TSLSA-2002-0083 - kernel

From: Trustix Secure Linux Advisor (tslat_private)
Date: Thu Dec 19 2002 - 11:50:49 PST

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0087 - perl"

Previous message: Trustix Secure Linux Advisor: "TSLSA-2002-0084 - tcpdump"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0083

Package name:      kernel
Summary:           Local DoS
Date:              2002-19-12
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.


Problem description:
  In all Linux 2.2 kernels up to and including 2.2.23, the /proc/<pid>/mem
  interface can be abused to crash the system.  This release is patched
  disabling the usage of mmap() on /proc/<pid>/mem.


Action:
  We recommend that all systems with this package installed be upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
8bf46717922b74dce7cce2c20c1c40b2  ./1.1/RPMS/kernel-2.2.22-8tr.i586.rpm
128f2bedd2b75b5b826e1192b1c8014f  ./1.1/RPMS/kernel-BOOT-2.2.22-8tr.i586.rpm
4faa41fa29ef216e410b502bf7f3bc8d  ./1.1/RPMS/kernel-doc-2.2.22-8tr.i586.rpm
e96cb88f6265670a9df6693bb5146c76  ./1.1/RPMS/kernel-headers-2.2.22-8tr.i586.rpm
a863c612964514d0414d39c838edd33c  ./1.1/RPMS/kernel-smp-2.2.22-8tr.i586.rpm
8281ac5ac9db2edfd774b0b36cd29305  ./1.1/RPMS/kernel-source-2.2.22-8tr.i586.rpm
871ff841cc270853e40685b1ca73ee7b  ./1.1/RPMS/kernel-utils-2.2.22-8tr.i586.rpm
6fbf42ab35d5eaf8140b1a1725655bb5  ./1.1/SRPMS/kernel-2.2.22-8tr.src.rpm
c2edcf9e0aa8deff4a85e680d654e6dd  ./1.2/RPMS/kernel-2.2.22-8tr.i586.rpm
992d44d4fa51bf4098ffa595da758e90  ./1.2/RPMS/kernel-BOOT-2.2.22-8tr.i586.rpm
ecbbcfc05db0f38ec1e76488a8b0ca72  ./1.2/RPMS/kernel-doc-2.2.22-8tr.i586.rpm
8f101137b75b75b12345f659abb352a6  ./1.2/RPMS/kernel-headers-2.2.22-8tr.i586.rpm
7039175a62f4a9ac561377ef57f61ea9  ./1.2/RPMS/kernel-smp-2.2.22-8tr.i586.rpm
1dd50cf1b95272ce95db2037d4e1d477  ./1.2/RPMS/kernel-source-2.2.22-8tr.i586.rpm
0b92b66f37b6811c329d6c96f21df7c1  ./1.2/RPMS/kernel-utils-2.2.22-8tr.i586.rpm
6fbf42ab35d5eaf8140b1a1725655bb5  ./1.2/SRPMS/kernel-2.2.22-8tr.src.rpm
6b9a40f9e62b263fdb2375172655dbcd  ./1.5/RPMS/kernel-2.2.22-8tr.i586.rpm
3eb4bfd459653baa628d3eea3935ab9b  ./1.5/RPMS/kernel-BOOT-2.2.22-8tr.i586.rpm
b721d5c6ff919dea0323de510abc0a85  ./1.5/RPMS/kernel-doc-2.2.22-8tr.i586.rpm
0a792c78a2c912115fd9ad741b75ccfe  ./1.5/RPMS/kernel-headers-2.2.22-8tr.i586.rpm
1e33ee7bc7a7caafbadd9e0f0114977b  ./1.5/RPMS/kernel-smp-2.2.22-8tr.i586.rpm
5677a192a348c38513c08dfc6aa28b04  ./1.5/RPMS/kernel-source-2.2.22-8tr.i586.rpm
e1da8df14695e351d6e0d27c91c991f2  ./1.5/RPMS/kernel-utils-2.2.22-8tr.i586.rpm
6fbf42ab35d5eaf8140b1a1725655bb5  ./1.5/SRPMS/kernel-2.2.22-8tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+AhWhwRTcg4BxxS0RAg5SAJ91WGHrd62kyKo3HX2jOKpYwyh/EgCfRGCt
qwNq+X+7+E/XuM9afdyGn5s=
=b0Kv
-----END PGP SIGNATURE-----

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0087 - perl"
Previous message: Trustix Secure Linux Advisor: "TSLSA-2002-0084 - tcpdump"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:22:55 PST