+------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory November 22, 2002 | | http://www.engardelinux.org/ ESA-20021122-030 | | | | Package: kernel | | Summary: local vulnerabilities. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, e-commerce, and integrated open source security tools. OVERVIEW - -------- Solar Designer kindly pointed out to us that our last kernel update (ESA-20021022-026) was incomplete because 2.2.22-rc1 did not contain all the critical security fixes. This update backports the remaining fixes. This update also fixes a denial of service attack where a local user could lock the machine. All users are recommended to upgrade immediately using the special SOLUTION in this advisory. SOLUTION - -------- Users of the EnGarde Professional edition can use the Guardian Digital Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Please read and understand this entire section before you attempt to upgrade the kernel. Initial Steps ------------- 1) Verify the machine is either: a) booted into a "standard" kernel; or b) LIDS is disabled (/sbin/lidsadm -S -- -LIDS_GLOBAL) 2) Determine which kernels you currently have installed: # rpm -qa --qf "%{NAME}n" | grep kernel 3) Download the new kernels that match what you have installed (based on step 2) from the "UPDATED PACKAGES" section of this advisory. Installation Steps ------------------ 4) Install the new packages. The packages will automagically update /etc/lilo.conf by commenting out any old EnGarde images and replacing them with the new ones: # rpm --replacefiles -i <kernel 1> <kernel 2> ... 5) Re-run LILO. If you see any errors then open /etc/lilo.conf in your favorite text editor and make the appropriate changes: # /sbin/lilo Final Steps ----------- 6) If you did not see any LILO errors then your new kernel is now installed and your machine is ready to be rebooted: # reboot UPDATED PACKAGES - ---------------- These updated packages are for EnGarde Secure Linux Community Edition. Source Packages: SRPMS/kernel-2.2.19-1.0.29.src.rpm MD5 Sum: 9b4826ca5257cf76f4cc80b7d2b8f970 Binary Packages: i386/kernel-2.2.19-1.0.29.i386.rpm MD5 Sum: d7832ded322e444b1754aab6aa3369ae i386/kernel-lids-mods-2.2.19-1.0.29.i386.rpm MD5 Sum: 711f92dde4726474c526766e8be18be4 i386/kernel-smp-lids-mods-2.2.19-1.0.29.i386.rpm MD5 Sum: 4c8524458b94d65a5df1401707a59355 i386/kernel-smp-mods-2.2.19-1.0.29.i386.rpm MD5 Sum: 5b3df58bf41b98451f20700d25107b3d i686/kernel-2.2.19-1.0.29.i686.rpm MD5 Sum: ff4b48ed55eff840324f9ef27db0c21d i686/kernel-lids-mods-2.2.19-1.0.29.i686.rpm MD5 Sum: e6cc2cd48bca65ff29ba82bd82a926d1 i686/kernel-smp-lids-mods-2.2.19-1.0.29.i686.rpm MD5 Sum: f39a8f68e1dedcd4e2ebf21b11a7a78f i686/kernel-smp-mods-2.2.19-1.0.29.i686.rpm MD5 Sum: d217eabb58429da7cebd9e07a0d29daa REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Official Web Site of the Linux Kernel: http://www.kernel.org/ Security Contact: [email protected] EnGarde Advisories: http://www.engardelinux.org/advisories.html - -------------------------------------------------------------------------- $Id: ESA-20021122-030-kernel,v 1.3 2002/11/22 15:16:04 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple <[email protected]> Copyright 2002, Guardian Digital, Inc. +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory November 22, 2002 | | http://www.engardelinux.org/ ESA-20021122-031 | | | | Packages: php, mod_php | | Summary: PHP upgrade. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, e-commerce, and integrated open source security tools. OVERVIEW - -------- This update upgrades PHP in EnGarde 1.0.1, 1.1, and 1.2 to version 4.2.3. This update also fixes a recent vulnerability where a script could bypass safe mode restrictions. SOLUTION - -------- Users of the EnGarde Professional edition can use the Guardian Digital Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh files You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv files UPDATED PACKAGES - ---------------- These updated packages are for EnGarde Secure Linux Community Edition. Source Packages: SRPMS/php-4.2.3-1.0.20.src.rpm MD5 Sum: c5508aa38f6d41564b5463780ea3a0d3 Binary Packages: i386/mod_php-4.2.3-1.0.20.i386.rpm MD5 Sum: cca5b981a420d9508a141e48cbb04e6f i386/php-4.2.3-1.0.20.i386.rpm MD5 Sum: 5346848645220f77caa4933219176237 i686/mod_php-4.2.3-1.0.20.i686.rpm MD5 Sum: ebbf95810d7c185787363b3e9f48c61a i686/php-4.2.3-1.0.20.i686.rpm MD5 Sum: 7ff647d92ca889c296f4015dcb9d2a8f REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY PHP's Official Web Site: http://www.php.net/ Security Contact: [email protected] EnGarde Advisories: http://www.engardelinux.org/advisories.html - -------------------------------------------------------------------------- $Id: ESA-20021122-031-php,v 1.1 2002/11/22 14:09:50 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple <[email protected]> Copyright 2002, Guardian Digital, Inc.
EnGarde Secure Linux Advisories: kernel, php, mod_php
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis