Debian Security Advisory DSA 480-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 14th, 2004 http://www.debian.org/security/faq
Package : kernel-image-2.4.17-hppa kernel-image-2.4.18-hppa
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177
CAN-2004-0178
Several serious problems have been discovered in the Linux
kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the
hppa (PA-RISC) architecture. The Common Vulnerabilities and
Exposures project identifies the following problems that will be
fixed with this update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the
Linux kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could lead
an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian Krahmer
and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code
of Linux. In a worst case an attacker could read sensitive data
such as cryptographic keys which would otherwise never hit disk
media. Theodore Ts’o developed a correction for this.
CAN-2004-0178
Andreas Kies discovered a denial of service condition in the
Sound Blaster driver in Linux. He also developed a correction for
this.
These problems will also be fixed by upstream in Linux 2.4.26
and future versions of 2.6.
For the stable distribution (woody) these problems have been
fixed in version 32.4 for Linux 2.4.17 and in version 62.3 for
Linux 2.4.18.
For the unstable distribution (sid) these problems will be fixed
soon.
We recommend that you upgrade your kernel packages immediately,
either with a Debian provided kernel or with a self compiled
one.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 713 d6e475210d87586fafc91e1d557a1a81
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.tar.gz
Size/MD5 checksum: 29958654 8357b4f2946cd1256a0ddf51395aaa1b
Size/MD5 checksum: 713 a7dd8816219af9d8af30e0dd5d4933ae
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.tar.gz
Size/MD5 checksum: 30341920 73ebcb15f4e1245792af77ab2edc8133
Architecture independent components:
Size/MD5 checksum: 24111814 32a7c5a4b9b7f56f76a3810ee1c671bd
Size/MD5 checksum: 24403622 c5600ecd5365f4699e3937328536d997
HP Precision architecture:
Size/MD5 checksum: 3531374 1ace6b1a6f1575bb05cfa38eef8ae28e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.4_hppa.deb
Size/MD5 checksum: 2738008 7460b70d3551740b099f47cc00f75a9a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.4_hppa.deb
Size/MD5 checksum: 2870152 3012e161b10a40ef75b5ca7dc99f646a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.4_hppa.deb
Size/MD5 checksum: 3024374 dc9b851d809cbe09e4d4db58c905c8a8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.4_hppa.deb
Size/MD5 checksum: 3165848 b6b8cbf7f48fbf729c859350c7d09e11
Size/MD5 checksum: 3545648 cdc19e048e49678e4f42bef608a24461
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32_62.3_hppa.deb
Size/MD5 checksum: 2763774 f51ec93fcb6101a2e3ecf4d9767237c8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32-smp_62.3_hppa.deb
Size/MD5 checksum: 2903956 88e4ca002820f71fcc5101762f8b24e4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64_62.3_hppa.deb
Size/MD5 checksum: 3061206 9ef449c857ec8a57c505fdee26b7a936
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64-smp_62.3_hppa.deb
Size/MD5 checksum: 3199070 e59926283c57ef868881e6cc1e501e6b
These files will probably be moved into the stable distribution
on its next revision.
–
Debian Security Advisory DSA 483-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 14th, 2004 http://www.debian.org/security/faq
Package : mysql
Vulnerability : insecure temporary file creation
Problem-Type : local
Debian-specific: no
CVE IDs : CAN-2004-0381 CAN-2004-0388
Bugtraq ID : 9976
Two vulnerabilities have been discovered in mysql, a common
database system. Two scripts contained in the package don’t create
temporary files in a secure fashion. This could allow a local
attacker to overwrite files with the privileges of the user
invoking the MySQL server, which is often the root user. The Common
Vulnerabilities and Exposures identifies the following
problems:
CAN-2004-0381
The script mysqlbug in MySQL allows local users to overwrite
arbitrary files via a symlink attack.
CAN-2004-0388
The script mysqld_multi in MySQL allows local users to overwrite
arbitrary files via a symlink attack.
For the stable distribution (woody) these problems have been
fixed in version 3.23.49-8.6.
For the unstable distribution (sid) these problems will be fixed
in version 4.0.18-6 of mysql-dfsg.
We recommend that you upgrade your mysql, mysql-dfsg and related
packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.dsc
Size/MD5 checksum: 875 5ddb12f783b137adb3713eb833b2b62c
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.diff.gz
Size/MD5 checksum: 61688 651060d3e96cee5f78fa3a7627cd89a7
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a
Architecture independent components:
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.6_all.deb
Size/MD5 checksum: 16860 a38766469024146e445bff07f93e4954
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_alpha.deb
Size/MD5 checksum: 277662 54b823e4e25f4b8e260ac82539bdf84f
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_alpha.deb
Size/MD5 checksum: 778718 e8d82f4d6e32a14e01e076314a094b03
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_alpha.deb
Size/MD5 checksum: 163476 5bc948ab4f6ce862ebf9a64f2f7b6042
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_alpha.deb
Size/MD5 checksum: 3634384 9d6e3871dfa018a87a516188e58dabfb
ARM architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_arm.deb
Size/MD5 checksum: 238300 9caaa0c9a0d9909ef403f791c8ccf137
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_arm.deb
Size/MD5 checksum: 634574 afc1a6cb70f1581a72b2f5904f8abf14
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_arm.deb
Size/MD5 checksum: 123878 facc6f6326dc1080019fe54e7516c44a
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_arm.deb
Size/MD5 checksum: 2805988 c38af448095a9358fe292f41c7f44fb1
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_i386.deb
Size/MD5 checksum: 234634 5952137d0b86f6bfefd709ebfc0c624d
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_i386.deb
Size/MD5 checksum: 576560 f8f9089209da42c1134f0157e62b4e49
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_i386.deb
Size/MD5 checksum: 122462 148429934c68f10c291ae8ffe0a6db8c
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_i386.deb
Size/MD5 checksum: 2800616 afd1dfcf5424f78ce7836c96b0dd92b1
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_ia64.deb
Size/MD5 checksum: 315010 a8678f1aa73cb3a4fcbac4e479109311
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_ia64.deb
Size/MD5 checksum: 848558 63f12a1295198c791956d3d9ba3e6364
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_ia64.deb
Size/MD5 checksum: 173738 d83526ec16d5ba18b66bb4f0962c44f1
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_ia64.deb
Size/MD5 checksum: 4000100 78c9cfd1bba1711338a557bd4737832f
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_hppa.deb
Size/MD5 checksum: 280566 e11769ec989c98b9e857c30206246e95
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_hppa.deb
Size/MD5 checksum: 743656 5fe1d40d737c3de61e7cf31183125526
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_hppa.deb
Size/MD5 checksum: 140540 29f2b8d797afc05de720bbc4d4a517e9
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_hppa.deb
Size/MD5 checksum: 3514794 42eaa54090fb0e6497cd1359f29e9304
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_m68k.deb
Size/MD5 checksum: 227640 a7925061c360f47c83dcffd62b411358
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_m68k.deb
Size/MD5 checksum: 557758 2545764c1f609dc28e4542e5f3d4b522
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_m68k.deb
Size/MD5 checksum: 118356 47948f12e32fb25d7619c97b9f735486
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_m68k.deb
Size/MD5 checksum: 2646508 9f49bf6d899ea6d768cfe51caa54c39c
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_mips.deb
Size/MD5 checksum: 250892 4143d2fcad7a4b7f981fa666f6fdde65
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_mips.deb
Size/MD5 checksum: 688998 e9da91c9477edd7b93ea71d96734ad4c
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mips.deb
Size/MD5 checksum: 133836 c2e14bd75e1a68dabfa6ef4d0002fb30
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mips.deb
Size/MD5 checksum: 2847932 696eac6a3c87c3ff747ed71d4ad03fe4
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_mipsel.deb
Size/MD5 checksum: 250550 f9a25d5a5ec4225c95bb799afb8029c6
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_mipsel.deb
Size/MD5 checksum: 688316 db428d75698cd72414b471d91615bd56
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mipsel.deb
Size/MD5 checksum: 134178 bf6e0a0eb74cc8d7c4afd19f4d05d635
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mipsel.deb
Size/MD5 checksum: 2839102 bff1d416c52801ef49af1ce4dcce8a17
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_powerpc.deb
Size/MD5 checksum: 247660 4e4561d59aa84920423515c7f9177273
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_powerpc.deb
Size/MD5 checksum: 652592 b9f51e0286c747fc58e2aeac9cf3c621
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_powerpc.deb
Size/MD5 checksum: 129376 dc96676d319a7b0ee699b7f7f628e543
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_powerpc.deb
Size/MD5 checksum: 2823002 71952fc874cc70aa45a29bd6eb54cb50
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_s390.deb
Size/MD5 checksum: 249960 0770d4308c3d28208bfc95f4d3473ae8
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_s390.deb
Size/MD5 checksum: 607056 b77cf4690bb666dccd2edacbb06c09e5
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_s390.deb
Size/MD5 checksum: 126362 eb38bd8e3f363a37dfb54844702fc4fd
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_s390.deb
Size/MD5 checksum: 2691074 2e56d9a296a5d87388f1660510c5f8b3
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_sparc.deb
Size/MD5 checksum: 241178 5afe949aaacf4e7b66d292ab4efc90c0
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_sparc.deb
Size/MD5 checksum: 615208 f117524a68678d8d3aac68260e6a24cd
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_sparc.deb
Size/MD5 checksum: 130352 a3d97c6a8b9e3d460bb6cefab2f8d5fd
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_sparc.deb
Size/MD5 checksum: 2939242 ef58492f8397d98a25277bccfdf96986
These files will probably be moved into the stable distribution
on its next update.
–
Debian Security Advisory DSA 482-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 14th, 2004 http://www.debian.org/security/faq
Package : kernel-source-2.4.17 kernel-patch-2.4.17-apus
kernel-patch-2.4.17-s390 kernel-image-2.4.17-s390
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177
CAN-2004-0178
Several serious problems have been discovered in the Linux
kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus
and S/390 architectures. The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with
this update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the
Linux kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could lead
an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian Krahmer
and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code
of Linux. In a worst case an attacker could read sensitive data
such as cryptographic keys which would otherwise never hit disk
media. Theodore Ts’o developed a correction for this.
CAN-2004-0178
Andreas Kies discovered a denial of service condition in the
Sound Blaster driver in Linux. He also developed a correction for
this.
These problems will also be fixed by upstream in Linux 2.4.26
and future versions of 2.6.
The following security matrix explains which kernel versions for
which architectures are already fixed.
| Architecture | stable (woody) | unstable (sid) |
| source | 2.4.17-1woody3 | 2.4.25-3 |
| powerpc/apus | 2.4.17-5 | 2.4.25-2 |
| s390 | 2.4.17-2.woody.4 | 2.4.25-2 (and probably 2.4.21-3) |
We recommend that you upgrade your kernel packages immediately,
either with a Debian provided kernel or with a self compiled
one.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 690 222d67d058984eef34ef3af56ad82720
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz
Size/MD5 checksum: 41918 dce13eeca598d548e390a72fed76728f
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132
Size/MD5 checksum: 673 f7a70b5e604e74feedba42eb41608a13
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5.tar.gz
Size/MD5 checksum: 490001 54f9f6b973b4c945d548510290cb122a
Size/MD5 checksum: 754 d9b64c461d849aeab5a1bb71322f14ec
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3.diff.gz
Size/MD5 checksum: 6254 85fd6863f93bfa474b854f4dfbda4034
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz
Size/MD5 checksum: 338001 5979fbe7c3325033536dfd3914e22dbd
Size/MD5 checksum: 799 51d3be5adf8d79e3a0f3045f2235c52a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4.tar.gz
Size/MD5 checksum: 8289 9b02431ce5f6741183b2614d5d9f9f4a
Architecture independent components:
Size/MD5 checksum: 1720294 3b6e8a510996bebd066d1cda8bac41eb
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb
Size/MD5 checksum: 23880582 542792a28d1fc90844f9b51abe84f90e
Size/MD5 checksum: 300768 c8116357d604508ff0e50cc8295005f0
PowerPC architecture:
Size/MD5 checksum: 3366150 3331dac5b42b3cd42e0dcdc7ad574f60
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-5_powerpc.deb
Size/MD5 checksum: 2211544 f24006c8b07774bccb2ad22af4f95465
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-5_powerpc.deb
Size/MD5 checksum: 4498 89ac0312fa91e6911ed366dd22bef2b9
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5_powerpc.deb
Size/MD5 checksum: 490786 228a12c3a523f86f089121dca964bac7
IBM S/390 architecture:
Size/MD5 checksum: 3335728 14f64e559f9ccb97876df9a0248b8069
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4_s390.deb
Size/MD5 checksum: 1343254 25bad4dcb964e713467344bf8a5fd31f
These files will probably be moved into the stable distribution
on its next revision.
–
Debian Security Advisory DSA 479-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 14th, 2004 http://www.debian.org/security/faq
Package : kernel-source-2.4.18 kernel-image-2.4.18-1-alpha
kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf
kernel-patch-2.4.18-powerpc
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177
CAN-2004-0178
Several serious problems have been discovered in the Linux
kernel. This update takes care of Linux 2.4.18 for the alpha, i386
and powerpc architectures. The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with
this update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the
Linux kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could lead
an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian Krahmer
and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code
of Linux. In a worst case an attacker could read sensitive data
such as cryptographic keys which would otherwise never hit disk
media. Theodore Ts’o developed a correction for this.
CAN-2004-0178
Andreas Kies discovered a denial of service condition in the
Sound Blaster driver in Linux. He also developed a correction.
These problems will also be fixed by upstream in Linux 2.4.26
and future versions of 2.6.
The following security matrix explains which kernel versions for
which architecture are already fixed. Kernel images in the unstable
Debian distribution (sid) will be fixed soon.
| Architecture | stable (woody) | unstable (sid) | removed in sid |
| source | 2.4.18-14.3 | 2.4.25-3 | — |
| alpha | 2.4.18-15 | soon | — |
| i386 | 2.4.18-13 | soon | — |
| i386bf | 2.4.18-5woody8 | soon | — |
| powerpc | 2.4.18-1woody5 | 2.4.25-8 | 2.4.22 |
We recommend that you upgrade your kernel packages immediately,
either with a Debian provided kernel or with a self compiled
one.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 664 a9d96cc8553c3a9085bad09e071c5814
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3.diff.gz
Size/MD5 checksum: 70724 4de077af92c196a6af7797d1ceea4004
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2
Size/MD5 checksum: 876 453a2a47eb3c6b748e75e0cb65bdd6bb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15.tar.gz
Size/MD5 checksum: 24922 f822e7999659ddcfd53dee73894afdc1
Size/MD5 checksum: 1327 d37593f6e47c2b9809530eb54deeae3e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.tar.gz
Size/MD5 checksum: 70213 c795ba781adbd8a19202d8d986a3d0da
Size/MD5 checksum: 656 278af48a357187864c52382eeb13451d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody8.tar.gz
Size/MD5 checksum: 26780 1f0c2eba8d3d90eef1a183f6b27f1fff
Size/MD5 checksum: 713 77511f3afefed1dd71c1f73e2e036000
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5.tar.gz
Size/MD5 checksum: 79970 2720d9864cdd05bfc6b3bd7228ca9083
Architecture independent components:
Size/MD5 checksum: 1720106 f25772ce2d398adc25509a1ae040c76f
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3_all.deb
Size/MD5 checksum: 24138244 d63666d64cb91f59f2feded30ef8ea70
Size/MD5 checksum: 79722 d822eaa6adcdd517d600d62c819db7b6
Alpha architecture:
Size/MD5 checksum: 3363486 862f6e8f85737dd13c6ca9b760384f1a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-15_alpha.deb
Size/MD5 checksum: 3512910 935ef424b222d336a642b2e7cd291e4a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-15_alpha.deb
Size/MD5 checksum: 3515528 6ef19a362ec019e79fdb057fea1c9fc2
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-15_alpha.deb
Size/MD5 checksum: 12424690 725ff255cf8941cfb5c77581d8a518d4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-15_alpha.deb
Size/MD5 checksum: 12801130 8d15f05215223ffcf9b11b3f682667d3
Intel IA-32 architecture:
Size/MD5 checksum: 3429534 1aac0648c6f5fdee84721799806ef07a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-13_i386.deb
Size/MD5 checksum: 3446290 a13776eb95c3661696f86e06a6dbac48
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-13_i386.deb
Size/MD5 checksum: 3446482 233230438756120878a4e4b96876e61b
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-13_i386.deb
Size/MD5 checksum: 3446444 b5f8437bfd3279ed3f4b2f63fc2d75f5
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-13_i386.deb
Size/MD5 checksum: 3446458 6dbbfba03667156316b184bd939d21e2
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-13_i386.deb
Size/MD5 checksum: 3446350 ff76c153c3eb285b1f7b035223bc1e39
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-13_i386.deb
Size/MD5 checksum: 3446324 dc2a142c75db787fdeb8a0c8e8941d1a
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-13_i386.deb
Size/MD5 checksum: 1154336 96f1e8262a5b11a8498d70643e87f546
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-13_i386.deb
Size/MD5 checksum: 1154362 8b4bc947b6ab39a2deb0731f891889f3
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-13_i386.deb
Size/MD5 checksum: 1154358 a6e7db160b30f90711be11260128a6bb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-13_i386.deb
Size/MD5 checksum: 1154414 cde845ca2c7b351ce79b66965a04a748
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-13_i386.deb
Size/MD5 checksum: 1154338 407aa3a3a95aa5cd8aaf5b34b306b1a4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb
Size/MD5 checksum: 1154342 152aca9d4a2d7014a9834c239d754d0e
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-13_i386.deb
Size/MD5 checksum: 5746 9a5675e9da37620b2b3c8dc1aebfa5d0
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-13_i386.deb
Size/MD5 checksum: 5758 325071afd718f4c0c1ba8769aba9864d
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-13_i386.deb
Size/MD5 checksum: 5778 212f47c992067729e8eb3da05c89c242
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-13_i386.deb
Size/MD5 checksum: 5804 683e3a330cfde650ede99e8a6a771149
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-13_i386.deb
Size/MD5 checksum: 5760 8a73b13a799928232f5028be37356ad2
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-13_i386.deb
Size/MD5 checksum: 5762 be2713125a6111ab76458e07d42f3634
Size/MD5 checksum: 3411032 c97ea4fcff846ac6d0dc945d601cb97c
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody8_i386.deb
Size/MD5 checksum: 6425640 83dc812db817e703eaa21451d048f4f7
PowerPC architecture:
Size/MD5 checksum: 3433044 0836b0d1fbcc5c9f440d5c75ff14f006
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody5_powerpc.deb
Size/MD5 checksum: 9456688 4473c2577d3be988993219b82ed90eda
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody5_powerpc.deb
Size/MD5 checksum: 10105472 ae0b1d57bfc8593d9aa4ad1403044607
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody5_powerpc.deb
Size/MD5 checksum: 10351786 f84fe609d7192a51c4f091c1c0893680
These files will probably be moved into the stable distribution
on its next revision.
–
Debian Security Advisory DSA 481-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 14th, 2004 http://www.debian.org/security/faq
Package : kernel-image-2.4.17-ia64
Vulnerability : several vulnerabilities
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177
CAN-2004-0178
Several serious problems have been discovered in the Linux
kernel. This update takes care of Linux 2.4.17 for the IA-64
architecture. The Common Vulnerabilities and Exposures project
identifies the following problems that will be fixed with this
update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the
Linux kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could lead
an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian Krahmer
and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code
of Linux. In a worst case an attacker could read sensitive data
such as cryptographic keys which would otherwise never hit disk
media. Theodore Ts’o developed a correction for this.
CAN-2004-0178
Andreas Kies discovered a denial of service condition in the
Sound Blaster driver in Linux. He also developed a correction for
this.
These problems will also be fixed by upstream in Linux 2.4.26
and future versions of 2.6.
For the stable distribution (woody) these problems have been
fixed in version 011226.17 for Linux 2.4.17.
For the unstable distribution (sid) these problems have been
fixed in version 2.4.25-5 for Linux 2.4.25 and in version 2.6.5-1
for Linux 2.6.5.
We recommend that you upgrade your kernel packages immediately,
either with a Debian provided kernel or with a self compiled
one.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 736 2f8bdbd5d82c972dee55ae3eb3051ebf
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.17.tar.gz
Size/MD5 checksum: 25407685 a4f251ad4275ee197e3f5b3aa76c45c9
Architecture independent components:
Size/MD5 checksum: 24730726 c6133857bb4423ecec496517f212da70
Intel IA-64 architecture:
Size/MD5 checksum: 3635930 ee77880f4ae85e0850115788e0bc18e6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.17_ia64.deb
Size/MD5 checksum: 7020714 942615101e2eb34833f53fa6eb7713d2
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.17_ia64.deb
Size/MD5 checksum: 7169180 04d65a0c0eae8b01488383ada809a936
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.17_ia64.deb
Size/MD5 checksum: 7011536 5388a3be55dfe67c54355d6974f26400
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.17_ia64.deb
Size/MD5 checksum: 7161438 7fca8b5dbaf833e15810acde2ad678de
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>