Conectiva Linux Security Announcement - kernel | Linux Today

Conectiva Linux Security Announcement – kernel

Written By
Web Webster
Web Webster
Jun 9, 2000

[ Thanks to Sergio
Bruder
for this announcement. ]

Date: Thu, 8 Jun 2000 20:15:04 -0300
From: Sergio Bruder
To: lwn@lwn.net, facosta@centroin.com.br, brain@matrix.com.br,
bos@sekure.org,
Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT – kernel


CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE: kernel-2.2.14

SUMMARY : Security problems with capabilities
DATE : 2000-06-08
AFFECTED CONECTIVA VERSIONS : 4.0, 4.1, 4.2 and 5.0

DESCRIPTION

The 2.2.x series of the linux kernel implement capabilities.
Capabilites can be used to restrict what the root user can do. Many
privileged programs, such as SUID programs, drop root privileges
before taking certain action, such as executing a user supplied
program.

By constructing an environment where a certain capability is
set, the loss of root privileges doesn’t work and the privileged
program keeps on taking its action, but as root, not as a normal
user as it was intended to do.
This can lead to root
compromise.

SOLUTION
All users MUST upgrade the kernel immediately by downloading the
appropriate package below. This release incorporates the fix used
in the 2.2.16 version.

This kernel vulnerability can be exploited in many ways. Some
vendors have provided updated packages for their SUID programs,
such as sendmail. By upgrading the kernel, these specific vendor
updates are not necessary for this problem, unless they fix
something else too that the user needs.

Updates for versions 4.0, 4.1 and 4.2 will follow shortly.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/alsasound-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-BOOT-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-doc-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-headers-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-ibcs-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-install-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-pcmcia-cs-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-smp-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-source-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-2.2.14-19cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-devel-2.2.14-19cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGE
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/kernel-2.2.14-19cl.src.rpm


All packages are signed with Conectiva’s PGP key. The key can be
obtained at
http://www.conectiva.com.br/conectiva/contato.html


subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br

unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.