---

Debian GNU/Linux Advisories: kernel, xaos


Debian Security Advisory DSA 311-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
June 8th, 2003 http://www.debian.org/security/faq

Package : kernel
Vulnerability : several
Problem-Type : local, remote
Debian-specific : no
CVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244
CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364

A number of vulnerabilities have been discovered in the Linux
kernel.

  • – CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c
    for Linux kernels 2.4.18 and earlier on x86 systems allow local
    users to kill arbitrary processes via a a binary compatibility
    interface (lcall)
  • – CAN-2003-0001: Multiple ethernet Network Interface Card (NIC)
    device drivers do not pad frames with null bytes, which allows
    remote attackers to obtain information from previous packets or
    kernel memory by using malformed packets
  • – CAN-2003-0127: The kernel module loader allows local users to
    gain root privileges by using ptrace to attach to a child process
    that is spawned by the kernel
  • – CAN-2003-0244: The route cache implementation in Linux 2.4,
    and the Netfilter IP conntrack module, allows remote attackers to
    cause a denial of service (CPU consumption) via packets with forged
    source addresses that cause a large number of hash table collisions
    related to the PREROUTING chain
  • – CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20
    and earlier does not properly restrict privileges, which allows
    local users to gain read or write access to certain I/O ports.
  • – CAN-2003-0247: vulnerability in the TTY layer of the Linux
    kernel 2.4 allows attackers to cause a denial of service (“kernel
    oops”)
  • – CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows
    attackers to modify CPU state registers via a malformed
    address.
  • – CAN-2003-0364: The TCP/IP fragment reassembly handling in the
    Linux kernel 2.4 allows remote attackers to cause a denial of
    service (CPU consumption) via certain packets that cause a large
    number of hash table collisions

This advisory covers only the i386 (Intel IA32) architectures.
Other architectures will be covered by separate advisories.

For the stable distribution (woody) on the i386 architecture,
these problems have been fixed in kernel-source-2.4.18 version
2.4.18-9, kernel-image-2.4.18-1-i386 version 2.4.18-8, and
kernel-image-2.4.18-i386bf version 2.4.18-5woody1.

For the unstable distribution (sid) these problems are fixed in
the 2.4.20 series kernels based on Debian sources.

We recommend that you update your kernel packages.

If you are using the kernel installed by the installation system
when the “bf24” option is selected (for a 2.4.x kernel), you should
install the kernel-image-2.4.18-bf2.4 package. If you installed a
different kernel-image package after installation, you should
install the corresponding 2.4.18-1 kernel. You may use the table
below as a guide.

| If “uname -r” shows: | Install this package:


| 2.4.18-bf2.4         | kernel-image-2.4.18-bf2.4
| 2.4.18-386           | kernel-image-2.4.18-1-386
| 2.4.18-586tsc        | kernel-image-2.4.18-1-586tsc
| 2.4.18-686           | kernel-image-2.4.18-1-686
| 2.4.18-686-smp       | kernel-image-2.4.18-1-686-smp
| 2.4.18-k6            | kernel-image-2.4.18-1-k6
| 2.4.18-k7            | kernel-image-2.4.18-1-k7

NOTE: that this kernel is not binary compatible with the
previous version. For this reason, the kernel has a different
version number and will not be installed automatically as part of
the normal upgrade process. Any custom modules will need to be
rebuilt in order to work with the new kernel. New PCMCIA modules
are provided for all of the above kernels.

NOTE: A system reboot will be required immediately after the
upgrade in order to replace the running kernel. Remember to read
carefully and follow the instructions given during the kernel
upgrade process.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-8.dsc

Size/MD5 checksum: 1322 945d8d05b054684880e3af31b28a9e49

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-8.tar.gz

Size/MD5 checksum: 69411 0fa830e16d4f5e46fe1f0ebe0343d11c

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-8_i386.deb

Size/MD5 checksum: 3397470 b79b975b73aa31da8b9938aba905a9f6

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-8_i386.deb

Size/MD5 checksum: 3487116 90799a6ccc058be247b235c21ec61503

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-8_i386.deb

Size/MD5 checksum: 3487614 9453587923dd16a964b028d4ba2f9a63

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-8_i386.deb

Size/MD5 checksum: 3487368 5513db336e824b2d16aa503a292047f0

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-8_i386.deb

Size/MD5 checksum: 3488672 afbb191c23dfabb30fe7a8aa1a99bd1f

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-8_i386.deb

Size/MD5 checksum: 3487282 70ee63953c653de7dfa83531b8ce1245

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-8_i386.deb

Size/MD5 checksum: 3487402 27c7b5077ed009217a01dbeafa311915

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-8_i386.deb

Size/MD5 checksum: 8795814 1cc6de04aa29d9766d48c4c36ae64b3e

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-8_i386.deb

Size/MD5 checksum: 8703468 43a2d50765140751ac8fd878f7b66950

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-8_i386.deb

Size/MD5 checksum: 8700336 894ded8e3e34be04b741ac706d5cc288

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-8_i386.deb

Size/MD5 checksum: 8959054 b59983d4ed1d9f214fe17bf624a85df7

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-8_i386.deb

Size/MD5 checksum: 8659474 6d86c580433b69464c238e69eec8ad9e

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-8_i386.deb

Size/MD5 checksum: 8861530 5f1935679b4628636f8da61f54a95fee

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-8_i386.deb

Size/MD5 checksum: 227910 06d05b43ca1a5ec9700274f6d1035c31

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-8_i386.deb

Size/MD5 checksum: 227482 c5f357cf54a363ff62f6037a41a0702a

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-8_i386.deb

Size/MD5 checksum: 226924 9d8aa23b21e71aa603c66f47f35e967f

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-8_i386.deb

Size/MD5 checksum: 230574 7d25c186114a62b609bedab0f5354d0b

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-8_i386.deb

Size/MD5 checksum: 226564 540eabdaf90bcda800221c712c996524

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-8_i386.deb

Size/MD5 checksum: 229836 d63194dd5ae452d0a7d814ee9b75a60a

Source archives:


http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody1.dsc

Size/MD5 checksum: 653 d3a0a6b26b6282d9ba8af5c2f7008378

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody1.tar.gz

Size/MD5 checksum: 25420 66fe5aac9c60c4dfa865d563dfbbaed5

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody1_i386.deb

Size/MD5 checksum: 3409156 325717b6867a715d5a0ef8364d8cb29c

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody1_i386.deb

Size/MD5 checksum: 6423164 d510d8aaedbeb91fa2e90e9cabf5b39b

Source archives:


http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9.dsc

Size/MD5 checksum: 796 fac77414e913e144645d22048b19bf01

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9.diff.gz

Size/MD5 checksum: 60409 443b9fee98c7d22995efbdeca3ca1afc

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz

Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2

Architecture independent components:


http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-9_all.deb

Size/MD5 checksum: 1709588 9bbb7ae427dc843d0c5ebe0f4a013cb4

http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9_all.deb

Size/MD5 checksum: 23885800 e12cb29bd638ec9bdedacd07f31a6921

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/p/pcmcia-cs/pcmcia-modules-2.4.18-bf2.4_3.1.33-6woody1k5woody1_i386.deb

Size/MD5 checksum: 403194 30c203861afa9678cc5fb08f90021ba6

These files will probably be moved into the stable distribution
on its next revision.


Debian Security Advisory DSA 310-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
June 8th, 2003 http://www.debian.org/security/faq

Package : xaos
Vulnerability : improper setuid-root execution
Problem-Type : local
Debian-specific : no

XaoS, a program for displaying fractal images, is installed
setuid root on certain architectures in order to use svgalib, which
requires access to the video hardware. However, it is not designed
for secure setuid execution, and can be exploited to gain root
privileges.

In these updated packages, the setuid bit has been removed from
the xaos binary. Users who require the svgalib functionality should
grant these privileges only to a trusted group.

This vulnerability is exploitable in version 3.0-18 (potato) on
i386 and alpha architectures, and in version 3.0-23 (woody) on the
i386 architecture only.

For the stable distribution (woody) this problem has been fixed
in version 3.0-23woody1.

For the old stable distribution (potato) this problem has been
fixed in version 3.0-18potato1.

For the unstable distribution (sid) this problem has been fixed
in version 3.1r-4.

We recommend that you update your xaos package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato


Source archives:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1.dsc

Size/MD5 checksum: 656 b1e362a474d581ba1824da60b6d0820f

http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1.diff.gz

Size/MD5 checksum: 12875 39439ff29e99e622e0740c0ed5649ec0

http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0.orig.tar.gz

Size/MD5 checksum: 491030 5a63c3b696821e5d5d566ad9da308117

Alpha architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_alpha.deb

Size/MD5 checksum: 301304 b8223ba542c4f94303a87bf4b59da1aa

ARM architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_arm.deb

Size/MD5 checksum: 255420 32d3f7ec3f08a69c9f69748dd8eb0b7d

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_i386.deb

Size/MD5 checksum: 265706 c1bc554debfe8f6db35967221ad2523b

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_m68k.deb

Size/MD5 checksum: 238206 bfb273abb997b558f28e6d42a0ce7f40

PowerPC architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_powerpc.deb

Size/MD5 checksum: 259944 c3896220cf2a49c534c7e56daf6c3354

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_sparc.deb

Size/MD5 checksum: 264324 53527bd2c6f16b8a1db962ba15e5e5b0

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1.dsc

Size/MD5 checksum: 614 aa5a4173d03ddf6da942bbe695e646ec

http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1.diff.gz

Size/MD5 checksum: 13151 42a7e4faf31422ae75ba2b8fe67bf9d7

http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0.orig.tar.gz

Size/MD5 checksum: 491030 5a63c3b696821e5d5d566ad9da308117

Alpha architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_alpha.deb

Size/MD5 checksum: 279926 7b7a28e6ba9d131100b1029cf33b2e37

ARM architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_arm.deb

Size/MD5 checksum: 257958 d396c2c8738217064e1920a562565e45

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_i386.deb

Size/MD5 checksum: 264816 31590033134a75d3c4e6d75d103ffd23

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_ia64.deb

Size/MD5 checksum: 341294 601627022d14f90785a517c56f8d930e

HP Precision architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_hppa.deb

Size/MD5 checksum: 310934 7e5777a884f8cc891887a27f8fedba3f

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_m68k.deb

Size/MD5 checksum: 237376 33b445e27055f6842bad5e9c31f52704

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_mips.deb

Size/MD5 checksum: 268060 2eb4e8c435e8d2bfc66efe7be9e07373

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_mipsel.deb

Size/MD5 checksum: 268362 7a053d46c1b7700e9cda511b36bfae21

PowerPC architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_powerpc.deb

Size/MD5 checksum: 258706 51ffe73454ea16c3cb7c9b6cdde7a905

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_s390.deb

Size/MD5 checksum: 252020 a894fc0d12fb273070bcef7edad23eeb

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_sparc.deb

Size/MD5 checksum: 260600 3652647f2f5331338e214c4d0be7105c

These files will probably be moved into the stable distribution
on its next revision.


For apt-get: deb http://security.debian.org/
stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis