dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Trustix Secure Linux Advisory: kernel

Apr 19, 2004, 02:47 (0 Talkback[s])

Trustix Secure Linux Security Advisory #2004-0020

Package name: kernel
Summary: Multiple vulnerabilities
Date: 2004-04-15
Affected versions: Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2


Package description:
The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Problem description:

CAN-2004-0109:
zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0133:
Usage of not properly initialized memory in the XFS code was discovered. This lead to an information leakage where some blocks in the file system would contain old data from the system memory.

CAN-2004-0177:
Usage of not properly initialized memory in the ext3 code was discovered by Solar Designer of the Openwall project. This lead to an information leakage where some blocks in the file system would contain old data from the system memory. This was the first such vulnerability discovered, and directly lead to XFS and JFS being checked for this.

CAN-2004-0181:
Usage of not properly initialized memory in the JFS code was discovered. This lead to an information leakage where some blocks in the file system would contain old data from the system memory.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Public testing:
Most updates for Trustix Secure Linux are made available for public testing some time before release.
If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist.
The testing tree is located at
<URI:http://tsldev.trustix.org/horizon/>

You may also use swup for public testing of updates:

  site {
      class = 0
      location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
      regexp = ".*"
  }

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.0/> and <URI:http://www.trustix.org/errata/trustix-2.1/> or directly at
<URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0020-kernel.asc.txt>

MD5sums of the packages:


8d994963e068c1f16a562ee0485fc9fa TSEL-2/kernel-2.4.25-6tr.i586.rpm
542280963b534f90112766c3904f8bcf TSEL-2/kernel-BOOT-2.4.25-6tr.i586.rpm
55b076d1d91b5ad3d385b538dabc905e TSEL-2/kernel-doc-2.4.25-6tr.i586.rpm
3e5c324e8ea77f531d002d9b5371cb7a TSEL-2/kernel-firewall-2.4.25-6tr.i586.rpm
57a4a8656cbae06fce8347a42c1fc4b4 TSEL-2/kernel-firewallsmp-2.4.25-6tr.i586.rpm
2e150dbf1349c7c92d0ae60a63533c2c TSEL-2/kernel-smp-2.4.25-6tr.i586.rpm
bab6bbb2d84387dd9f0637ee5ef067d1 TSEL-2/kernel-source-2.4.25-6tr.i586.rpm
a146ec23af7707aa15a7c247b6c68517 TSEL-2/kernel-utils-2.4.25-6tr.i586.rpm
3d48910ac3b996ceb07ba370ace9e774 2.1/rpms/kernel-2.4.25-6tr.i586.rpm
ca98156d867624018197d740056dfa72 2.1/rpms/kernel-BOOT-2.4.25-6tr.i586.rpm
5d2bfdc7694bccd5b413d1daae88800f 2.1/rpms/kernel-doc-2.4.25-6tr.i586.rpm
5293cd0c0b42edb093c6b2a4f92d1569 2.1/rpms/kernel-firewall-2.4.25-6tr.i586.rpm
102b113fe2e291350119b2063217d2d0 2.1/rpms/kernel-firewallsmp-2.4.25-6tr.i586.rpm
20c16de77e87fbdd5165503354486c31 2.1/rpms/kernel-smp-2.4.25-6tr.i586.rpm
0d7e62e11b9e0ac5d03ea998900ac8e5 2.1/rpms/kernel-source-2.4.25-6tr.i586.rpm
e09c9a0acdb963e8658ab45a35eac51e 2.1/rpms/kernel-utils-2.4.25-6tr.i586.rpm
786f322bf38eb503e52c4da4d0a7f9e2 2.0/rpms/kernel-2.4.25-6tr.i586.rpm
f1a499b5e887d2055bb446d8cb7dcc37 2.0/rpms/kernel-BOOT-2.4.25-6tr.i586.rpm
c9ff6f7f2ed7b679a1ebe98689207acb 2.0/rpms/kernel-doc-2.4.25-6tr.i586.rpm
78cc78b887a4deedf0a14d1caa96b0d1 2.0/rpms/kernel-firewall-2.4.25-6tr.i586.rpm
79dcffe57e77d88feb1151d6735cc2fd 2.0/rpms/kernel-firewallsmp-2.4.25-6tr.i586.rpm
a260b4aab909974f47787e5563f0ed7f 2.0/rpms/kernel-smp-2.4.25-6tr.i586.rpm
fa5dcf6fd70a7be6405908da3f675ed8 2.0/rpms/kernel-source-2.4.25-6tr.i586.rpm
82bc2d674b471c04362613d9553a63b8 2.0/rpms/kernel-utils-2.4.25-6tr.i586.rpm

Trustix Security Team