dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Trustix Secure Linux Advisories: kernel, apache

Oct 18, 2002, 15:58 (0 Talkback[s])

WEBINAR:
On-Demand

How to Help Your Business Become an AI Early Adopter



- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0068

Package name:      kernel
Summary:           New upstream version
Date:              2002-10-17
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

Problem description:
  From the upstream changelog:

  Security Fixes
        -Multiple numbers of potential sign handling, maths overflow and
        casting errors were fixed. Some of them are theoretically locally
        exploitable. No remote holes were found.

  In addition to this we have added support for more hardware.

Action:
  We recommend that all systems with this package installed be upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus on
  security and stability, the system is painlessly kept safe and up to date 
  from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for a long time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>; and
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0068-kernel.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
039eb4c4945c4fafb172698a48535a71  ./1.5/SRPMS/kernel-2.2.22-4tr.src.rpm
fe9468b7ae3a0db3ab13d43e354fe67b  ./1.5/RPMS/kernel-utils-2.2.22-4tr.i586.rpm
e363b3c0ea3988b4de2c7fded867bd5f  ./1.5/RPMS/kernel-source-2.2.22-4tr.i586.rpm
29b3e0d0f98290bdf3761181f5c1c4d7  ./1.5/RPMS/kernel-smp-2.2.22-4tr.i586.rpm
4a638d760927f24776837fd09f98696c  ./1.5/RPMS/kernel-headers-2.2.22-4tr.i586.rpm
522d1015e1f21742e504ff217755d5b9  ./1.5/RPMS/kernel-doc-2.2.22-4tr.i586.rpm
e75985160551927f7de7b271ce874dc4  ./1.5/RPMS/kernel-BOOT-2.2.22-4tr.i586.rpm
a61ebcfa96a935649f5c5db51f3bfdf5  ./1.5/RPMS/kernel-2.2.22-4tr.i586.rpm
039eb4c4945c4fafb172698a48535a71  ./1.2/SRPMS/kernel-2.2.22-4tr.src.rpm
a814ee4d7f80f753e5ce9d87460f6411  ./1.2/RPMS/kernel-utils-2.2.22-4tr.i586.rpm
a0c85f98a8b561bf7d2edbb6a067d7be  ./1.2/RPMS/kernel-source-2.2.22-4tr.i586.rpm
26fbd17b737681eb3dcc1bbe304cd0dd  ./1.2/RPMS/kernel-smp-2.2.22-4tr.i586.rpm
544dd750eb2bbed3de77d453703d1108  ./1.2/RPMS/kernel-headers-2.2.22-4tr.i586.rpm
ace9df1ee17dd20acd0336d60f89b9d7  ./1.2/RPMS/kernel-doc-2.2.22-4tr.i586.rpm
26fa0c9050bb5809fbfa3f5d8d0eb47b  ./1.2/RPMS/kernel-BOOT-2.2.22-4tr.i586.rpm
0cb696d723d16cedfc90d5847b985ba5  ./1.2/RPMS/kernel-2.2.22-4tr.i586.rpm
039eb4c4945c4fafb172698a48535a71  ./1.1/SRPMS/kernel-2.2.22-4tr.src.rpm
4d7759b660167fb8827e92c9e915937e  ./1.1/RPMS/kernel-utils-2.2.22-4tr.i586.rpm
767f0b3359604bf5944506039db00247  ./1.1/RPMS/kernel-source-2.2.22-4tr.i586.rpm
338262ac8bc6c85c02f1edca48e5a742  ./1.1/RPMS/kernel-smp-2.2.22-4tr.i586.rpm
4108d626f8f9f8bf63869e9b36e7fc1e  ./1.1/RPMS/kernel-headers-2.2.22-4tr.i586.rpm
7f64f90d642783be082bf0ba0d67edaa  ./1.1/RPMS/kernel-doc-2.2.22-4tr.i586.rpm
093e53be9e8810baedd8460c95221821  ./1.1/RPMS/kernel-BOOT-2.2.22-4tr.i586.rpm
d7e139d7d230266672bf7df052b94473  ./1.1/RPMS/kernel-2.2.22-4tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0069

Package name:      apache
Summary:           New upstram version
Date:              2002-10-17
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.

  Built with loadable modules (all standard modules enabled).
  This version is intended as a replacement for a standard apache, the
  configuration files provided with apache and apache-ssl are unchanged.
  

Problem description:
  From the official release announcement:

  This version of Apache is principally a security and bug fix release. A 
  summary of the bug fixes is given at the end of this document. Of particular 
  note is that 1.3.27 addresses and fixes 3 security vulnerabilities.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus on
  security and stability, the system is painlessly kept safe and up to date 
  from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>;
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>;


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>; and
  <URI:http://www.trustix.net/errata/trustix-1.5/>;
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0069-apache.asc.txt>;


MD5sums of the packages:
- --------------------------------------------------------------------------
c7b60fadd324f30d84f9b6ce6aaa878d  ./1.5/SRPMS/apache-1.3.27-1tr.src.rpm
a46e8277b631d865330419816326661b  ./1.5/RPMS/apache-devel-1.3.27-1tr.i586.rpm
7e5fd11668667693df8220ddf2f0e485  ./1.5/RPMS/apache-1.3.27-1tr.i586.rpm
c7b60fadd324f30d84f9b6ce6aaa878d  ./1.2/SRPMS/apache-1.3.27-1tr.src.rpm
ae84621e628be3f42d181f802d3638a4  ./1.2/RPMS/apache-devel-1.3.27-1tr.i586.rpm
607eeebf80e607fc91e0c993e8650429  ./1.2/RPMS/apache-1.3.27-1tr.i586.rpm
c7b60fadd324f30d84f9b6ce6aaa878d  ./1.1/SRPMS/apache-1.3.27-1tr.src.rpm
7ace4d73b68de2996b9b55ca843c4501  ./1.1/RPMS/apache-devel-1.3.27-1tr.i586.rpm
5199e66e2d3cd4dab9af39817ec46ae1  ./1.1/RPMS/apache-1.3.27-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team