Notified: January 05, 2004 Updated: August 19, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : kernel
SUMMARY : Fix for two vulnerabilities
DATE : 2004-01-05 13:46:00
ID : CLA-2004:799
RELEVANT
RELEASES : 8, 9 DESCRIPTION
The Linux kernel is responsible for handling the basic functions of
the GNU/Linux operating system. This announcement fixes two local vulnerabilities in the kernel
package: 1) mremap() local vulnerability (CAN-2003-0985[2])
Paul Starzetz
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 06, 2004 Updated: August 19, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Debian has published several advisories to address this vulnerability across multiple processor architectures. For further details, please see the document that corresponds to your processor architecture and kernel version: DSA-450-1 linux-kernel-2.4.19-mips -- several vulnerabilities DSA-442-1 linux-kernel-2.4.17-s390 -- several vulnerabilities DSA-440-1 linux-kernel-2.4.17-powerpc-apus -- several vulnerabilities DSA-439-1 linux-kernel-2.4.16-arm -- several vulnerabilities DSA-427-1 linux-kernel-2.4.17-mips+mipsel -- missing boundary check DSA-423-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities DSA-417-1 linux-kernel-2.4.18-powerpc+alpha -- missing boundary check DSA-413-2 linux-kernel-2.4.18 -- missing boundary check
Notified: January 05, 2004 Updated: August 19, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 | Guardian Digital Security Advisory January 05, 2003 |
| http://www.guardiandigital.com ESA-20040105-001 | | Package: kernel |
| Summary: bug and security fixes. EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats. OVERVIEW This update fixes two security issues and one critical bug in the Linux
Kernel shipped with EnGarde Secure Linux. A summary of the bugs fixed: * An EnGarde-specific memory leak in the LIDS code has been fixed. This memory leak could cause a machine, over time, to freeze up. * A security vulnerability in the mremap(2) system call was recently
discovered by Paul Starzetz. The incorrect bounds checking done
in this system call could be exploited by a local user to gain root
privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0985 to this issue. * A somewhat less critical vulnerability has been found in the Linux
RTC code. This vulnerability may leak small bits of arbitrary
kernel memory to user land. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0984 to this issue. Guardian Digital products affected by this issue include: EnGarde Secure Community 2
EnGarde Secure Professional v1.5 It is recommended that all users apply this update as soon as possible. SOLUTION Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool. To modify your GDSN account and contact preferences, please go to: https://www.guardiandigital.com/account/ REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Official Web Site of the Linux Kernel: http://www.kernel.org/ Guardian Digital Advisories: http://infocenter.guardiandigital.com/advisories/ Security Contact: security@guardiandigital.com Author: Ryan W. Maple
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 07, 2004 Updated: August 19, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrake Linux Security Update Advisory Package name: kernel
Advisory ID: MDKSA-2004:001
Date: January 7th, 2004 Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2 Problem Description: A flaw in bounds checking in mremap() in the Linux kernel versions
2.4.23 and previous was discovered by Paul Starzetz. This flaw may
be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC (real time clock) routines
was fixed as well. All Mandrake Linux users are encouraged to upgrade to these packages
immediately. To update your kernel, please follow the directions
located at: http://www.mandrakesecure.net/en/kernelupdate.php Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1)
and bootloader-utils (9.2) packages prior to upgrading the kernel as
they contain a fixed installkernel script that fixes instances where
the loop module was not being loaded and would cause mkinitrd to fail. Users requiring commercial NVIDIA drivers can find drivers for
Mandrake Linux 9.2 at MandrakeClub. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984 Updated Packages: Corporate Server 2.1: 344b324173b04d135c00072452203021 corporate/2.1/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
558b3f1e0ae41705a7e9d934d49947c4 corporate/2.1/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
6a06c2133a894e542caf6cedf72e6d89 corporate/2.1/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
45aaeb3cf17a0d59adfabf63e6d8de6f corporate/2.1/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
fd3c78a32146b808d3355e375e2a05b4 corporate/2.1/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
adc06d97e9468534ec14e330b102180c corporate/2.1/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm Corporate Server 2.1/x86_64: d3d77a7084d6d5a976a8a40285ba03b6 x86_64/corporate/2.1/RPMS/kernel-2.4.19.34mdk-1-1mdk.x86_64.rpm
b2bb6374e1f0e2db7ea9d3f13b4a0d6f x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.34mdk-1-1mdk.x86_64.rpm
216d6cfcc6a3409228d1a5161c6b0aeb x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.34mdk-1-1mdk.x86_64.rpm
780d0a110c2512006a4e9cb52afe463c x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-34mdk.x86_64.rpm
a1fb994e250ce11fc08e460dee0cddd5 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.34mdk-1-1mdk.src.rpm Mandrake Linux 9.0: 344b324173b04d135c00072452203021 9.0/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
558b3f1e0ae41705a7e9d934d49947c4 9.0/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
6a06c2133a894e542caf6cedf72e6d89 9.0/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
45aaeb3cf17a0d59adfabf63e6d8de6f 9.0/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
fd3c78a32146b808d3355e375e2a05b4 9.0/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
adc06d97e9468534ec14e330b102180c 9.0/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm Mandrake Linux 9.1: 2bde1321f95b49fa456ade29d03f0212 9.1/RPMS/initscripts-7.06-12.3.91mdk.i586.rpm
7e6a48635fc44714dd4efdd5714c1968 9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.i586.rpm
f901e50a01fb020f31102a2cf494e817 9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.i586.rpm
10c60ba7a25f1e7b3ea1f19636afcc6b 9.1/RPMS/kernel-secure-2.4.21.0.27mdk-1-1mdk.i586.rpm
6270d3d1ce00b5d85931145e1b27f8a4 9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.i586.rpm
165628ae2d42c0f2f9bf894d3e9fc432 9.1/RPMS/kernel-source-2.4.21-0.27mdk.i586.rpm
8cfd6b274467b7165bd5985805254567 9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
b6cd338f787dc5062763004afa45e623 9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm Mandrake Linux 9.1/PPC: 08ec2073354e8d64ebf81a79cd5bc319 ppc/9.1/RPMS/initscripts-7.06-12.3.91mdk.ppc.rpm
84f9d61c4b504c6ccce1f87344d96692 ppc/9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.ppc.rpm
b389e5b0bffa3e166c2960d8e032fab1 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.ppc.rpm
0c0fd519aba807c43c78b89360ff26b1 ppc/9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.ppc.rpm
feec3693688aedea8defd75da9cf6919 ppc/9.1/RPMS/kernel-source-2.4.21-0.27mdk.ppc.rpm
8cfd6b274467b7165bd5985805254567 ppc/9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
b6cd338f787dc5062763004afa45e623 ppc/9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm Mandrake Linux 9.2: dbae8a701a027e2a0aeb524643d3cdee 9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.i586.rpm
2f9b2ed7be3388932bbc319611a0b8b7 9.2/RPMS/kernel-2.4.22.26mdk-1-1mdk.i586.rpm
b2f4fe01031d1bf8d26ea6c408be63f8 9.2/RPMS/kernel-enterprise-2.4.22.26mdk-1-1mdk.i586.rpm
e0dc38c45880e6732a50feba5470eaac 9.2/RPMS/kernel-i686-up-4GB-2.4.22.26mdk-1-1mdk.i586.rpm
f4c5098f1ef165692963956fbc844690 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.26mdk-1-1mdk.i586.rpm
957ea9608c9e6488185e1d5b19d615e2 9.2/RPMS/kernel-secure-2.4.22.26mdk-1-1mdk.i586.rpm
6c9bc5e4353a8f336a4bfe928a79bd13 9.2/RPMS/kernel-smp-2.4.22.26mdk-1-1mdk.i586.rpm
8068ecb61313e6157811dbb8fe0f46a1 9.2/RPMS/kernel-source-2.4.22-26mdk.i586.rpm
664a1994ee4c0d90df8f9341afa5b818 9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
4d92e02dee3945e4b7476ba4bba9bf6d 9.2/SRPMS/kernel-2.4.22.26mdk-1-1mdk.src.rpm Mandrake Linux 9.2/AMD64: 603219ea9ca09a9283c98ebfaab3c1ba amd64/9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.amd64.rpm
2d44e7cd4ff2148e3b9e548fd1beec59 amd64/9.2/RPMS/kernel-2.4.22.27mdk-1-1mdk.amd64.rpm
e98224df11f1c5f8c2432457e1e4a004 amd64/9.2/RPMS/kernel-secure-2.4.22.27mdk-1-1mdk.amd64.rpm
0dd710693b0df96ac6b1e68c5f5ad7c9 amd64/9.2/RPMS/kernel-smp-2.4.22.27mdk-1-1mdk.amd64.rpm
d3b57b8dd9a19a6b4ed2f8f01cfeb75f amd64/9.2/RPMS/kernel-source-2.4.22-27mdk.amd64.rpm
664a1994ee4c0d90df8f9341afa5b818 amd64/9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
945e4f9405fcccac6a844a86109b74b6 amd64/9.2/SRPMS/kernel-2.4.22.27mdk-1-1mdk.src.rpm Multi Network Firewall 8.2: 15023427ad0c65e0607e217778bc6672 mnf8.2/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
adc06d97e9468534ec14e330b102180c mnf8.2/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing: gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98 Please be aware that sometimes it takes the mirrors a few hours to
update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 05, 2004 Updated: August 19, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Red Hat Security Advisory Synopsis: Updated kernel resolves security vulnerability
Advisory ID: RHSA-2003:417-01
Issue date: 2004-01-05
Updated on: 2004-01-05
Product: Red Hat Linux
Keywords: Cross references: Obsoletes: CVE Names: CAN-2003-0984 CAN-2003-0985 1. Topic: Updated kernel packages are now available that fix a security
vulnerability which may allow local users to gain root privileges. 2. Relevant releases/architectures: Red Hat Linux 7.1 - athlon, i386, i586, i686
Red Hat Linux 7.2 - athlon, i386, i586, i686
Red Hat Linux 7.3 - athlon, i386, i586, i686
Red Hat Linux 8.0 - athlon, i386, i586, i686
Red Hat Linux 9 - athlon, i386, i586, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux
kernel versions 2.4.23 and previous which may allow a local attacker to
gain root privileges. No exploit is currently available; however, it is
believed that this issue is exploitable (although not trivially.) The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0985 to this issue. All users are advised to upgrade to these errata packages, which contain a
backported security patch that corrects this issue. Red Hat would like to thank Paul Starzetz from ISEC for disclosing this
issue as well as Andrea Arcangeli and Solar Designer for working on the patch. These packages also contain a fix for a minor information leak in the real
time clock (rtc) routines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0984 to this issue. We have provided kernel updates for Red Hat Linux 7.1-8.0 with this
advisory as these were prepared by us prior to December 31 2003. Please
note that Red Hat Linux 7.1, 7.2, 7.3, and 8.0 have reached their end of
life for errata support and no further errata will be issued for those
distributions. 4. Solution: Before applying this update, make sure all previously released errata
relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs. Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 90338 - (TUX)password incorrectly parsed + patch to fix the problem 6. RPMs required: Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm athlon: ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm i586: ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-28.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm i686: ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm athlon: ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm i586: ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-28.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm i686: ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm athlon: ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm i586: ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-28.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm i686: ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm Red Hat Linux 8.0: SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-28.8.src.rpm athlon: ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-28.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-28.8.athlon.rpm i386: ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-28.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-28.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-28.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-28.8.i386.rpm i586: ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-28.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-28.8.i586.rpm i686: ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-28.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-28.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-28.8.i686.rpm Red Hat Linux 9: SRPMS: ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-28.9.src.rpm athlon: ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-28.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-28.9.athlon.rpm i386: ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-28.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-28.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-28.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-28.9.i386.rpm i586: ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-28.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-28.9.i586.rpm i686: ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-28.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-28.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-28.9.i686.rpm 7. Verification: MD5 sum Package Name 6f37a0c884be50f702665dd418e7d8a5 7.1/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm
85dabb948243fcd96fed1946217b3259 7.1/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ba80fcbe3237ece886506446413d6330 7.1/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
a4b2cd2ad6acb98c045a0644add55ef8 7.1/en/os/i386/kernel-2.4.20-28.7.i386.rpm
46cbf5df2050e923343be59c26eb5714 7.1/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
9e64a9b15edc09d4a0f75513445f4021 7.1/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
dbc9c6aa900467f4182306545d3bed81 7.1/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
46325c861ee83b2f679b9f8563f2e441 7.1/en/os/i586/kernel-2.4.20-28.7.i586.rpm
51ede5686dc0997c76a14d523e057e67 7.1/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm
ab86ca21757966e2f49d58438b26253a 7.1/en/os/i686/kernel-2.4.20-28.7.i686.rpm
78229375349f57c62f0f1837770cc3f0 7.1/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
4321ad444747e8e3ebf6e7576b08d6db 7.1/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
6f37a0c884be50f702665dd418e7d8a5 7.2/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm
85dabb948243fcd96fed1946217b3259 7.2/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ba80fcbe3237ece886506446413d6330 7.2/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
a4b2cd2ad6acb98c045a0644add55ef8 7.2/en/os/i386/kernel-2.4.20-28.7.i386.rpm
46cbf5df2050e923343be59c26eb5714 7.2/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
9e64a9b15edc09d4a0f75513445f4021 7.2/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
dbc9c6aa900467f4182306545d3bed81 7.2/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
46325c861ee83b2f679b9f8563f2e441 7.2/en/os/i586/kernel-2.4.20-28.7.i586.rpm
51ede5686dc0997c76a14d523e057e67 7.2/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm
ab86ca21757966e2f49d58438b26253a 7.2/en/os/i686/kernel-2.4.20-28.7.i686.rpm
78229375349f57c62f0f1837770cc3f0 7.2/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
4321ad444747e8e3ebf6e7576b08d6db 7.2/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
6f37a0c884be50f702665dd418e7d8a5 7.3/en/os/SRPMS/kernel-2.4.20-28.7.src.rpm
85dabb948243fcd96fed1946217b3259 7.3/en/os/athlon/kernel-2.4.20-28.7.athlon.rpm
ba80fcbe3237ece886506446413d6330 7.3/en/os/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
a4b2cd2ad6acb98c045a0644add55ef8 7.3/en/os/i386/kernel-2.4.20-28.7.i386.rpm
46cbf5df2050e923343be59c26eb5714 7.3/en/os/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
9e64a9b15edc09d4a0f75513445f4021 7.3/en/os/i386/kernel-doc-2.4.20-28.7.i386.rpm
dbc9c6aa900467f4182306545d3bed81 7.3/en/os/i386/kernel-source-2.4.20-28.7.i386.rpm
46325c861ee83b2f679b9f8563f2e441 7.3/en/os/i586/kernel-2.4.20-28.7.i586.rpm
51ede5686dc0997c76a14d523e057e67 7.3/en/os/i586/kernel-smp-2.4.20-28.7.i586.rpm
ab86ca21757966e2f49d58438b26253a 7.3/en/os/i686/kernel-2.4.20-28.7.i686.rpm
78229375349f57c62f0f1837770cc3f0 7.3/en/os/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
4321ad444747e8e3ebf6e7576b08d6db 7.3/en/os/i686/kernel-smp-2.4.20-28.7.i686.rpm
7ff4997770e18fd8dfa94dde6ccd9f05 8.0/en/os/SRPMS/kernel-2.4.20-28.8.src.rpm
69096d7bf580f241c2774a75d19a4f6b 8.0/en/os/athlon/kernel-2.4.20-28.8.athlon.rpm
07cc69196376c7cbcad2c4a93aff0be0 8.0/en/os/athlon/kernel-smp-2.4.20-28.8.athlon.rpm
a97ba9aea863b5b49f26259f105e8d8f 8.0/en/os/i386/kernel-2.4.20-28.8.i386.rpm
ab4eac1f8c255a9d70808469e46e918c 8.0/en/os/i386/kernel-BOOT-2.4.20-28.8.i386.rpm
210eb290286bb696f94e9ebe5399d67e 8.0/en/os/i386/kernel-doc-2.4.20-28.8.i386.rpm
312b7e646dc4825617d3a9b485957c67 8.0/en/os/i386/kernel-source-2.4.20-28.8.i386.rpm
90ddcdf7660107c2e297bd2531b4a544 8.0/en/os/i586/kernel-2.4.20-28.8.i586.rpm
25692d7064ab7bc55a17c53ee24e9d3d 8.0/en/os/i586/kernel-smp-2.4.20-28.8.i586.rpm
91ca2b2685cf6c5e0b8d1b9043865bea 8.0/en/os/i686/kernel-2.4.20-28.8.i686.rpm
3fecc24946697e5dd0428df38cbb2198 8.0/en/os/i686/kernel-bigmem-2.4.20-28.8.i686.rpm
40d954506e1b0ad60c7f150d76872ec5 8.0/en/os/i686/kernel-smp-2.4.20-28.8.i686.rpm
5eb1ef7c29f3bd5e3afb9c41d5f688e5 9/en/os/SRPMS/kernel-2.4.20-28.9.src.rpm
954a8afbe2216769a4aaa5b0b597612f 9/en/os/athlon/kernel-2.4.20-28.9.athlon.rpm
198dfae0a67d9aa91f367e90e1a264c7 9/en/os/athlon/kernel-smp-2.4.20-28.9.athlon.rpm
a398b7f0a741ab95ab0b66929c48dc95 9/en/os/i386/kernel-2.4.20-28.9.i386.rpm
e394c681c64e22a94ed22dd8a510aad0 9/en/os/i386/kernel-BOOT-2.4.20-28.9.i386.rpm
8355d266e3c354e97099add60ea25331 9/en/os/i386/kernel-doc-2.4.20-28.9.i386.rpm
12ad6c3ad16ddee2ad6c3ba579005a9d 9/en/os/i386/kernel-source-2.4.20-28.9.i386.rpm
0047dac37b4f888e53b5b304524b795d 9/en/os/i586/kernel-2.4.20-28.9.i586.rpm
08a3391dcb7f5532310ce234d2570bd0 9/en/os/i586/kernel-smp-2.4.20-28.9.i586.rpm
6cdbe7002a6834dc1aa27cc5f47ba5a7 9/en/os/i686/kernel-2.4.20-28.9.i686.rpm
3788274eba272ef23704bec4cb19e4af 9/en/os/i686/kernel-bigmem-2.4.20-28.9.i686.rpm
d9fe2e46b08f596e19a49ae724d2db5a 9/en/os/i686/kernel-smp-2.4.20-28.9.i686.rpm These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 22, 2004 Updated: March 16, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SGI has published two advisories to address this vulnerability. For more information, please see: ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc
Notified: January 06, 2004 Updated: March 16, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Slackware has published several advisories to address this vulnerability. For further information, please see: http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.757729 http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.458438 http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911
Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 05, 2004 Updated: August 19, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SuSE has published Security Announcements SuSE-SA:2004:001 and SuSE-SA:2004:003 to address this vulnerability.
Notified: January 05, 2004 Updated: March 09, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Trustix Secure Linux Security Advisory #2004-0001 Package name: kernel
Summary: mremap fix
Date: 2004-01-05
Affected versions: TSL 2.0 Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc. Problem description: The kernel packages prior to this update suffers from a bug in the mremap
function. This issue is fixed in this update. We have also fixed some minor
bugs in the structure of the packages. Action: We recommend that all systems with this package installed be upgraded. Location: All TSL updates are available from
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 06, 2004 Updated: March 09, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 This is an announcement only email list for the x86 architecture. Turbolinux Security Announcement 06/Jan/2004 The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center
http://www.turbolinux.com/security/ (1) kernel -> kernel mremap vulnerability * kernel -> kernel mremap vulnerability More information : The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system. The kernel handles the basic functions of the operating system. The Linux memory management subsystem (mremap) isssue have been discovered in Kernel2.4. Impact : The local users may be able to gain root privileges. Affected Products : - Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation Solution : Please use turbopkg(zabom) tool to apply the update. # turbopkg
or
# zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 28, 2004 Updated: March 16, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
VMware has published multiple advisories to address this vulnerability. For more information, see: http://www.vmware.com/download/esx/esx201-6991update.html http://www.vmware.com/download/esx/esx20-6992update.html http://www.vmware.com/download/esx/esx152-6994update.html
Notified: March 16, 2004 Updated: August 19, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.