Guardian Digital Inc. Information for VU#973654

Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| Guardian Digital Security Advisory                       June 21, 2004 |
| http://www.guardiandigital.com                        ESA-20040621-005 |
|                                                                        |
| Package: kernel                                                        |
| Summary: Several vulnerabilities.                                      |
+------------------------------------------------------------------------+

 EnGarde Secure Linux is an enterprise class Linux platform engineered
 to enable corporations to quickly and cost-effectively build a complete
 and secure Internet presence while preventing Internet threats.

OVERVIEW
- --------
 This update fixes several security vulnerabilities in the Linux Kernel
 shipped with EnGarde Secure Linux, most notably the "fsave/frstor"
 vulnerability (CAN-2004-0554) and an information leak in the e1000
 driver (CAN-2004-0535).

 Guardian Digital products affected by this issue include:

   EnGarde Secure Community 2
   EnGarde Secure Professional v1.5

 It is recommended that all users apply this update as soon as possible.

SOLUTION
- --------
 Guardian Digital Secure Network subscribers may automatically update
 affected systems by accessing their account from within the Guardian
 Digital WebTool.

 To modify your GDSN account and contact preferences, please go to:

   https://www.guardiandigital.com/account/

REFERENCES
- ----------
 Guardian Digital's public key:
   http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

 Official Web Site of the Linux Kernel:
   http://www.kernel.org/

 Guardian Digital Advisories:
   http://infocenter.guardiandigital.com/advisories/

 Security Contact: security@guardiandigital.com

- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2004, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFA1xEMHD5cqd57fu0RAimkAJ91QQbdq0KTPMApdbuBk0W4VaHQUQCfXTgV
CEwu6/nwrjKh4msuRNWV4g0=
=plmV
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.