Slackware Linux Advisory: kernelDec 02, 2003, 20:23 (0 Talkback[s])
[slackware-security] Kernel security update (SSA:2003-336-01)
New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's do_brk() function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4 kernel earlier than 2.4.23. Linux 2.0 and 2.2 kernels are not vulnerable.
More details about the kernel issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 9.1 ChangeLog:
Mon Dec 1 21:36:30 PST 2003
patches/kernels/: Upgraded to Linux 2.4.23. This fixes a bug in the
kernel's do_brk() function which a local user could exploit to gain
root privileges. For more details, see:
Sites should upgrade to the 2.4.23 kernel and kernel modules. After
installing the new kernel, be sure to run 'lilo'.
(* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-1.tgz: Upgraded to
alsa-driver-0.9.8, compiled against linux-2.4.23.
patches/packages/alsa-lib-0.9.8-i486-1.tgz: Upgraded to alsa-lib-0.9.8.
patches/packages/alsa-oss-0.9.8-i486-1.tgz: Upgraded to alsa-oss-0.9.8.
patches/packages/alsa-utils-0.9.8-i486-1.tgz: Upgraded to
patches/packages/kernel-ide-2.4.23-i486-1.tgz: Upgraded bare.i kernel
package to Linux 2.4.23.
patches/packages/kernel-modules-2.4.23-i486-1.tgz: Upgraded to Linux
2.4.23 kernel modules.
patches/packages/kernel-source-2.4.23-noarch-2.tgz: Upgraded to Linux
2.4.23 kernel source, with XFS and Speakup patches included (but not
Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs.
Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched)
Updated packages for Slackware 9.1:
An alternate kernel may be installed. Those are found in this
ALSA has also been updated to 0.9.8 and compiled for 2.4.23. These packages will also be required to use the ALSA sound system:
The XFS patched kernel requires different kernel modules. If you
use the XFS filesystem and XFS patched kernel (xfs.s), these
packages contain kernel modules compiled against 2.4.23-xfs:
Updated packages for Slackware -current:
MD5 signatures may be downloaded from our FTP server:
Slackware 9.1 packages:
To verify authenticity, this file has been signed with the Slackware GPG key (use 'gpg --verify'):
Use upgradepkg to install the new kernel, kernel-modules, and alsa packages. After installing the kernel-ide package you will need to run lilo ('lilo' at a command prompt) or create a new system boot disk ('makebootdisk'), and reboot.
If desired, a kernel from the kernels/ directory may be used instead. For example, to use the kernel in kernels/scsi.s/, you would copy it to the boot directory like this:
Create a symbolic link:
Then, run 'lilo' or create a new system boot disk and reboot.