Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


LBA-Linux Advisories: kdelibs, kernel

Jun 28, 2004, 03:00 (0 Talkback[s])

LBA-Linux Security Advisory

Subject: Updated kdelibs package for LBA-Linux R1
Advisory ID: LBASA-2004:17
Date: Saturday, June 26, 2004
Product: LBA-Linux R1


Problem description:

A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. This can allow remote attackers to create or truncate arbitrary files.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kdelibs-3.2.0-1.4.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kdelibs-devel-3.2.0-1.4.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named kdelibs to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
http://www.securityfocus.com/archive/1/363225

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated kernel package for LBA-Linux R1
Advisory ID: LBASA-2004:18
Date: Saturday, June 26, 2004
Product: LBA-Linux R1


Problem description:

A vulnerability was discovered in the kernel were a certain C program would trigger a floating point exception that would crash the kernel. This vulnerability can only be triggered locally by users with shell access (CAN-2004-0554).

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-2.6.3-2.1.253.lba.3.i586.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-2.6.3-2.1.253.lba.3.i686.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-doc-2.6.3-2.1.253.lba.3.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-smp-2.6.3-2.1.253.lba.3.i586.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-smp-2.6.3-2.1.253.lba.3.i686.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-source-2.6.3-2.1.253.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named kernel to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554
http://www.kb.cert.org/vuls/id/973654

Copyright(c) 2001-2004 SOT