Slackware Linux Advisory: kernel

[slackware-security] kernel security updates
(SSA:2004-119-01)

New kernel packages are available for Slackware 9.1 and -current
to fix security issues. Also available are new kernel modules
packages (including alsa-driver), and a new version of the hotplug
package for Slackware 9.1 containing some fixes for using 2.4.26
(and 2.6.x) kernel modules.

The most serious of the fixed issues is an overflow in
ip_setsockopt(), which could allow a local attacker to gain root
access, or to crash or reboot the machine. This bug affects 2.4
kernels from 2.4.22 – 2.4.25. Any sites running one of those kernel
versions should upgrade right away. After installing the new
kernel, be sure to run ‘lilo’.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424

Here are the details from the Slackware 9.1 ChangeLog:
+————————–+
Wed Apr 28 10:19:51 PDT 2004
patches/packages/kernel-ide-2.4.26-i486-2.tgz: The first version of
this package included one of the old 2.4.22 kernels by mistake.
Thanks to the many people who pointed out this error. Sorry!
(* Security fix *)
+————————–+
Tue Apr 27 15:25:29 PDT 2004
patches/packages/alsa-driver-0.9.8-i486-3.tgz: Recompiled for Linux
2.4.26.
patches/packages/hotplug-2004_01_05-noarch-1.tgz: This adds
bugfixes for using a 2.6.x kernel, and adds the broken via-ircc
module to the hotplug blacklist.
Note that upgrading the package will not replace an existing
blacklist, but as far as I can tell there are no ill effects from
trying to load via-ircc other than the ugly mess on the screen at
boot time.
patches/packages/kernel-ide-2.4.26-i486-1.tgz: Upgraded to Linux
2.4.26.
patches/packages/kernel-headers-2.4.26-i386-1.tgz: Upgraded to
Linux 2.4.26.
patches/packages/kernel-modules-2.4.26-i486-1.tgz: Upgraded to
Linux 2.4.26.
patches/packages/kernel-source-2.4.26-noarch-1.tgz: Upgraded to
Linux 2.4.26.
patches/packages/kernels/*: Upgraded to Linux 2.4.26.
These 2.4.26 kernel upgrades fix:
an overflow in ip_setsockopt() [CAN-2004-0424] a flaw in do_fork()
that could lead to a DoS an (unexploitable) overflow in panic()
[CAN-2004-0394]
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424

(* Security fix *)

WHERE TO FIND THE NEW PACKAGES:

Updated packages for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-driver-0.9.8-i486-3.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/hotplug-2004_01_05-noarch-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.26-i486-2.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-headers-2.4.26-i386-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-modules-2.4.26-i486-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.26-noarch-1.tgz
New precompiled kernels:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-ide-2.4.26-i486-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-2.4.26-i486-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-2.4.26-i386-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-2.4.26-noarch-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/alsa-driver-1.0.4-i486-2.tgz

New precompiled kernels:
ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/

MD5 SIGNATURES:

Slackware 9.1 packages:
e628350bb01c18d7a6ad4706961601d8 alsa-driver-0.9.8-i486-3.tgz
be986b3ebfd3a398990b249422707b84 hotplug-2004_01_05-noarch-1.tgz
b45ba64a70f256ff33b35fb1ca409063
kernel-headers-2.4.26-i386-1.tgz
a834060c508607169e98db7ede93409d kernel-ide-2.4.26-i486-2.tgz
b34e78fa2b9f451007fa3a0849faedfe
kernel-modules-2.4.26-i486-1.tgz
ac3437a4ade365dce9b94afb3cb85d75
kernel-source-2.4.26-noarch-1.tgz

Slackware -current packages:
aa05198221027c6ce9055595ee76c409 kernel-ide-2.4.26-i486-1.tgz
1d2f8a04342dbf8482f67d9787a693c4
kernel-modules-2.4.26-i486-1.tgz
9e726b8766e807147cf4859a6bb33f48
kernel-headers-2.4.26-i386-1.tgz
ac3437a4ade365dce9b94afb3cb85d75
kernel-source-2.4.26-noarch-1.tgz
3922b3ebba1029e0f1041dc6a1926bd2 alsa-driver-1.0.4-i486-2.tgz

INSTALLATION INSTRUCTIONS:

Use upgradepkg to install the new packages. After installing the
kernel-ide package you will need to run lilo (‘lilo’ at a command
prompt) or create a new system boot disk (‘makebootdisk’), and
reboot.

If desired, a kernel from the kernels/ directory may be used
instead. For example, to use the kernel in kernels/scsi.s/, you
would copy it to the boot directory like this:

cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.26

Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz

Then, run ‘lilo’ or create a new system boot disk and
reboot.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Slackware Linux Advisory: kernel

WHERE TO FIND THE NEW PACKAGES:

MD5 SIGNATURES:

INSTALLATION INSTRUCTIONS:

Get the Free Newsletter!

Must Read

8 Best Free and Open Source Linux Anti-Spam Tools

Best Free and Open Source Alternatives to Apple Zoom

6 Best Free and Open Source PHP Microframeworks

Debian 12.10 “Bookworm” Released with 66 Bug Fixes and 43 Security Updates

11 Best Free and Open Source Graphical Email Clients

Our Brands