Notified: June 15, 2004 Updated: June 16, 2004
Not Affected
Apple products are not affected by the issue reported in Vulnerability Note VU#973654.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: August 18, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : kernel SUMMARY : Fixes for kernel vulnerabilities DATE : 2004-06-22 10:12:00 ID : CLA-2004:845 RELEVANT RELEASES : 8, 9 DESCRIPTION The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. This announcement fixes the following vulnerabilities: 1. Local denial of service vulnerability (CAN-2004-0554[1]) Stian Skjelstad found[2] a vulnerability[1] in the fpu controller code that can be used by local attackers to cause a denial of service (DoS) on the system. 2. Local memory disclosure vulnerability (CAN-2004-0535[3]) Chris Wright found a vulnerability[3] in the Intel(R) PRO/1000 ethernet card driver that could allow a local attacker to read some bytes of kernel memory. 3. Sparse vulnerabilities (CAN-2004-0495[4]) Al Viro, by using Sparse[5] (a code inspection tool), found several vulnerabilities which, in the worst case, might allow local attackers to obtain root privileges. SOLUTION It is recommended that all Conectiva Linux users upgrade the kernel package. IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 9 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed). Generic kernel update instructions can be obtained in the manuals and in our updates page[6]. More detailed instructions are also available in Portuguese at our Moin[7] page. REFERENCES: 1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 2.http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 5.http://sparse.bkbits.net:8080/sparse/ 6.https://moin.conectiva.com.br/UpdatingKernelPackages 7.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_22cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/devfsd-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_22cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_16cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_16cl.i386.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en Copyright (c) 2004 Conectiva Inc. http://www.conectiva.com subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFA2DCq42jd0JmAcZARAg49AJ9sqVjI/FsSEeWfws1iPyJ0szUIPgCfZ9kw y6YY+kD2FTucN7+WNLkZZKg= =NSse -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: August 18, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 | Guardian Digital Security Advisory June 21, 2004 |
| http://www.guardiandigital.com ESA-20040621-005 | | Package: kernel |
| Summary: Several vulnerabilities. EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats. OVERVIEW This update fixes several security vulnerabilities in the Linux Kernel
shipped with EnGarde Secure Linux, most notably the "fsave/frstor"
vulnerability (CAN-2004-0554) and an information leak in the e1000
driver (CAN-2004-0535). Guardian Digital products affected by this issue include: EnGarde Secure Community 2
EnGarde Secure Professional v1.5 It is recommended that all users apply this update as soon as possible. SOLUTION Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool. To modify your GDSN account and contact preferences, please go to: https://www.guardiandigital.com/account/ REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Official Web Site of the Linux Kernel: http://www.kernel.org/ Guardian Digital Advisories: http://infocenter.guardiandigital.com/advisories/ Security Contact: security@guardiandigital.com Author: Ryan W. Maple
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: August 18, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrakelinux Security Update Advisory Package name: kernel
Advisory ID: MDKSA-2004:062
Date: June 23rd, 2004 Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2 Problem Description: A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and
earlier was discovered by Chris Wright. The e1000 driver does not
properly reset memory or restrict the maximum length of a data
structure, which can allow a local user to read portions of kernel
memory (CAN-2004-0535). A vulnerability was also discovered in the kernel were a certain C
program would trigger a floating point exception that would crash the
kernel. This vulnerability can only be triggered locally by users with
shell access (CAN-2004-0554). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554
http://www.kb.cert.org/vuls/id/973654 Updated Packages: Mandrakelinux 10.0: 4d206822c79940210133a7480d21e3df 10.0/RPMS/kernel-2.4.25.6mdk-1-1mdk.i586.rpm
68bcd25169105b157075c49ae1afc652 10.0/RPMS/kernel-2.6.3.14mdk-1-1mdk.i586.rpm
abf8ad1259bf4f92a49e36dfcf3c9c39 10.0/RPMS/kernel-enterprise-2.4.25.6mdk-1-1mdk.i586.rpm
312e78a0c775dbb7b9cbef0d99a04fcd 10.0/RPMS/kernel-enterprise-2.6.3.14mdk-1-1mdk.i586.rpm
e488a38369863ce174eedaf556cb3b89 10.0/RPMS/kernel-i686-up-4GB-2.4.25.6mdk-1-1mdk.i586.rpm
4793fe40b2af0fdd5864f72db0615e50 10.0/RPMS/kernel-i686-up-4GB-2.6.3.14mdk-1-1mdk.i586.rpm
762657bdede72b9a35acb17b395ee1ff 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.6mdk-1-1mdk.i586.rpm
20aef99ab5994559227cbd7010d24e3a 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.14mdk-1-1mdk.i586.rpm
08196ea86336c42d850916038a6b40ba 10.0/RPMS/kernel-secure-2.6.3.14mdk-1-1mdk.i586.rpm
98edb621bf6194742b9f4acf41ac798a 10.0/RPMS/kernel-smp-2.4.25.6mdk-1-1mdk.i586.rpm
97b43a5beecc427cec5339f7b230937b 10.0/RPMS/kernel-smp-2.6.3.14mdk-1-1mdk.i586.rpm
c61995bd80f09c18d644b63574830564 10.0/RPMS/kernel-source-2.4.25-6mdk.i586.rpm
a595b55173adb08a6ee525aba7a11bcf 10.0/RPMS/kernel-source-2.6.3-14mdk.i586.rpm
356ca3809548835c8d1543b1c5bd2c78 10.0/RPMS/kernel-source-stripped-2.6.3-14mdk.i586.rpm
84c88cb9db5910bf541d69d041d146a2 10.0/SRPMS/kernel-2.4.25.6mdk-1-1mdk.src.rpm
7dd3f9640e29fd2365338e6350d38ef8 10.0/SRPMS/kernel-2.6.3.14mdk-1-1mdk.src.rpm Mandrakelinux 10.0/AMD64: 0bbe2751bf80eb4cd0b62d577e580c44 amd64/10.0/RPMS/kernel-2.4.25.6mdk-1-1mdk.amd64.rpm
2ed3cdb8d1d5a9da83e068c4be01f91f amd64/10.0/RPMS/kernel-2.6.3.14mdk-1-1mdk.amd64.rpm
aa4eee1b7d2e75100e9fac4f60484c2d amd64/10.0/RPMS/kernel-secure-2.6.3.14mdk-1-1mdk.amd64.rpm
6c68464ee6a8f8e6abfd4aec1bc01c2a amd64/10.0/RPMS/kernel-smp-2.4.25.6mdk-1-1mdk.amd64.rpm
acc109c127a3c52cf1d2e0f86834a62a amd64/10.0/RPMS/kernel-smp-2.6.3.14mdk-1-1mdk.amd64.rpm
fdd0f9614d7fe27508319c021e83a41e amd64/10.0/RPMS/kernel-source-2.4.25-6mdk.amd64.rpm
dfc6b8544787e556a30d1165cce8bfbc amd64/10.0/RPMS/kernel-source-2.6.3-14mdk.amd64.rpm
23f827e67259b79381a9e8dd454880fa amd64/10.0/RPMS/kernel-source-stripped-2.6.3-14mdk.amd64.rpm
84c88cb9db5910bf541d69d041d146a2 amd64/10.0/SRPMS/kernel-2.4.25.6mdk-1-1mdk.src.rpm
7dd3f9640e29fd2365338e6350d38ef8 amd64/10.0/SRPMS/kernel-2.6.3.14mdk-1-1mdk.src.rpm Corporate Server 2.1: 46927be757f70a59c86cdf11b3e43c92 corporate/2.1/RPMS/kernel-2.4.19.41mdk-1-1mdk.i586.rpm
d08b40244502502acadf9ba1b0e9762b corporate/2.1/RPMS/kernel-enterprise-2.4.19.41mdk-1-1mdk.i586.rpm
66749baa06773ce3942e2f770140502c corporate/2.1/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.i586.rpm
32a44dfa574bbbc50d316a5c8a4ef6ba corporate/2.1/RPMS/kernel-smp-2.4.19.41mdk-1-1mdk.i586.rpm
40213434e41fefe88d20f4231a1f9734 corporate/2.1/RPMS/kernel-source-2.4.19-41mdk.i586.rpm
60c9941aba0d698ad72f9d2308433b1c corporate/2.1/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm Corporate Server 2.1/x86_64: db88d345b01e85d2c6cfb01f1e28c3f1 x86_64/corporate/2.1/RPMS/kernel-2.4.19.42mdk-1-1mdk.x86_64.rpm
eaa43fee45b287b47e59a17206040308 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.42mdk-1-1mdk.x86_64.rpm
88db1fa53a907a7ae59b561501053963 x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.42mdk-1-1mdk.x86_64.rpm
a63ab72190d8214f8e242fe298c49a41 x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-42mdk.x86_64.rpm
b175ee4e191ff0f4098793413dd63c71 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.42mdk-1-1mdk.src.rpm Mandrakelinux 9.1: 71a8d1ae72fb050e3f4a07fcecf2f6f6 9.1/RPMS/kernel-2.4.21.0.31mdk-1-1mdk.i586.rpm
30998cdc47a6005198d7bff758c15fa8 9.1/RPMS/kernel-enterprise-2.4.21.0.31mdk-1-1mdk.i586.rpm
2d50a264c7578cb525ffef5b9c6c256c 9.1/RPMS/kernel-secure-2.4.21.0.31mdk-1-1mdk.i586.rpm
d380dafaea573b0f8d135f442ac84085 9.1/RPMS/kernel-smp-2.4.21.0.31mdk-1-1mdk.i586.rpm
fef500ffec1c0ec7e63daa040cea2d3e 9.1/RPMS/kernel-source-2.4.21-0.31mdk.i586.rpm
f3c09dcecb57b158e7e064b58be290fc 9.1/SRPMS/kernel-2.4.21.0.31mdk-1-1mdk.src.rpm Mandrakelinux 9.1/PPC: 0ae9dba70be3135ed2d58b18744d5c88 ppc/9.1/RPMS/kernel-2.4.21.0.31mdk-1-1mdk.ppc.rpm
32c60b01cdc16a585ddd75c00f0f1b99 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.31mdk-1-1mdk.ppc.rpm
444be2eb864edc3e71de2a80ff1707c5 ppc/9.1/RPMS/kernel-smp-2.4.21.0.31mdk-1-1mdk.ppc.rpm
0defa0d78d83de206b45d3e0f6f8c6b2 ppc/9.1/RPMS/kernel-source-2.4.21-0.31mdk.ppc.rpm
f3c09dcecb57b158e7e064b58be290fc ppc/9.1/SRPMS/kernel-2.4.21.0.31mdk-1-1mdk.src.rpm Mandrakelinux 9.2: f8d407d6b8c33d23e1869b192d86c581 9.2/RPMS/kernel-2.4.22.35mdk-1-1mdk.i586.rpm
eb13e94eb20684ac0a28d61f06f7d55b 9.2/RPMS/kernel-enterprise-2.4.22.35mdk-1-1mdk.i586.rpm
ed513e7698ee869227bb178239e4fd6b 9.2/RPMS/kernel-i686-up-4GB-2.4.22.35mdk-1-1mdk.i586.rpm
19382a345801c54d057569d4cd238457 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.35mdk-1-1mdk.i586.rpm
1eff108d820b8eaaf4aa30dc57037e38 9.2/RPMS/kernel-secure-2.4.22.35mdk-1-1mdk.i586.rpm
554f24dd143cef8e46db249210ee6698 9.2/RPMS/kernel-smp-2.4.22.35mdk-1-1mdk.i586.rpm
0e4a8b55bfc63b9c69bd3ffcbf36deb3 9.2/RPMS/kernel-source-2.4.22-35mdk.i586.rpm
9aada28aa2b9f835d3dc4cc30f856ca6 9.2/SRPMS/kernel-2.4.22.35mdk-1-1mdk.src.rpm Mandrakelinux 9.2/AMD64: 445f0184ca8c02e0a3f915408c6e8f2c amd64/9.2/RPMS/kernel-2.4.22.35mdk-1-1mdk.amd64.rpm
dc7be7702ba82ca3e5e1c5c07ec5a7a7 amd64/9.2/RPMS/kernel-secure-2.4.22.35mdk-1-1mdk.amd64.rpm
7249a64585c3fdb4e0c819274ffa5d6b amd64/9.2/RPMS/kernel-smp-2.4.22.35mdk-1-1mdk.amd64.rpm
36684fff4f1d13784af9d539df01ba67 amd64/9.2/RPMS/kernel-source-2.4.22-35mdk.amd64.rpm
9aada28aa2b9f835d3dc4cc30f856ca6 amd64/9.2/SRPMS/kernel-2.4.22.35mdk-1-1mdk.src.rpm Multi Network Firewall 8.2: fdd6ea13be5777eb4ac69ae4a15149eb mnf8.2/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.i586.rpm
60c9941aba0d698ad72f9d2308433b1c mnf8.2/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: August 18, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Red Hat Security Advisory Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: RHSA-2004:255-01
Issue date: 2004-06-17
Updated on: 2004-06-17
Product: Red Hat Enterprise Linux
Keywords: Cross references: Obsoletes: RHSA-2004:188
CVE Names: CAN-2004-0427 CAN-2004-0495 CAN-2004-0554 1. Topic: Updated kernel packages for Red Hat Enterprise Linux 3 that fix security
vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64
that allowed local users to cause a denial of service (system crash) by
triggering a signal handler with a certain sequence of fsave and frstor
instructions. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Another flaw was discovered in an error path supporting the clone()
system call that allowed local users to cause a denial of service
(memory leak) by passing invalid arguments to clone() running in an
infinite loop of a user's program. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0427
to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the
Sparse source code checking tool to check for a certain class of kernel
bugs. A subset of these fixes also applies to various drivers in the 2.4
kernel. Although the majority of these resides in drivers unsupported in
Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or
access to kernel memory. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum. These packages contain
backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata
relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs. Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 125794 - CAN-2004-0554 local user can get the kernel to hang
125901 - [PATCH] CAN-2004-0554: FPU exception handling local DoS
125968 - last RH kernel affected bug
126121 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm ppc64: Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ppc64.rpm ppc64iseries: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm ppc64pseries: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm s390: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm s390x: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390x.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390x.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390x.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 7. Verification: MD5 sum Package Name 05b0bcb454ac5454479481d0288fbf20 kernel-2.4.21-15.0.2.EL.athlon.rpm
a3073219b60cbb7ce447a22e5103e097 kernel-2.4.21-15.0.2.EL.i686.rpm
90dabcf0bb591756e5f04f397cf8a156 kernel-2.4.21-15.0.2.EL.ia32e.rpm
24ddfb9f957028d3bbc5cfff2b25bc67 kernel-2.4.21-15.0.2.EL.ia64.rpm
495a1c8f85e0e237643fd2e3f89ddaed kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm
6ad188ae0c61a077dede364c59448f61 kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm
1b9d329e2b074616239a91fd967871c8 kernel-2.4.21-15.0.2.EL.s390.rpm
a8bab06e561ac8b6ab473b4e722a570b kernel-2.4.21-15.0.2.EL.s390x.rpm
669d77609b1c47ff49c939c1ea7bbc45 kernel-2.4.21-15.0.2.EL.src.rpm
13aabc1c96dfee65f73246051a955ba8 kernel-2.4.21-15.0.2.EL.x86_64.rpm
4635f8c6555f3b3e52feb9444b2e230d kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm
6cf6c39a83dfe7cca9c9a79f02dc3fa8 kernel-doc-2.4.21-15.0.2.EL.i386.rpm
cc60f06bdd3ad6a05040df8ba40d41a1 kernel-doc-2.4.21-15.0.2.EL.ia64.rpm
3f21dd578af78ed576c7cbf6e17a3f16 kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm
5e27cc65020dbb1c92368e79c3edcbe6 kernel-doc-2.4.21-15.0.2.EL.s390.rpm
860944b6a4e8384a0b344dc96ea48b6d kernel-doc-2.4.21-15.0.2.EL.s390x.rpm
608d072210521af17c455f7754a6e352 kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm
6c8dad84abc4dd1892c9dc862c329273 kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm
426c517d35a53546138b0d72a0515909 kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm
96eb477ac938da01b729b5ac5ed36e3b kernel-smp-2.4.21-15.0.2.EL.athlon.rpm
bece09ba4a651196758380372dc4c593 kernel-smp-2.4.21-15.0.2.EL.i686.rpm
82154d7551d6e4947af70b3044c9d4d2 kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm
9d24273cc70bb6be810984cb3f3d0a36 kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm
775338e099c3bdf36a586d29e55dbd3e kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm
8fde60be45154b7722893feb65506f42 kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm
3c690c54909996d3bba3da7c8d8f894a kernel-source-2.4.21-15.0.2.EL.i386.rpm
a8fc2a1042ee3e580881b50c97a3241d kernel-source-2.4.21-15.0.2.EL.ia64.rpm
937a05a7666f14f95d20be19fc461f05 kernel-source-2.4.21-15.0.2.EL.ppc64.rpm
282bb4f0e5bfbec228a742ab6666665d kernel-source-2.4.21-15.0.2.EL.s390.rpm
6e9628389fa69aafc9c910e4b37a425a kernel-source-2.4.21-15.0.2.EL.s390x.rpm
44be30f820be806621b47786ebff1844 kernel-source-2.4.21-15.0.2.EL.x86_64.rpm
17f10f04cffc9751afb1499aaff00fdc kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm
89ee51cb60f7a1f34e66cbb16abcba07 kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm
144943d76b23470572326c84b57c0dd9 kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm
60e5c1f1efa438a658b12e16543214cd kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm
57f0111e6443fd5a39099731cc0856e8 kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm
22f38c0c1abee45e0ac24caa19e06311 kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm
8f67e244ba867a103e6b211d3d0d1fba kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm
3522c33c18eb876b5033ef12398707fe kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm
aa060423c3136a26ca31a7aafa337380 kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: June 16, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel DoS (SSA:2004-167-01) New kernel packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a denial of service security issue. Without a patch to asm-i386/i387.h, a local user can crash the machine. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 Here are the details from the Slackware 9.1 ChangeLog: Tue Jun 15 02:11:41 PDT 2004 patches/packages/kernel-ide-2.4.26-i486-3.tgz: Patched local DoS (CAN-2004-0554). Without this patch to asm-i386/i387.h a local user can crash the kernel. (* Security fix *) patches/packages/kernel-source-2.4.26-noarch-2.tgz: Patched local DoS (CAN-2004-0554). The new patch can be found here, too: patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz (* Security fix *) patches/kernels/*: Patched local DoS (CAN-2004-0554). (* Security fix *) Where to find the new packages: Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-ide-2.4.18-i386-6.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-source-2.4.18-noarch-7.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/kernels/ Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-ide-2.4.21-i486-4.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-source-2.4.21-noarch-4.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/kernels/ Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.26-i486-3.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.26-noarch-2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/ Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-ide-2.4.26-i486-4.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-2.4.26-i386-3.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-2.4.26-noarch-4.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/ ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-2.6.6/kernel-generic-2.6.6-i486-5.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-2.6.6/kernel-headers-2.6.6-i386-3.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-2.6.6/kernel-source-2.6.6-noarch-3.tgz Just the patch for 2.4.x kernels: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz 77d9eb0640f07df4167aaa53e0b42e2e CAN-2004-0554.i387.fnclex.diff.gz Just the patch for 2.6.x kernels: ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/source/linux-2.6.x/CAN-2004-0554.i387.fnclex.diff.gz e453d64187eac2216bebf85d72449fcb CAN-2004-0554.i387.fnclex.diff.gz MD5 signatures: Slackware 8.1 packages: 8bbced2d1f09d033de89ae5957427a25 kernel-ide-2.4.18-i386-6.tgz 050aa2dd8d38f0ba3de2fca621eb13c9 kernel-source-2.4.18-noarch-7.tgz Slackware 9.0 packages: 21dbafdcf32d84c22daddc349a719420 kernel-ide-2.4.21-i486-4.tgz 56ca0fbf5778283a1d9a76a278cb7cf5 kernel-source-2.4.21-noarch-4.tgz Slackware 9.1 packages: 614b79763721126939569f235d4524d6 kernel-ide-2.4.26-i486-3.tgz 43681f735928641a2b5fc786604bca77 kernel-source-2.4.26-noarch-2.tgz Slackware -current packages: 7a19720356937bcc0f360b8b158a1419 kernel-ide-2.4.26-i486-4.tgz c0d2d8b2977d5c86d100fe02a8c2681b kernel-headers-2.4.26-i386-3.tgz 8fbb66feb2d108baa6af6a895fc7f49a kernel-source-2.4.26-noarch-4.tgz 91ccc5ff7a5be15afdee86a60c6b408d kernel-generic-2.6.6-i486-5.tgz bdcb17009e79bb375dad7fecdd7e60ae kernel-headers-2.6.6-i386-3.tgz ed7c1e42f537414db8cd4dda8e2e9077 kernel-source-2.6.6-noarch-3.tgz Installation instructions: Use upgradepkg to install the new packages. After installing the kernel-ide package you will need to run lilo ('lilo' at a command prompt) or create a new system boot disk ('makebootdisk'), and reboot. If desired, a kernel from the kernels/ directory may be used instead. For example, to use the kernel in kernels/scsi.s/, you would copy it to the boot directory like this: cd kernels/scsi.s cp bzImage /boot/vmlinuz-scsi.s-2.4.26 Create a symbolic link: ln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz Then, run 'lilo' or create a new system boot disk and reboot. Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com | To leave the slackware-security mailing list: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | unsubscribe slackware-security | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAzzc6akRjwEAQIjMRAmNLAJ9cY5eDhdmZJBDc4IoJD+owJ2PlkACcCOWh DyVVz1pzzG06SBnUbpC/iHg= =luGU -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: June 16, 2004
Affected
We will release a new kernel package as soon as possible. Our customers can update their systems by using the YaST Online Update (YOU) tool or installing the RPM file directly from http://www.suse.de/en/private/download/updates/index.html.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- SUSE Security Announcement Package: kernel
Announcement-ID: SuSE-SA:2004:017
Date: Wednesday, Jun 16th 2004 15:20 MEST
Affected products: 8.0, 8.1, 8.2, 9.0, 9.1
SuSE Linux Database Server,
SuSE eMail Server III, 3.1
SuSE Linux Enterprise Server 7, 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Connectivity Server
SuSE Linux Office Server
Vulnerability Type: local denial-of-service attack
Severity (1-10): 4
SUSE default package: no
Cross References: CAN-2004-0554 Content of this advisory: 1) security vulnerability resolved: - floating point exception causes system crash
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds: - icecast
- sitecopy
- cadaver
- OpenOffice_org
- tripwire
- postgresql
- lha
- XDM
- mod_proxy
3) standard appendix (further information) 1) problem description, brief discussion, solution, upgrade information The Linux kernel is vulnerable to a local denial-of-service attack. By using a C program it is possible to trigger a floating point
exception that puts the kernel into an unusable state. To execute this attack a malicious user needs shell access to the
victim's machine. The severity of this bug is considered low because local denial-of-
service attacks are hard to prevent in general. Additionally the bug is limited to x86 and x86_64 architecture. SPECIAL INSTALL INSTRUCTIONS: The following paragraphs will guide you through the installation
process in a step-by-step fashion. The character sequence "****"
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable
to your situation. Therefore, please make sure to read through all of the steps below
before attempting any of these procedures. All of the commands that need to be executed are required to be
run as the superuser (root). Each step relies on the steps before
it to complete successfully. Note: The update packages for the SuSE Linux Enterprise Server 7
(SLES7) are being tested at the moment and will be published as soon
as possible. **** Step 1: Determine the needed kernel type Please use the following command to find the kernel type that is
installed on your system: rpm -qf /boot/vmlinuz Following are the possible kernel types (disregard the version and
build number following the name separated by the "-" character) k_deflt # default kernel, good for most systems. k_i386 # kernel for older processors and chipsets
k_athlon # kernel made specifically for AMD Athlon(tm) family processors
k_psmp # kernel for Pentium-I dual processor systems
k_smp # kernel for SMP systems (Pentium-II and above)
k_smp4G # kernel for SMP systems which supports a maximum of 4G of RAM
kernel-64k-pagesize
kernel-bigsmp
kernel-default
kernel-smp **** Step 2: Download the package for your system Please download the kernel RPM package for your distribution with the
name as indicated by Step 1. The list of all kernel rpm packages is
appended below. Note: The kernel-source package does not
contain a binary kernel in bootable form. Instead, it contains the
sources that the binary kernel rpm packages are created from. It can be
used by administrators who have decided to build their own kernel. Since the kernel-source.rpm is an installable (compiled) package that
contains sources for the linux kernel, it is not the source RPM for
the kernel RPM binary packages. The kernel RPM binary packages for the distributions can be found at the
locations below ftp://ftp.suse.com/pub/suse/i386/update/. 8.0/images/
8.1/rpm/i586
8.2/rpm/i586
9.0/rpm/i586
9.1/rpm/i586 After downloading the kernel RPM package for your system, you should
verify the authenticity of the kernel rpm package using the methods as
listed in section 3) of each SUSE Security Announcement. **** Step 3: Installing your kernel rpm package Install the rpm package that you have downloaded in Steps 3 or 4 with
the command
rpm -Uhv --nodeps --force
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 16, 2004 Updated: June 16, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Trustix Secure Linux Bugfix Advisory #2004-0034 Package name: kernel
Summary: Local DoS
Date: 2004-06-16
Affected versions: Trustix Secure Linux 2.0
Trustix Secure Linux 2.1
Trustix Operating System - Enterprise Server 2 Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc. Problem description: A flaw was by accident discovered by Stian Skjelstad when he was doing
some code tests during vacation. He was quite surprised when I discovered
that the code he was trying froze his machine. He reported it to the
Linux-kernel mailing list and the gcc bugzilla 2004-06-09. See CAN-2004-0554 at http://cve.mitre.org/ for more information. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 15, 2004 Updated: June 16, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.