LBA-Linux Advisories: kernel, php | Linux Today

LBA-Linux Advisories: kernel, php

Written By
Web Webster
Web Webster
Jul 26, 2004

LBA-Linux Security Advisory

Subject: Updated kernel package for LBA-Linux R1
Advisory ID: LBASA-2004:19
Date: Monday, July 26, 2004
Product: LBA-Linux R1


Problem description:

This security update fixes two problems:

1.
There is a remotely exploitable bug in all Linux kernel 2.6 series
due to using incorrect variable type. Vulnerability is connected to
netfilter subsystem and may cause DoS. It’s disclosed only when
using iptables with rules matching TCP options (i.e. –tcp-option).
There is no difference what action is taking up by matching rule.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-0626 to this issue.

2.
During an audit of the Linux kernel, SUSE discovered a flaw in the
Linux kernel that inappropriately allows an unprivileged user to
change the group ID of a file to his/her own group ID. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-0497 to this issue.

Updated packages:

LBA-Linux R1:

i386:

ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-2.6.3-2.1.253.lba.4.i586.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-2.6.3-2.1.253.lba.4.i686.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-doc-2.6.3-2.1.253.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-smp-2.6.3-2.1.253.lba.4.i586.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-smp-2.6.3-2.1.253.lba.4.i686.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-source-2.6.3-2.1.253.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named kernel to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://www.securityfocus.com/archive/1/367615

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0626

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0497

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated php package for LBA-Linux R1
Advisory ID: LBASA-2004:20
Date: Monday, July 26, 2004
Product: LBA-Linux R1


Problem description:

This security update fixes two problems:

CAN-2004-0594
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up
to 5.0.0RC3, under certain conditions such as when register_globals
is enabled, allows remote attackers to execute arbitrary code by
triggering a memory_limit abort during execution of the
zend_hash_init function and overwriting a HashTable destructor
pointer before the initialization of key data structures is
complete.

CAN-2004-0595
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to
5.0.0RC3, does not filter null (_SA_F1_) characters within tag
names when restricting input to allowed tags, which allows
dangerous tags to be processed by web browsers such as Internet
Explorer and Safari, which ignore null characters and facilitate
the exploitation of cross-site scripting (XSS) vulnerabilities.

Updated packages:

LBA-Linux R1:

i386:

ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-devel-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-domxml-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-ldap-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-mysql-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-odbc-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-pear-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-pgsql-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-snmp-4.3.4-10.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/php-xmlrpc-4.3.4-10.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named php to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595

Copyright(c) 2001-2004 SOT

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.