From tsl@trustix.org Tue Sep 14 18:42:35 2004 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Tue, 14 Sep 2004 14:41:12 +0200 Subject: TSL-2004-0046 - multi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Bugfix Advisory #2004-0046 Package name: kernel, samba, swup Summary: Multiple bugfixes Date: 2004-09-14 Affected versions: Trustix Secure Linux 2.1 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: kernel: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. samba: Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. swup: SWUP - SoftWare UPdater is an extension for existing software packaging systems to facilitate automatic and secure update and install. SWUP handles dependencies between software packages, and is able to fetch additional required software when installing or upgrading. Problem description: kernel: Added support for DMA on the ESB_3 ATA adapter. samba: A defect in smbd's ASN.1 parsing allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. Given enough of these packets, it is possible to exhaust the available memory on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0807 to this issue. A defect in nmbd's process of mailslot packets can allow an attacker to anonymously crash nmbd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0808 to this issue. swup: Added patch to fix missing encoding specification in rdfs. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Public testing: Most updates for Trustix Secure Linux are made available for public testing some time before release. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf" regexp = ".*" } Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 19be9cb5b6d3937b1527456d2212210f 2.1/rpms/kernel-2.4.27-2tr.i586.rpm 5dfa0ef1425544f9b62433c820440876 2.1/rpms/kernel-BOOT-2.4.27-2tr.i586.rpm aa82e870f726c232f75a160058e9c53c 2.1/rpms/kernel-doc-2.4.27-2tr.i586.rpm 222a8a05c08ee5f18b1faf359f9d05d7 2.1/rpms/kernel-firewall-2.4.27-2tr.i586.rpm dbc5f79dfbeed46a993e626da60d7bd4 2.1/rpms/kernel-firewallsmp-2.4.27-2tr.i586.rpm c5d6ef9f6c9e3e5e34ae3a195a3c18d9 2.1/rpms/kernel-smp-2.4.27-2tr.i586.rpm 444453086cb9a0ae547729a7b6a4b6da 2.1/rpms/kernel-source-2.4.27-2tr.i586.rpm 06535b39c5f06e9f9afb5ca6ba212212 2.1/rpms/kernel-utils-2.4.27-2tr.i586.rpm 72da49fd640c69a53e16b45d4c0cb6bf 2.1/rpms/rdfgen-2.3.17-6tr.noarch.rpm 8e00801a495d5411ff5ed75f1da648ed 2.1/rpms/samba-3.0.7-1tr.i586.rpm 0667743e0dab72ed87c975161cd91e8c 2.1/rpms/samba-client-3.0.7-1tr.i586.rpm c41af774a062453f02e8f60841ff0ebf 2.1/rpms/samba-common-3.0.7-1tr.i586.rpm 79e8d7700d896a903699fc0910d14812 2.1/rpms/samba-mysql-3.0.7-1tr.i586.rpm 5fb51df02fe25b40f24a15f91f50c2e1 2.1/rpms/swup-2.3.17-6tr.noarch.rpm 0afab84fcd7e3d218bb432d7a9336f94 2.1/rpms/swup-libs-2.3.17-6tr.noarch.rpm c55e41e7afba004535e5be65fac388a2 2.1/rpms/swupconf-2.3.17-6tr.noarch.rpm 466ac8629babb4766a81f10fcdda012a 2.1/rpms/swupcron-2.3.17-6tr.noarch.rpm c0544f33675968794ec358b77883ce99 e-2/kernel-2.4.27-2tr.i586.rpm dfb9950c41f875eac64dc7216a50934c e-2/kernel-BOOT-2.4.27-2tr.i586.rpm 45f004810e7dcca6bd92f8f46f3d59fb e-2/kernel-doc-2.4.27-2tr.i586.rpm 41d6859369271c62cc2bd42ebd71c413 e-2/kernel-firewall-2.4.27-2tr.i586.rpm 813e09b727820b86df024e647dbd3afa e-2/kernel-firewallsmp-2.4.27-2tr.i586.rpm 48506c61aa5824e4729c7e62829f8ad5 e-2/kernel-smp-2.4.27-2tr.i586.rpm 66bcdbc7f224c8cdb1806a77c57d66cf e-2/kernel-source-2.4.27-2tr.i586.rpm 47116c3b387631f6c5809a7f36a2d09e e-2/kernel-utils-2.4.27-2tr.i586.rpm f952c2612b0dd0fa84877fe5dee29ca3 e-2/samba-3.0.7-1tr.i586.rpm 2955b7e7058eacc9753e899961520430 e-2/samba-client-3.0.7-1tr.i586.rpm 1c3d0f9516a40a262ba94bf56f9dc837 e-2/samba-common-3.0.7-1tr.i586.rpm 6e0846aa3baaec05865fd199600e3777 e-2/samba-mysql-3.0.7-1tr.i586.rpm 859f7de9e292ddb88018a0f9e28b6f8e e-2/rdfgen-2.3.17-6tr.noarch.rpm e5b1c499207e6a9bff2cc2a8901c2fb7 e-2/swup-2.3.17-6tr.noarch.rpm 3fae3c9a71c860d810d54c1ddabbae1a e-2/swup-libs-2.3.17-6tr.noarch.rpm c970ac0596005e82d47083b68e7d04b3 e-2/swupconf-2.3.17-6tr.noarch.rpm 8c149c6fb61878148ecab7a0ae4c848f e-2/swupcron-2.3.17-6tr.noarch.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBRuP8i8CEzsK9IksRAiqXAKCkwg5BSAE+rXD1El6SxRF5OjhiaQCfV6PV /43U35NNcyih4doeBYxBNUQ= =St7Y -----END PGP SIGNATURE-----