- -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0011 Package name: samba Summary: Remote root compromise Date: 2003-03-18 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Package description: Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Problem description: A buffer overrun has been found in all versions of Samba from 2.0.* to 2.2.7a inclusive. This allows a remote attacker to gain root privileges on a samba server. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Note to users of 1.01, 1.1 and 1.2: This is a major upgrade. Please make sure the upgrade went well. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/>; <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/>; <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/>; Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY>; The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/>; and <URI:http://www.trustix.net/errata/trustix-1.5/>; or directly at <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0011-samba.asc.txt>; MD5sums of the packages: - -------------------------------------------------------------------------- 85205bd02a486a7cf78a3024c82b9345 ./1.1/RPMS/samba-2.2.8-1tr.i586.rpm 737857165bef888a6f3dcab3eb23ae72 ./1.1/RPMS/samba-client-2.2.8-1tr.i586.rpm c19635082b7b3020947cfce73a73c46a ./1.1/RPMS/samba-common-2.2.8-1tr.i586.rpm 41a6e603c790f447e26c30dadb7656e9 ./1.1/SRPMS/samba-2.2.8-1tr.src.rpm b573f527f711fdd254cca8ceea6f7e9b ./1.2/RPMS/samba-2.2.8-1tr.i586.rpm 1618f2c6601523acb0963868097686ea ./1.2/RPMS/samba-client-2.2.8-1tr.i586.rpm 9fbe0e3fa074839dd18803e76411536e ./1.2/RPMS/samba-common-2.2.8-1tr.i586.rpm 20d4e0b39aa49967012055307327c0ff ./1.2/SRPMS/samba-2.2.8-1tr.src.rpm ea570f59553616b8f5357eb2800aa902 ./1.5/RPMS/samba-2.2.8-1tr.i586.rpm 39363aa49754812771aba50901ea853f ./1.5/RPMS/samba-client-2.2.8-1tr.i586.rpm eb6d6928ac6010163eed866dd53bb035 ./1.5/RPMS/samba-common-2.2.8-1tr.i586.rpm 20d4e0b39aa49967012055307327c0ff ./1.5/SRPMS/samba-2.2.8-1tr.src.rpm - -------------------------------------------------------------------------- Trustix Security Team - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0009 Package name: mysql Summary: Serveral security fixes Date: 2003-03-18 Affected versions: TSL 1.5 - -------------------------------------------------------------------------- Package description: MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. Problem description: From the changes file for 3.26.56: * Security enhancement: `mysqld' no longer reads options from world-writeable config files. * Security enhancement: `mysqld' and `safe_mysqld' now only use the first --user option specified on the command line. (Normally this comes from `/etc/my.cnf') * Security enhancement: Don't allow BACKUP TABLE to overwrite existing files. In additon, a number bugs has been fixed. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/>; <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/>; <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/>; Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY>; The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.5/>; or directly at <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0009-mysql.asc.txt>; MD5sums of the packages: - -------------------------------------------------------------------------- 9ea1a572675744394575d974630b7f6e ./1.5/RPMS/mysql-3.23.56-1tr.i586.rpm 54bd7f9b9dafbd4bfdb8e124578b2d50 ./1.5/RPMS/mysql-bench-3.23.56-1tr.i586.rpm 7b6f9f9f0c2524fc4f80b6f418d9b7fa ./1.5/RPMS/mysql-client-3.23.56-1tr.i586.rpm 0bf07520f4fa4312316c0de424140c2c ./1.5/RPMS/mysql-devel-3.23.56-1tr.i586.rpm 60825d7464bae1290d449b24509d6005 ./1.5/RPMS/mysql-shared-3.23.56-1tr.i586.rpm 32dc960efdb9c6cb06a6b19476a835e7 ./1.5/SRPMS/mysql-3.23.56-1tr.src.rpm - -------------------------------------------------------------------------- Trustix Security Team - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0010 Package name: openssl Summary: Secret key recovery Date: 2003-03-18 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Package description: OpenSSL is a C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL. Problem description: An attack has been demonstrated against the OpenSSL library which can allow remote recovery of an RSA secret key. This update package forces RSA blinding and will prevent this attack. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/>; <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/>; <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/>; Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY>; The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/>; and <URI:http://www.trustix.net/errata/trustix-1.5/>; or directly at <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0010-openssl.asc.txt>; MD5sums of the packages: - -------------------------------------------------------------------------- 6837358b16711b87293cf59bb0b44268 1.1/RPMS/openssl-0.9.6-13tr.i586.rpm 206b30a0e05ff11e6402702681f47695 1.1/RPMS/openssl-devel-0.9.6-13tr.i586.rpm c3d24ac06f439a7a7cccaddcfade297b 1.1/RPMS/openssl-python-0.9.6-13tr.i586.rpm b3b626b576956453ad490cb82fe7daea 1.1/RPMS/openssl-support-0.9.6-13tr.i586.rpm 70c26cd5310ae6ed56f140c13c2a850f 1.1/SRPMS/openssl-0.9.6-13tr.src.rpm 556561bb570300087232aeb881d853df 1.2/RPMS/openssl-0.9.6-13tr.i586.rpm 97899369f6bd470eea1a097f4dd49b2b 1.2/RPMS/openssl-devel-0.9.6-13tr.i586.rpm 910e4e2383f7e9cd264d3b2629448133 1.2/RPMS/openssl-python-0.9.6-13tr.i586.rpm 5891b2bf8f3da7a4af1c946059dbf867 1.2/RPMS/openssl-support-0.9.6-13tr.i586.rpm 70c26cd5310ae6ed56f140c13c2a850f 1.2/SRPMS/openssl-0.9.6-13tr.src.rpm c2aad9ca4af09b6ddd5301c590961b5e 1.5/RPMS/openssl-0.9.6-13tr.i586.rpm e8b83760edde274732c02f86b5a75a08 1.5/RPMS/openssl-devel-0.9.6-13tr.i586.rpm a4ea4a209355183d12abca85d0855416 1.5/RPMS/openssl-python-0.9.6-13tr.i586.rpm 09e8f98ac9a507fd8733cd30b780b1fb 1.5/RPMS/openssl-support-0.9.6-13tr.i586.rpm 70c26cd5310ae6ed56f140c13c2a850f 1.5/SRPMS/openssl-0.9.6-13tr.src.rpm - -------------------------------------------------------------------------- Trustix Security Team - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0007 Package name: kernel Summary: Local root compromise Date: 2003-03-18 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Problem description: From the announce of 2.2.25 posted on linux-kernel: The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Action: We recommend that all systems with this package installed be upgraded. Note that swup with the default config will not update kernel packages so you will need to update this package manually. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/>; <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/>; <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/>; Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY>; The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/>; and <URI:http://www.trustix.net/errata/trustix-1.5/>; or directly at <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0007-kernel.asc.txt>; MD5sums of the packages: - -------------------------------------------------------------------------- 3a813391c5e3c41c2be6b5657698a713 ./1.1/RPMS/kernel-2.2.25-1tr.i586.rpm 6844dab3ae60c81ddfa0b39925c3821a ./1.1/RPMS/kernel-BOOT-2.2.25-1tr.i586.rpm 4e594c41a5b19ae439f27f277bc4a483 ./1.1/RPMS/kernel-doc-2.2.25-1tr.i586.rpm 52b44d2455be7fd0a4b238e56e8e9089 ./1.1/RPMS/kernel-headers-2.2.25-1tr.i586.rpm 7bbb25d20ef63dde0362bad50a378cad ./1.1/RPMS/kernel-smp-2.2.25-1tr.i586.rpm be6272bd4904ad9f5ad9bc9fd9099c39 ./1.1/RPMS/kernel-source-2.2.25-1tr.i586.rpm 2cb946c29af479e2c12b315332b93a2a ./1.1/RPMS/kernel-utils-2.2.25-1tr.i586.rpm bb6e2b12fb318ed7f8c0148845088cdd ./1.1/SRPMS/kernel-2.2.25-1tr.src.rpm d657bbcdadcdbe60ef7621c2277ca7cf ./1.2/RPMS/kernel-2.2.25-1tr.i586.rpm 26bc2857a91e3943d0d26ad9319bd6ba ./1.2/RPMS/kernel-BOOT-2.2.25-1tr.i586.rpm 9b43d240edf407c83005f4c96654a7e0 ./1.2/RPMS/kernel-doc-2.2.25-1tr.i586.rpm eacc6962059222714297baf73ac987a4 ./1.2/RPMS/kernel-headers-2.2.25-1tr.i586.rpm afae2d3b57ea12308f385feb84051bb1 ./1.2/RPMS/kernel-smp-2.2.25-1tr.i586.rpm 4afdd9eb008eb77e0c8f502ef4c05fd9 ./1.2/RPMS/kernel-source-2.2.25-1tr.i586.rpm f91cb757fc53befbc01a3bc2b0008ea6 ./1.2/RPMS/kernel-utils-2.2.25-1tr.i586.rpm bb6e2b12fb318ed7f8c0148845088cdd ./1.2/SRPMS/kernel-2.2.25-1tr.src.rpm 9c86ed92bfac30c5a9a1a2d5b671b86f ./1.5/RPMS/kernel-2.2.25-1tr.i586.rpm 409e3e14ca954bd93d0c978a2e9e38c6 ./1.5/RPMS/kernel-BOOT-2.2.25-1tr.i586.rpm 2f8c660387c0d8a210fee48bf533a9dc ./1.5/RPMS/kernel-doc-2.2.25-1tr.i586.rpm 20ed3c60fee709a86151447ae518ae75 ./1.5/RPMS/kernel-headers-2.2.25-1tr.i586.rpm 8ed0a58f326fad4ff013a4e1b0c817ba ./1.5/RPMS/kernel-smp-2.2.25-1tr.i586.rpm d507848c0ae72cb3117d4d4c661cf218 ./1.5/RPMS/kernel-source-2.2.25-1tr.i586.rpm fda33aab763b978e0ca04d5be166f921 ./1.5/RPMS/kernel-utils-2.2.25-1tr.i586.rpm bb6e2b12fb318ed7f8c0148845088cdd ./1.5/SRPMS/kernel-2.2.25-1tr.src.rpm - -------------------------------------------------------------------------- Trustix Security Team
Trustix Secure Linux Advisories: samba, mysql, openssl, kernel
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis