Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Trustix Secure Linux Advisories: samba, mysql, openssl, kernel

Mar 19, 2003, 01:57 (0 Talkback[s])

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0011

Package name:      samba
Summary:           Remote root compromise
Date:              2003-03-18
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines. Samba
  uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI
  (Microsoft Raw NetBIOS frame) protocol.


Problem description:
  A buffer overrun has been found in all versions of Samba from 2.0.*
  to 2.2.7a inclusive.  This allows a remote attacker to gain root
  privileges on a samba server.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.

  Note to users of 1.01, 1.1 and 1.2:  This is a major upgrade.  Please
  make sure the upgrade went well.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>; and
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0011-samba.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
85205bd02a486a7cf78a3024c82b9345  ./1.1/RPMS/samba-2.2.8-1tr.i586.rpm
737857165bef888a6f3dcab3eb23ae72  ./1.1/RPMS/samba-client-2.2.8-1tr.i586.rpm
c19635082b7b3020947cfce73a73c46a  ./1.1/RPMS/samba-common-2.2.8-1tr.i586.rpm
41a6e603c790f447e26c30dadb7656e9  ./1.1/SRPMS/samba-2.2.8-1tr.src.rpm
b573f527f711fdd254cca8ceea6f7e9b  ./1.2/RPMS/samba-2.2.8-1tr.i586.rpm
1618f2c6601523acb0963868097686ea  ./1.2/RPMS/samba-client-2.2.8-1tr.i586.rpm
9fbe0e3fa074839dd18803e76411536e  ./1.2/RPMS/samba-common-2.2.8-1tr.i586.rpm
20d4e0b39aa49967012055307327c0ff  ./1.2/SRPMS/samba-2.2.8-1tr.src.rpm
ea570f59553616b8f5357eb2800aa902  ./1.5/RPMS/samba-2.2.8-1tr.i586.rpm
39363aa49754812771aba50901ea853f  ./1.5/RPMS/samba-client-2.2.8-1tr.i586.rpm
eb6d6928ac6010163eed866dd53bb035  ./1.5/RPMS/samba-common-2.2.8-1tr.i586.rpm
20d4e0b39aa49967012055307327c0ff  ./1.5/SRPMS/samba-2.2.8-1tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0009

Package name:      mysql
Summary:           Serveral security fixes
Date:              2003-03-18
Affected versions: TSL 1.5

- --------------------------------------------------------------------------
Package description:
  MySQL is a true multi-user, multi-threaded SQL (Structured Query
  Language) database server. MySQL is a client/server implementation
  that consists of a server daemon (mysqld) and many different client
  programs/libraries.

  The main goals of MySQL are speed, robustness and ease of use.

  The base upon which MySQL is built is a set of routines that have been
  used in a highly demanding production environment for many
  years. While MySQL is still in development, it already offers a rich
  and highly useful function set.


Problem description:
  From the changes file for 3.26.56:
  * Security enhancement: `mysqld' no longer reads options from
    world-writeable config files.
  * Security enhancement: `mysqld' and `safe_mysqld' now only use the
    first --user option specified on the command line. (Normally this
      comes from `/etc/my.cnf')
  * Security enhancement: Don't allow BACKUP TABLE to overwrite existing
    files.

  In additon, a number bugs has been fixed.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0009-mysql.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
9ea1a572675744394575d974630b7f6e  ./1.5/RPMS/mysql-3.23.56-1tr.i586.rpm
54bd7f9b9dafbd4bfdb8e124578b2d50  ./1.5/RPMS/mysql-bench-3.23.56-1tr.i586.rpm
7b6f9f9f0c2524fc4f80b6f418d9b7fa  ./1.5/RPMS/mysql-client-3.23.56-1tr.i586.rpm
0bf07520f4fa4312316c0de424140c2c  ./1.5/RPMS/mysql-devel-3.23.56-1tr.i586.rpm
60825d7464bae1290d449b24509d6005  ./1.5/RPMS/mysql-shared-3.23.56-1tr.i586.rpm
32dc960efdb9c6cb06a6b19476a835e7  ./1.5/SRPMS/mysql-3.23.56-1tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0010

Package name:      openssl
Summary:           Secret key recovery
Date:              2003-03-18
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  OpenSSL is a C library that provides various crytographic algorithms
  and protocols, including DES, RC4, RSA, and SSL.


Problem description:
  An attack has been demonstrated against the OpenSSL library which can
  allow remote recovery of an RSA secret key.  This update package forces
  RSA blinding and will prevent this attack.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>; and
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0010-openssl.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
6837358b16711b87293cf59bb0b44268  1.1/RPMS/openssl-0.9.6-13tr.i586.rpm
206b30a0e05ff11e6402702681f47695  1.1/RPMS/openssl-devel-0.9.6-13tr.i586.rpm
c3d24ac06f439a7a7cccaddcfade297b  1.1/RPMS/openssl-python-0.9.6-13tr.i586.rpm
b3b626b576956453ad490cb82fe7daea  1.1/RPMS/openssl-support-0.9.6-13tr.i586.rpm
70c26cd5310ae6ed56f140c13c2a850f  1.1/SRPMS/openssl-0.9.6-13tr.src.rpm
556561bb570300087232aeb881d853df  1.2/RPMS/openssl-0.9.6-13tr.i586.rpm
97899369f6bd470eea1a097f4dd49b2b  1.2/RPMS/openssl-devel-0.9.6-13tr.i586.rpm
910e4e2383f7e9cd264d3b2629448133  1.2/RPMS/openssl-python-0.9.6-13tr.i586.rpm
5891b2bf8f3da7a4af1c946059dbf867  1.2/RPMS/openssl-support-0.9.6-13tr.i586.rpm
70c26cd5310ae6ed56f140c13c2a850f  1.2/SRPMS/openssl-0.9.6-13tr.src.rpm
c2aad9ca4af09b6ddd5301c590961b5e  1.5/RPMS/openssl-0.9.6-13tr.i586.rpm
e8b83760edde274732c02f86b5a75a08  1.5/RPMS/openssl-devel-0.9.6-13tr.i586.rpm
a4ea4a209355183d12abca85d0855416  1.5/RPMS/openssl-python-0.9.6-13tr.i586.rpm
09e8f98ac9a507fd8733cd30b780b1fb  1.5/RPMS/openssl-support-0.9.6-13tr.i586.rpm
70c26cd5310ae6ed56f140c13c2a850f  1.5/SRPMS/openssl-0.9.6-13tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team


- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0007

Package name:      kernel
Summary:           Local root compromise
Date:              2003-03-18
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.


Problem description:
  From the announce of 2.2.25 posted on linux-kernel:
    The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole
    allows local users to obtain full privileges. Remote exploitation of
    this hole is not possible.


Action:
  We recommend that all systems with this package installed be upgraded.
  Note that swup with the default config will not update kernel packages
  so you will need to update this package manually.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>; and
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0007-kernel.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
3a813391c5e3c41c2be6b5657698a713  ./1.1/RPMS/kernel-2.2.25-1tr.i586.rpm
6844dab3ae60c81ddfa0b39925c3821a  ./1.1/RPMS/kernel-BOOT-2.2.25-1tr.i586.rpm
4e594c41a5b19ae439f27f277bc4a483  ./1.1/RPMS/kernel-doc-2.2.25-1tr.i586.rpm
52b44d2455be7fd0a4b238e56e8e9089  ./1.1/RPMS/kernel-headers-2.2.25-1tr.i586.rpm
7bbb25d20ef63dde0362bad50a378cad  ./1.1/RPMS/kernel-smp-2.2.25-1tr.i586.rpm
be6272bd4904ad9f5ad9bc9fd9099c39  ./1.1/RPMS/kernel-source-2.2.25-1tr.i586.rpm
2cb946c29af479e2c12b315332b93a2a  ./1.1/RPMS/kernel-utils-2.2.25-1tr.i586.rpm
bb6e2b12fb318ed7f8c0148845088cdd  ./1.1/SRPMS/kernel-2.2.25-1tr.src.rpm
d657bbcdadcdbe60ef7621c2277ca7cf  ./1.2/RPMS/kernel-2.2.25-1tr.i586.rpm
26bc2857a91e3943d0d26ad9319bd6ba  ./1.2/RPMS/kernel-BOOT-2.2.25-1tr.i586.rpm
9b43d240edf407c83005f4c96654a7e0  ./1.2/RPMS/kernel-doc-2.2.25-1tr.i586.rpm
eacc6962059222714297baf73ac987a4  ./1.2/RPMS/kernel-headers-2.2.25-1tr.i586.rpm
afae2d3b57ea12308f385feb84051bb1  ./1.2/RPMS/kernel-smp-2.2.25-1tr.i586.rpm
4afdd9eb008eb77e0c8f502ef4c05fd9  ./1.2/RPMS/kernel-source-2.2.25-1tr.i586.rpm
f91cb757fc53befbc01a3bc2b0008ea6  ./1.2/RPMS/kernel-utils-2.2.25-1tr.i586.rpm
bb6e2b12fb318ed7f8c0148845088cdd  ./1.2/SRPMS/kernel-2.2.25-1tr.src.rpm
9c86ed92bfac30c5a9a1a2d5b671b86f  ./1.5/RPMS/kernel-2.2.25-1tr.i586.rpm
409e3e14ca954bd93d0c978a2e9e38c6  ./1.5/RPMS/kernel-BOOT-2.2.25-1tr.i586.rpm
2f8c660387c0d8a210fee48bf533a9dc  ./1.5/RPMS/kernel-doc-2.2.25-1tr.i586.rpm
20ed3c60fee709a86151447ae518ae75  ./1.5/RPMS/kernel-headers-2.2.25-1tr.i586.rpm
8ed0a58f326fad4ff013a4e1b0c817ba  ./1.5/RPMS/kernel-smp-2.2.25-1tr.i586.rpm
d507848c0ae72cb3117d4d4c661cf218  ./1.5/RPMS/kernel-source-2.2.25-1tr.i586.rpm
fda33aab763b978e0ca04d5be166f921  ./1.5/RPMS/kernel-utils-2.2.25-1tr.i586.rpm
bb6e2b12fb318ed7f8c0148845088cdd  ./1.5/SRPMS/kernel-2.2.25-1tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team