+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory November 22, 2002 |
| http://www.engardelinux.org/ ESA-20021122-030 |
| |
| Package: kernel |
| Summary: local vulnerabilities. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, e-commerce, and integrated open source
security tools.
OVERVIEW
- --------
Solar Designer kindly pointed out to us that our last kernel update
(ESA-20021022-026) was incomplete because 2.2.22-rc1 did not contain
all the critical security fixes. This update backports the remaining
fixes.
This update also fixes a denial of service attack where a local user
could lock the machine.
All users are recommended to upgrade immediately using the special
SOLUTION in this advisory.
SOLUTION
- --------
Users of the EnGarde Professional edition can use the Guardian Digital
Secure Network to update their systems automatically.
EnGarde Community users should upgrade to the most recent version
as outlined in this advisory. Updates may be obtained from:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
Please read and understand this entire section before you attempt to
upgrade the kernel.
Initial Steps
-------------
1) Verify the machine is either:
a) booted into a "standard" kernel; or
b) LIDS is disabled (/sbin/lidsadm -S -- -LIDS_GLOBAL)
2) Determine which kernels you currently have installed:
# rpm -qa --qf "%{NAME}n" | grep kernel
3) Download the new kernels that match what you have installed
(based on step 2) from the "UPDATED PACKAGES" section of this
advisory.
Installation Steps
------------------
4) Install the new packages. The packages will automagically
update /etc/lilo.conf by commenting out any old EnGarde images
and replacing them with the new ones:
# rpm --replacefiles -i <kernel 1> <kernel 2> ...
5) Re-run LILO. If you see any errors then open /etc/lilo.conf in
your favorite text editor and make the appropriate changes:
# /sbin/lilo
Final Steps
-----------
6) If you did not see any LILO errors then your new kernel is now
installed and your machine is ready to be rebooted:
# reboot
UPDATED PACKAGES
- ----------------
These updated packages are for EnGarde Secure Linux Community
Edition.
Source Packages:
SRPMS/kernel-2.2.19-1.0.29.src.rpm
MD5 Sum: 9b4826ca5257cf76f4cc80b7d2b8f970
Binary Packages:
i386/kernel-2.2.19-1.0.29.i386.rpm
MD5 Sum: d7832ded322e444b1754aab6aa3369ae
i386/kernel-lids-mods-2.2.19-1.0.29.i386.rpm
MD5 Sum: 711f92dde4726474c526766e8be18be4
i386/kernel-smp-lids-mods-2.2.19-1.0.29.i386.rpm
MD5 Sum: 4c8524458b94d65a5df1401707a59355
i386/kernel-smp-mods-2.2.19-1.0.29.i386.rpm
MD5 Sum: 5b3df58bf41b98451f20700d25107b3d
i686/kernel-2.2.19-1.0.29.i686.rpm
MD5 Sum: ff4b48ed55eff840324f9ef27db0c21d
i686/kernel-lids-mods-2.2.19-1.0.29.i686.rpm
MD5 Sum: e6cc2cd48bca65ff29ba82bd82a926d1
i686/kernel-smp-lids-mods-2.2.19-1.0.29.i686.rpm
MD5 Sum: f39a8f68e1dedcd4e2ebf21b11a7a78f
i686/kernel-smp-mods-2.2.19-1.0.29.i686.rpm
MD5 Sum: d217eabb58429da7cebd9e07a0d29daa
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
Official Web Site of the Linux Kernel:
http://www.kernel.org/
Security Contact: security@guardiandigital.com
EnGarde Advisories: http://www.engardelinux.org/advisories.html
- --------------------------------------------------------------------------
$Id: ESA-20021122-030-kernel,v 1.3 2002/11/22 15:16:04 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory November 22, 2002 |
| http://www.engardelinux.org/ ESA-20021122-031 |
| |
| Packages: php, mod_php |
| Summary: PHP upgrade. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, e-commerce, and integrated open source
security tools.
OVERVIEW
- --------
This update upgrades PHP in EnGarde 1.0.1, 1.1, and 1.2 to version
4.2.3.
This update also fixes a recent vulnerability where a script could
bypass safe mode restrictions.
SOLUTION
- --------
Users of the EnGarde Professional edition can use the Guardian Digital
Secure Network to update their systems automatically.
EnGarde Community users should upgrade to the most recent version
as outlined in this advisory. Updates may be obtained from:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
Before upgrading the package, the machine must either:
a) be booted into a "standard" kernel; or
b) have LIDS disabled.
To disable LIDS, execute the command:
# /sbin/lidsadm -S -- -LIDS_GLOBAL
To install the updated package, execute the command:
# rpm -Uvh files
You must now update the LIDS configuration by executing the command:
# /usr/sbin/config_lids.pl
To re-enable LIDS (if it was disabled), execute the command:
# /sbin/lidsadm -S -- +LIDS_GLOBAL
To verify the signatures of the updated packages, execute the command:
# rpm -Kv files
UPDATED PACKAGES
- ----------------
These updated packages are for EnGarde Secure Linux Community
Edition.
Source Packages:
SRPMS/php-4.2.3-1.0.20.src.rpm
MD5 Sum: c5508aa38f6d41564b5463780ea3a0d3
Binary Packages:
i386/mod_php-4.2.3-1.0.20.i386.rpm
MD5 Sum: cca5b981a420d9508a141e48cbb04e6f
i386/php-4.2.3-1.0.20.i386.rpm
MD5 Sum: 5346848645220f77caa4933219176237
i686/mod_php-4.2.3-1.0.20.i686.rpm
MD5 Sum: ebbf95810d7c185787363b3e9f48c61a
i686/php-4.2.3-1.0.20.i686.rpm
MD5 Sum: 7ff647d92ca889c296f4015dcb9d2a8f
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
PHP's Official Web Site:
http://www.php.net/
Security Contact: security@guardiandigital.com
EnGarde Advisories: http://www.engardelinux.org/advisories.html
- --------------------------------------------------------------------------
$Id: ESA-20021122-031-php,v 1.1 2002/11/22 14:09:50 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.