Slackware Information for VU#973654

Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"



Vendor Statement

Hash: SHA1

[slackware-security]  kernel DoS (SSA:2004-167-01)

New kernel packages are available for Slackware 8.1, 9.0, 9.1,
and -current to fix a denial of service security issue.  Without
a patch to asm-i386/i387.h, a local user can crash the machine.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

Here are the details from the Slackware 9.1 ChangeLog:
Tue Jun 15 02:11:41 PDT 2004
patches/packages/kernel-ide-2.4.26-i486-3.tgz:  Patched local DoS
 (CAN-2004-0554).  Without this patch to asm-i386/i387.h a local user
 can crash the kernel.
 (* Security fix *)
patches/packages/kernel-source-2.4.26-noarch-2.tgz:  Patched local DoS
 (CAN-2004-0554).  The new patch can be found here, too:
 (* Security fix *)
patches/kernels/*:  Patched local DoS (CAN-2004-0554).
 (* Security fix *)

Where to find the new packages:

Updated packages for Slackware 8.1:

Updated packages for Slackware 9.0:

Updated packages for Slackware 9.1:

Updated packages for Slackware -current:

Just the patch for 2.4.x kernels:
77d9eb0640f07df4167aaa53e0b42e2e  CAN-2004-0554.i387.fnclex.diff.gz

Just the patch for 2.6.x kernels:
e453d64187eac2216bebf85d72449fcb  CAN-2004-0554.i387.fnclex.diff.gz

MD5 signatures:

Slackware 8.1 packages:
8bbced2d1f09d033de89ae5957427a25  kernel-ide-2.4.18-i386-6.tgz
050aa2dd8d38f0ba3de2fca621eb13c9  kernel-source-2.4.18-noarch-7.tgz

Slackware 9.0 packages:
21dbafdcf32d84c22daddc349a719420  kernel-ide-2.4.21-i486-4.tgz
56ca0fbf5778283a1d9a76a278cb7cf5  kernel-source-2.4.21-noarch-4.tgz

Slackware 9.1 packages:
614b79763721126939569f235d4524d6  kernel-ide-2.4.26-i486-3.tgz
43681f735928641a2b5fc786604bca77  kernel-source-2.4.26-noarch-2.tgz

Slackware -current packages:
7a19720356937bcc0f360b8b158a1419  kernel-ide-2.4.26-i486-4.tgz
c0d2d8b2977d5c86d100fe02a8c2681b  kernel-headers-2.4.26-i386-3.tgz
8fbb66feb2d108baa6af6a895fc7f49a  kernel-source-2.4.26-noarch-4.tgz
91ccc5ff7a5be15afdee86a60c6b408d  kernel-generic-2.6.6-i486-5.tgz
bdcb17009e79bb375dad7fecdd7e60ae  kernel-headers-2.6.6-i386-3.tgz
ed7c1e42f537414db8cd4dda8e2e9077  kernel-source-2.6.6-noarch-3.tgz

Installation instructions:

Use upgradepkg to install the new packages.
After installing the kernel-ide package you will need to run lilo ('lilo'
at a command prompt) or create a new system boot disk ('makebootdisk'), and

If desired, a kernel from the kernels/ directory may be used instead.  For
example, to use the kernel in kernels/scsi.s/, you would copy it to the
boot directory like this:

cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.26

Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz

Then, run 'lilo' or create a new system boot disk and reboot.


Slackware Linux Security Team

| To leave the slackware-security mailing list:                          |
| Send an email to with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |

Version: GnuPG v1.2.4 (GNU/Linux)


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.