-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kernel SUMMARY : Vulnerabilities and bugfixes for the kernel DATE : 2003-07-22 14:27:00 ID : CLA-2003:701 RELEVANT RELEASES : 9 - ------------------------------------------------------------------------- DESCRIPTION The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. This update for Conectiva Linux 9 addresses several issues which are outlined below. Security fixes: 1. Denial of service in the TTY layer (CAN-2003-0247 [1][2]) Al Viro found a vulnerability in the TTY layer where a local attacker could cause a denial of service condition. 2. ioperm() restrictions (CAN-2003-0246 [3]) The ioperm() system call does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. 3. mxcsr (CAN-2003-0248 [4]) Andrea Arcangeli found a vulnerability in the mxcsr code which allows local attackers to change CPU registers, possibly causing a denial of service condition. 4. TCP/IP fragments denial of service (CAN-2003-0364 [5]) The TCP/IP fragment reassembly routines contain a denial of service vulnerability where a remote attacker is able to make the targeted system consume excessive amounts of CPU time due to hash table entries collisions. 5. Denial of service in routing table (CAN-2003-0244 [6]) There is a denial of service vulnerability in the routing cache table and in the netfilter connection tracking module which could be exploited by remote attackers. Carefully constructed network traffic, when hitting a vulnerable system, would cause internal hash table entries collisions and excessive CPU usage. 6. Insecure device permissions when using devfs [7] Christoph Hellwig <hchat_private> reported that the dev filesystem (devfs) creates several devices with insecure default permissions, which would allow local users to read from and write to these devices. Please note that "devfs" is not used by default in Conectiva Linux. Below are other important fixes, not security related, to the kernel pacakages: 7. Better ptrace[16] fix The previous patch which fixes the ptrace vulnerability also introduces some undesired collateral effects, such as the inability to ptrace some processes (useful when debugging) and gather command line parameters. 8. Module aic79xx missing [8] The kernel shipped with Conectiva Linux 9 did not have the aic79xx module, which is necessary for some SCSI Adaptec cards. 9. No drbd support [9] The kernel shipped with Conectiva Linux 9 did not have drbd support. In high availability systems, drbd is used to replicate data between the nodes. 10. IPX networking support [10] The "full internal IPX network" option was inadvertently enabled in the kernel packages shipped with Conectiva Linux 9. This caused problems in IPX networks. 11. "init=" boot parameter not working [11] The "init=" boot parameter in Conectiva Linux 9 does not work as expected, making it impossible to be used. This has been fixed. 12. Third party modules [12][13][14] The kernel packages have been fixed to allow the correct compilation of third party modules such as NVidia and vmware. Previously this was only possible via a sequence of make mrproper, make oldconfig and make dep. SOLUTION It is recommended that all Conectiva Linux 9 users upgrade their kernel packages. The kernel in Conectiva Linux 8 and 7.0 is also affected. These versions of the distribution will get a separate announcement. IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 9 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed). Generic kernel update instructions can be obtained in the manuals and in our updates page[17]. More detailed instructions are also available in Portuguese at our Moin[15] page. REFERENCES 1.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8527 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364 6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244 7.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8500 8.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8278 9.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8308 10.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8316 11.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8414 12.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8503 13.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8502 14.http://bugzilla.conectiva.com.br/show_bug.cgi?id=7456 15.https://moin.conectiva.com.br/UpdatingKernelPackages 16.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000589 17.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_4cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_4cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_4cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_4cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.pentium4.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribeat_private unsubscribe: conectiva-updates-unsubscribeat_private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/HXQg42jd0JmAcZARAuutAJ4vjghPKabsgTlyvE9AoueyHnnL3gCdHBG3 G2Gs76COhdoFAdVzJtXRQDs= =djVZ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 11:03:35 PDT