Trustix Secure Linux Information for VU#490620

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0001

Package name:      kernel
Summary:           mremap fix
Date:              2004-01-05
Affected versions: TSL 2.0

- --------------------------------------------------------------------------
Package description:
 The kernel package contains the Linux kernel (vmlinuz), the core of your
 Trustix Secure Linux operating system.  The kernel handles the basic
 functions of the operating system:  memory allocation, process allocation,
 device input and output, etc.


Problem description:
 The kernel packages prior to this update suffers from a bug in the mremap
 function. This issue is fixed in this update. We have also fixed some minor
 bugs in the structure of the packages.


Action:
 We recommend that all systems with this package installed be upgraded.


Location:
 All TSL updates are available from
 <URI:http://http.trustix.org/pub/trustix/updates/>
 <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
 Trustix Secure Linux is a small Linux distribution for servers. With focus
 on security and stability, the system is painlessly kept safe and up to
 date from day one using swup, the automated software updater.


Automatic updates:
 Users of the SWUP tool can enjoy having updates automatically
 installed using 'swup --upgrade'.


Public testing:
 Most updates for Trustix are made available for public testing some time
 before release.
 If you want to contribute by testing the various packages in the
 testing tree, please feel free to share your findings on the
 tsl-discuss mailinglist.
 The testing tree is located at
 <URI:http://tsldev.trustix.org/cloud/>

 You may also use swup for public testing of updates:
 
 site {
     class = 0
     location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf"
     regexp = ".*"
 }
 

Questions?
 Check out our mailing lists:
 <URI:http://www.trustix.org/support/>


Verification:
 This advisory along with all TSL packages are signed with the TSL sign key.
 This key is available from:
 <URI:http://www.trustix.org/TSL-SIGN-KEY>

 The advisory itself is available from the errata pages at
 <URI:http://www.trustix.org/errata/trustix-2.0/>
 or directly at
 <URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0001-kernel.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
21778052346a0cf581056c4d4fdd9fed  ./srpms/kernel-2.4.23-3tr.src.rpm
d4c33e78d6d445419c0375cf847d01f0  ./rpms/kernel-utils-2.4.23-3tr.i586.rpm
48ff81d9a03a77e4f875c5a7260e8001  ./rpms/kernel-source-2.4.23-3tr.i586.rpm
ffdccc0e67d07cd8f0af89e7bc6c6f27  ./rpms/kernel-smp-2.4.23-3tr.i586.rpm
38566364225adfc7c007d42f50d8cdc3  ./rpms/kernel-firewallsmp-2.4.23-3tr.i586.rpm
8c04b18da1337768187b72aa624bc196  ./rpms/kernel-firewall-2.4.23-3tr.i586.rpm
d73cb52aa25892d9eab03090f5ec6cd2  ./rpms/kernel-doc-2.4.23-3tr.i586.rpm
7206d43149f8fa1b23d31dfa18387e08  ./rpms/kernel-BOOT-2.4.23-3tr.i586.rpm
97cbc7221af8904515eb728eeae34eeb  ./rpms/kernel-2.4.23-3tr.i586.rpm
- --------------------------------------------------------------------------


TSL Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/+YW+i8CEzsK9IksRAtIMAKCinbMfyABrMoRmG5Sm32k5+80IUQCgrKtR
NYvos8discldMQgmL5iQIis=
=SDI8
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.