Linux Today: Linux News On Internet Time.

More on LinuxToday

Conectiva Linux Advisory: kernel

Jul 28, 2004, 18:57 (0 Talkback[s])


PACKAGE : kernel
SUMMARY : Fixes for kernel vulnerabilities
DATE : 2004-07-28 12:39:00
ID : CLA-2004:852

The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system.

This announcement fixes the following vulnerabilities:

  1. Integer overflow in netfilter's tcp_find_option function (CAN-2004-0626[1])

Adam Osuchowski and Tomasz Dubinski noticed[2] that when using iptables and TCP options rules, the tcp_find_option function of the netfilter subsystem in Linux kernel 2.6 allows remote attackers to cause a denial of service via a large option length that produces a negative integer after a casting operation to the char type. They also provided the corretion for this bug.

2. Missing DAC check's in inode_change_ok function (CAN-2004-0497[3])

Missing Discretionary Access Control (DAC) checks in chown system call allowed a local user to change the group ownership of arbitrary files to a group that he or she belongs to, leading to a privileges escalation vulnerability.

3. Integer overflow in ip_setsockopt function (CAN-2004-0424[4])

iSEC Security Research published[5] an integer overflow vulnerability[4] in the ip_setsockopt function on Linux kernel 2.6.1 through 2.6.3 which allows local users to cause a denial of service condition or execute arbitrary code via the MCAST_MSFILTER socket option.

4. Incorrect usage of the fb_copy_cmap function in framebuffer (CAN-2004-0229[6])

The framebuffer driver in Linux kernel 2.6.x did not properly use the fb_copy_cmap function, possibly allowing privileges escalation for local attackers.

5. Integer overflow in the cpufreq proc handler (CAN-2004-0228[7])

Brad Spender found an integer overflow bug in the Linux kernel cpufreq code that allowed a local attacker to read arbitrary kernel memory.

It is recommended that all Conectiva Linux users upgrade the kernel package.

IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 10 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed) and by default a new grub entry will be added, not touching the old default option. Generic kernel update instructions can be obtained in the manuals and in our frequently asked questions page[8].



The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at Instructions on how to check the signatures of the RPM packages can be found at
All our advisories and generic update instructions can be viewed at
Copyright (c) 2004 Conectiva Inc.