From secure@conectiva.com.br Tue Jun 22 20:30:18 2004 From: Conectiva Updates To: conectiva-updates@perninha.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org Date: Tue, 22 Jun 2004 10:14:19 -0300 Subject: [CLA-2004:845] Conectiva Security Announcement - kernel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kernel SUMMARY : Fixes for kernel vulnerabilities DATE : 2004-06-22 10:12:00 ID : CLA-2004:845 RELEVANT RELEASES : 8, 9 - ------------------------------------------------------------------------- DESCRIPTION The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. This announcement fixes the following vulnerabilities: 1. Local denial of service vulnerability (CAN-2004-0554[1]) Stian Skjelstad found[2] a vulnerability[1] in the fpu controller code that can be used by local attackers to cause a denial of service (DoS) on the system. 2. Local memory disclosure vulnerability (CAN-2004-0535[3]) Chris Wright found a vulnerability[3] in the Intel(R) PRO/1000 ethernet card driver that could allow a local attacker to read some bytes of kernel memory. 3. Sparse vulnerabilities (CAN-2004-0495[4]) Al Viro, by using Sparse[5] (a code inspection tool), found several vulnerabilities which, in the worst case, might allow local attackers to obtain root privileges. SOLUTION It is recommended that all Conectiva Linux users upgrade the kernel package. IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. In particular, Conectiva Linux 9 will most likely require an initrd file (which is automatically created in the /boot directory after the new packages are installed). Generic kernel update instructions can be obtained in the manuals and in our updates page[6]. More detailed instructions are also available in Portuguese at our Moin[7] page. REFERENCES: 1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 2.http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 5.http://sparse.bkbits.net:8080/sparse/ 6.https://moin.conectiva.com.br/UpdatingKernelPackages 7.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_22cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/devfsd-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_22cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_22cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_16cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.athlon.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i586.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i686.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.pentium4.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_16cl.i386.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2004 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFA2DCq42jd0JmAcZARAg49AJ9sqVjI/FsSEeWfws1iPyJ0szUIPgCfZ9kw y6YY+kD2FTucN7+WNLkZZKg= =NSse -----END PGP SIGNATURE-----