---

Slackware Linux Advisories: kernel, metamail

[slackware-security] Kernel security update
(SSA:2004-049-01)

New kernels are available for Slackware 9.1 and -current to fix
a bounds-checking problem in the kernel’s mremap() call which could
be used by a local attacker to gain root privileges. Please note
that this is not the same issue as CAN-2003-0985 which was fixed in
early January.

The kernels in Slackware 8.1 and 9.0 that were updated in
January are not vulnerable to this new issue because the patch from
Solar Designer that was used to fix the CAN-2003-0985 bugs also
happened to fix the problem that was discovered later.

Sites running Slackware 9.1 or -current should upgrade to a new
kernel. After installing the new kernel, be sure to run ‘lilo’.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077

Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Feb 18 03:44:42 PST 2004
patches/kernels/: Recompiled to fix another bounds-checking error
in the kernel mremap() code. (this is not the same issue that was
fixed on Jan 6) This bug could be used by a local attacker to gain
root privileges. Sites should upgrade to a new kernel. After
installing the new kernel, be sure to run ‘lilo’. For more details,
see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077

Thanks to Paul Starzetz for finding and researching this issue.
(* Security fix *)
patches/packages/kernel-ide-2.4.24-i486-2.tgz: Patched,
recompiled.
(* Security fix *)
patches/packages/kernel-source-2.4.24-noarch-2.tgz: Patched the
kernel source with a fix for the mremap() problem from Solar
Designer, and updated the Speakup driver (not pre-applied).
(* Security fix *)
+————————–+

WHERE TO FIND THE NEW PACKAGES:

Updated packages for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.24-i486-2.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.24-noarch-2.tgz

An alternate kernel may be installed. Those are found in this
directory:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-ide-2.4.24-i486-2.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-2.4.24-noarch-2.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/bootdisks/

ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/

MD5 SIGNATURES:

MD5 signatures may be downloaded from our FTP server:

Slackware 9.1 packages:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5

To verify authenticity, this file has been signed with the
Slackware GPG key (use ‘gpg –verify’):


ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5.asc

Slackware -current packages:

ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5


ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc

INSTALLATION INSTRUCTIONS:

Use upgradepkg to install the new kernel package. After
installing the kernel-ide package you will need to run lilo (‘lilo’
at a command prompt) or create a new system boot disk
(‘makebootdisk’), and reboot.

If desired, a kernel from the kernels/ directory may be used
instead. For example, to use the kernel in kernels/scsi.s/, you
would copy it to the boot directory like this:

cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.24

Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.24 /boot/vmlinuz

Then, run ‘lilo’ or create a new system boot disk and
reboot.


[slackware-security] metamail security update
(SSA:2004-049-02)

Metamail is a set of utilities for processing MIME mail.

New metamail packages are available for Slackware 8.1, 9.0, 9.1,
and -current. These fix two format string bugs and two buffer
overflows which could lead to unauthorized code execution.

Thanks to Ulf Härnhammar for discovering these
problems and providing a patch.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105

Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Feb 18 03:44:42 PST 2004
patches/packages/metamail-2.7-i486-2.tgz: Patched two format string
bugs and two buffer overflows in metamail which could lead to
unauthorized code execution. Thanks to Ulf
Härnhammar for discovering these problems and
providing a patch.
(* Security fix *)
+————————–+

WHERE TO FIND THE NEW PACKAGE:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/metamail-2.7-i386-2.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/metamail-2.7-i386-2.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/metamail-2.7-i486-2.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/metamail-2.7-i486-2.tgz

MD5 SIGNATURES:

Slackware 8.1 package:
2472a9ac8eefc7d919c0dff517651be6 metamail-2.7-i386-2.tgz

Slackware 9.0 package:
4f283c4ad8429fd0e9ed92f3e95e93c7 metamail-2.7-i386-2.tgz

Slackware 9.1 package:
d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz

Slackware -current package:
d9947ffb77c68930ed4826dfab4af91b metamail-2.7-i486-2.tgz

INSTALLATION INSTRUCTIONS:

Upgrade the metamail package with upgradepkg:

# upgradepkg metamail-2.7-i486-2.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis