dcsimg
Linux Today: Linux News On Internet Time.





Immunix OS Security Advisory: kernel-2.2.19

Oct 20, 2001, 09:59 (0 Talkback[s])
Date: Fri, 19 Oct 2001 18:32:57 -0700
From: Immunix Security Team 
Subject: Immunix OS update Linux Kernel

-----------------------------------------------------------------------
        Immunix OS Security Advisory

Packages updated:       kernel-2.2.19
Affected products:      Immunix OS 7.0 and 6.2
Bugs fixed:             immunix/1760
Date:                   Fri Oct 19 2001
Advisory ID:            IMNX-2001-70-035-01
Author:                 Seth Arnold 
-----------------------------------------------------------------------

Description:
  Rafal Wojtczuk has found two serious flaws in the Linux kernel, both
  versions 2.2.19 and 2.4.11 are affected. The problems include deeply
  nested symlinks spending arbitrary amounts of time in kernel code, and
  yet another ptrace vulnerability. This release of kernel 2.2.19-8_imnx
  comes with two patches to fix the problems, supplied in Rafal's
  bugtraq post. We expect these patches to be included in 2.2.20 when it
  is released, but in the meantime we are making updated 2.2.19 packages
  available for our users.

  Note that kernel installs are different than other .rpms -- usually,
  one would want to use: rpm -ivh kernel-2.2.19-8_imnx.i386.rpm/
  then check the /boot directory, /etc/lilo.conf file, and re-run lilo
  to install the new kernel. A reboot is required to complete the
  installation.

  References:
  http://www.securityfocus.com/cgi-bin/archive.pl?id=3D1&mid=3D221337&start=
=3D2001-10-15&end=3D2001-10-21

Package names and locations:
  Precompiled binary packages for Immunix 7.0 are available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-2.2.19-8_im=
nx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-2.2.19-8_im=
nx.i586.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-2.2.19-8_im=
nx.i686.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-BOOT-2.2.19=
-8_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-doc-2.2.19-=
8_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-pcmcia-cs-2=
.2.19-8_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-smp-2.2.19-=
8_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-smp-2.2.19-=
8_imnx.i586.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-smp-2.2.19-=
8_imnx.i686.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-source-2.2.=
19-8_imnx.i386.rpm
  http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/kernel-utils-2.2.1=
9-8_imnx.i386.rpm

  Source package for Immunix 7.0 is available at:
  http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/kernel-2.2.19-8_i=
mnx.src.rpm

Immunix OS 7.0 md5sums:
  f344f706fca87a2170c84cd17048ad48  RPMS/kernel-2.2.19-8_imnx.i386.rpm
  5f5a63ff9b9231a4d7de82eaac924fa1  RPMS/kernel-2.2.19-8_imnx.i586.rpm
  4517a2b0d8cfbc84627e63e238ab81af  RPMS/kernel-2.2.19-8_imnx.i686.rpm
  36213cde1c21b52ad67257820bc90c9b  RPMS/kernel-BOOT-2.2.19-8_imnx.i386.rpm
  cde7b782750a0cfdd7b6fa3b6702522c  RPMS/kernel-doc-2.2.19-8_imnx.i386.rpm
  e81b411f1e247ba4283c6f2497bacab4  RPMS/kernel-pcmcia-cs-2.2.19-8_imnx.i386.rpm
  865a80d27ba7af3ee04db38cc0ddfca5  RPMS/kernel-smp-2.2.19-8_imnx.i386.rpm
  19cd3923f379b32c8e14b66e392f42a0  RPMS/kernel-smp-2.2.19-8_imnx.i586.rpm
  f11780c3f4fd1eac59ffa16f23d02795  RPMS/kernel-smp-2.2.19-8_imnx.i686.rpm
  3d291b0157735ff65ff5c8df2c3c15c8  RPMS/kernel-source-2.2.19-8_imnx.i386.rpm
  09fded8efc7baf5031c2fb03a200c5d8  RPMS/kernel-utils-2.2.19-8_imnx.i386.rpm
  97959b471e5eeb8e34cdad380cd03ab7  SRPMS/kernel-2.2.19-8_imnx.src.rpm


GPG verification:                                                          

  Our public key is available at http://wirex.com/security/GPG_KEY.      

  *** NOTE *** This key is different from the one used in advisories       

  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX=20
  attempts to conform to the RFP vulnerability disclosure protocol
  .

--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvQ1EYACgkQVQcWL60UVMvSuQCfQJPpBiPJ3m1pktd1msaqrtIC
Ka4An3UgRo2qaEtG2eCpDg7fVKY+xK+U
=b9jd
-----END PGP SIGNATURE-----

--BOKacYhQ+x31HxR3--