|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2006-0012 (kernel mailman)



From:
    	      Trustix Security Advisor <tsl@trustix.org>


To:
    	      tsl-announce@lists.trustix.org


Subject:
    	      TSLSA-2006-0012 - multi


Date:
    	      Fri, 10 Mar 2006 14:18:25 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0012

Package names:	   kernel, mailman 
Summary:           Multiple vulnerabilities
Date:              2006-03-10
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0

- --------------------------------------------------------------------------
Package description:
  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system: memory allocation, process allocation,
  device input and output, etc.
  
  mailman
  Mailman is software to help manage email discussion lists, much like
  Majordomo and Smartmail. Unlike most similar products, Mailman gives
  each mailing list a webpage, and allows users to subscribe,
  unsubscribe, etc. over the Web. Even the list manager can administer
  his or her list entirely from the Web. Mailman also integrates most
  things people want to do with mailing lists, including archiving, mail
  <-> news gateways, and so on.

Problem description:
  kernel < TSL 3.0 >
  - New Upstream
  - SECURITY Fix: With certain types of ftruncate() activity on 2.6
    kernels, XFS can end up exposing stale data off disk to a user,
    putting extents where holes should be.
  - An error in the "nfs_get_user_pages()" function due to insufficient
    checks on the return value returned by the "get_user_pages()" function
    can be exploited to cause a local DoS by performing an O_DIRECT write
    to an NFS file where the user buffer starts with a valid mapped page,
    but also contains an unmapped page.
  - Missing checks for bad elf entry addresses can be exploited to cause an
    endless recursive fault on Intel systems, which results in a local DoS.
  - unaligned.c erroneously marked die_if_kernel() with a "noreturn"
    attribute.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2006-0554, CVE-2006-0555, CVE-2006-0741 and
    CVE-2006-0742 to these issues.

  mailman < TSL 3.0 > < TSL 2.2 >
  - SECURITY Fix: Aliet Santiesteban Sifontes has reported a
    vulnerability in Mailman, which potentially can be exploited
    by malicious people to cause a DoS (Denial of Service).
    The vulnerability is caused due to "Scrubber.py" failing to
    handle the exception condition when Python fails to process
    an email file attachment that contains utf8 characters in its
    filename.
  - Mailman did not sufficiently verify the validity of email dates.
    Very large numbers in dates caused mailman to crash.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2005-3573 and CVE-2005-4153 to these issues. 
 
Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2006/0012/>


MD5sums of the packages:
- --------------------------------------------------------------------------
1cdb10c66059d0ab548907349fb09bd7  3.0/rpms/kernel-2.6.15.6-1tr.i586.rpm
55801be213485890c73e323ed99f514a  3.0/rpms/kernel-doc-2.6.15.6-1tr.i586.rpm
3e5d4369bec1b2c2d55e4d88268060a3  3.0/rpms/kernel-headers-2.6.15.6-1tr.i586.rpm
03b1146e1e2c001cba78c5d29b651317  3.0/rpms/kernel-smp-2.6.15.6-1tr.i586.rpm
eba398d743a48e7fdd2058dc30f6e344  3.0/rpms/kernel-smp-headers-2.6.15.6-1tr.i586.rpm
c4a193c1c6b4b4bf10562f7cf3901a1a  3.0/rpms/kernel-source-2.6.15.6-1tr.i586.rpm
1c4bcf8231e06c1007aab8010072dc3f  3.0/rpms/kernel-utils-2.6.15.6-1tr.i586.rpm
d217a405605404b0448546ccbbfbb3a6  3.0/rpms/mailman-2.1.6-7tr.i586.rpm
87d4164cf1568a7cbd0711b16cfc5096  3.0/rpms/mailman-ca-2.1.6-7tr.i586.rpm
04ec8d3db85ee959481a39b59d76a863  3.0/rpms/mailman-cs-2.1.6-7tr.i586.rpm
65c34dbf4dd3361f537ab1aa32d80ba1  3.0/rpms/mailman-de-2.1.6-7tr.i586.rpm
8bd0d0104587780b4e67a15ae3cca32c  3.0/rpms/mailman-es-2.1.6-7tr.i586.rpm
761f618c37da94f9b7c2fba8b7d8d246  3.0/rpms/mailman-et-2.1.6-7tr.i586.rpm
a80cec9190adbcc84c75bf93265e9959  3.0/rpms/mailman-eu-2.1.6-7tr.i586.rpm
a7cd379dacab91eb3c0272f27c75eadc  3.0/rpms/mailman-fi-2.1.6-7tr.i586.rpm
e12ddecb22acb7329fd0796a757c7379  3.0/rpms/mailman-fr-2.1.6-7tr.i586.rpm
d73542772f90cfd67d555b780e80574a  3.0/rpms/mailman-hr-2.1.6-7tr.i586.rpm
cb016b3fc94f04de9141e7d03efa98c0  3.0/rpms/mailman-hu-2.1.6-7tr.i586.rpm
f4d95d2644d17e3ffc0e0d9b93f9d540  3.0/rpms/mailman-it-2.1.6-7tr.i586.rpm
3a886785266c021c8401b6d9604f89c2  3.0/rpms/mailman-ja-2.1.6-7tr.i586.rpm
9dfdcbda453f55c4d625784be5fb7257  3.0/rpms/mailman-ko-2.1.6-7tr.i586.rpm
dbc1fa8640481574c0bf62278e61945b  3.0/rpms/mailman-lt-2.1.6-7tr.i586.rpm
d5083d806f540e3a735139dc141ccb58  3.0/rpms/mailman-nl-2.1.6-7tr.i586.rpm
21a6e1741e52e27cd5570583f423cbe5  3.0/rpms/mailman-no-2.1.6-7tr.i586.rpm
c9438639a37a0df6e553c906f9a7b0f7  3.0/rpms/mailman-pl-2.1.6-7tr.i586.rpm
1600e59ce6ce1800c689cf043634a3b0  3.0/rpms/mailman-pt-2.1.6-7tr.i586.rpm
1acd68180e485b5775c84904b6edbca1  3.0/rpms/mailman-pt_BR-2.1.6-7tr.i586.rpm
4a3def24ce5aac858a55d65638f9e0d6  3.0/rpms/mailman-ro-2.1.6-7tr.i586.rpm
255556cf3dad63d28ef32026bebcc346  3.0/rpms/mailman-ru-2.1.6-7tr.i586.rpm
08d2cf6d570c268c02db62ac3b8e2a44  3.0/rpms/mailman-sl-2.1.6-7tr.i586.rpm
aa335e6a0f09a043cf49018ec6b4cca2  3.0/rpms/mailman-sr-2.1.6-7tr.i586.rpm
38971a9ec1c3d8c79fb85d51483e82c9  3.0/rpms/mailman-sv-2.1.6-7tr.i586.rpm
491b1df6087210d4c36e64c66491cab6  3.0/rpms/mailman-uk-2.1.6-7tr.i586.rpm
f0965fd3e49c2fcae39af89592f1f36e  3.0/rpms/mailman-zh_CN-2.1.6-7tr.i586.rpm
13897ab543f2d2f553574df1476e3581  3.0/rpms/mailman-zh_TW-2.1.6-7tr.i586.rpm

325e59a9a34b0324d1f1b96902dd85fd  2.2/rpms/mailman-2.1.6-5tr.i586.rpm
18e53d063839cb92ace085b9befc2899  2.2/rpms/mailman-ca-2.1.6-5tr.i586.rpm
cd4f85d193c7ca6482e0e8bbd9cc9deb  2.2/rpms/mailman-cs-2.1.6-5tr.i586.rpm
22b1ff124dc03497290df10e720bc9b8  2.2/rpms/mailman-de-2.1.6-5tr.i586.rpm
d7fadaaded4babdb2918a8d60fcd7797  2.2/rpms/mailman-es-2.1.6-5tr.i586.rpm
b782289ee5143c3c0e703dcb26700ae3  2.2/rpms/mailman-et-2.1.6-5tr.i586.rpm
0f132d983f8a8cc368e1f2e1923ff1f8  2.2/rpms/mailman-eu-2.1.6-5tr.i586.rpm
dca5de9256f356f0580ce51383145ecb  2.2/rpms/mailman-fi-2.1.6-5tr.i586.rpm
05f564227ae7dc4762593003eb7499bd  2.2/rpms/mailman-fr-2.1.6-5tr.i586.rpm
6f46f964ad33690ea7675caf79bda052  2.2/rpms/mailman-hr-2.1.6-5tr.i586.rpm
d79e91f1c08580c63cdadc209d1ebe1e  2.2/rpms/mailman-hu-2.1.6-5tr.i586.rpm
2c5036469913a2cde40a70f7c2e00acf  2.2/rpms/mailman-it-2.1.6-5tr.i586.rpm
c9f12a864cc77207160c1acb18888ecf  2.2/rpms/mailman-ja-2.1.6-5tr.i586.rpm
dad71d45ed5f5f777d6eefdf9bc8a486  2.2/rpms/mailman-ko-2.1.6-5tr.i586.rpm
d9c77dd61914bc96fa05228cb1985f14  2.2/rpms/mailman-lt-2.1.6-5tr.i586.rpm
b3a57eebb264d2ae71c892bf96620a47  2.2/rpms/mailman-nl-2.1.6-5tr.i586.rpm
39c5646026d53b8be3d54138cf05686e  2.2/rpms/mailman-no-2.1.6-5tr.i586.rpm
1d9d2294583607e5f55005abbf1ec6d3  2.2/rpms/mailman-pl-2.1.6-5tr.i586.rpm
bd00800dbfc6b72d86336a7f595721fe  2.2/rpms/mailman-pt-2.1.6-5tr.i586.rpm
7b75cef3c3664bd8541039f2100f8873  2.2/rpms/mailman-pt_BR-2.1.6-5tr.i586.rpm
59149110a6c20bcbb8792ea9bbcf8485  2.2/rpms/mailman-ro-2.1.6-5tr.i586.rpm
aef3d3f91266f1be9e22ae0f8678766e  2.2/rpms/mailman-ru-2.1.6-5tr.i586.rpm
377244406fb8f1cc3140e6099b7f0274  2.2/rpms/mailman-sl-2.1.6-5tr.i586.rpm
e6256e0669a094ecf406b87698c5bc99  2.2/rpms/mailman-sr-2.1.6-5tr.i586.rpm
6acc1aa8dc328a5c75e6d268bc27718c  2.2/rpms/mailman-sv-2.1.6-5tr.i586.rpm
5b99d0da3258bf689816f3cd03cad9c0  2.2/rpms/mailman-uk-2.1.6-5tr.i586.rpm
e1a23084fa756f3ac31a36fd610c8a2b  2.2/rpms/mailman-zh_CN-2.1.6-5tr.i586.rpm
9cbf3ecdf8ad83396e154f425659214c  2.2/rpms/mailman-zh_TW-2.1.6-5tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEEXcEi8CEzsK9IksRAih7AJ9tXY5uKNoiyQFAKq0OskZXZrxHvgCdHTY2
+kGKDfU/WfYtuLZpKBoce48=
=7e45
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@lists.trustix.org
http://lists.trustix.org/mailman/listinfo/tsl-announce
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds