Conectiva Linux Advisory: kernelJul 28, 2004, 18:57 (0 Talkback[s])
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : kernel
This announcement fixes the following vulnerabilities:
Adam Osuchowski and Tomasz Dubinski noticed that when using iptables and TCP options rules, the tcp_find_option function of the netfilter subsystem in Linux kernel 2.6 allows remote attackers to cause a denial of service via a large option length that produces a negative integer after a casting operation to the char type. They also provided the corretion for this bug.
2. Missing DAC check's in inode_change_ok function (CAN-2004-0497)
Missing Discretionary Access Control (DAC) checks in chown system call allowed a local user to change the group ownership of arbitrary files to a group that he or she belongs to, leading to a privileges escalation vulnerability.
3. Integer overflow in ip_setsockopt function (CAN-2004-0424)
iSEC Security Research published an integer overflow vulnerability in the ip_setsockopt function on Linux kernel 2.6.1 through 2.6.3 which allows local users to cause a denial of service condition or execute arbitrary code via the MCAST_MSFILTER socket option.
4. Incorrect usage of the fb_copy_cmap function in framebuffer (CAN-2004-0229)
The framebuffer driver in Linux kernel 2.6.x did not properly use the fb_copy_cmap function, possibly allowing privileges escalation for local attackers.
5. Integer overflow in the cpufreq proc handler (CAN-2004-0228)
Brad Spender found an integer overflow bug in the Linux kernel cpufreq code that allowed a local attacker to read arbitrary kernel memory.
IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 10 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed) and by default a new grub entry will be added, not touching the old default option. Generic kernel update instructions can be obtained in the manuals and in our frequently asked questions page.
Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.