Package names: kernel Summary: Multiple vulnerabilities Date: 2007-01-05 Affected versions: Trustix Secure Linux 2.2 - -------------------------------------------------------------------------- Package description: kernel The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Problem description: kernel < TSL 2.2 > - New Upstream. - SECURITY Fix: A security issue has been reported in Linux kernel caused due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initialises an event timer before scheduling it with the "add_timer()" function. - The mincore function in kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. - Another vulnerability has been reported in linux kernel caused due to a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-5749, CVE-2006-4814 and CVE-2006-6106 to these issues. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/> and <URI:http://www.trustix.org/errata/trustix-3.0/> or directly at <URI:http://www.trustix.org/errata/2007/0002/> MD5sums of the packages: - -------------------------------------------------------------------------- 07b0ac415dd9fc54a2554c3f9959a8dd 2.2/rpms/kernel-2.4.34-1tr.i586.rpm 6b33b076d6283739bcdf24d47e3c533d 2.2/rpms/kernel-BOOT-2.4.34-1tr.i586.rpm f84e0457f87db355400170c8c08c47f3 2.2/rpms/kernel-doc-2.4.34-1tr.i586.rpm 81d3c6b205e38132069e0e0937949e7f 2.2/rpms/kernel-smp-2.4.34-1tr.i586.rpm 78cf36aeefc26ca693f1231a44500d9d 2.2/rpms/kernel-source-2.4.34-1tr.i586.rpm 3cf65151b4231b6af6a2fc6bac381307 2.2/rpms/kernel-utils-2.4.34-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFFnkNOi8CEzsK9IksRAihnAJ4nszqHr+8pbZcmocEbmPo12S1LmACeLNTa 29D92A10Z9jIXV+nD/8CD8Q= =/xtL -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds