From tsl@trustix.com Fri Oct 19 12:32:11 2001 From: Trustix Secure Linux Advisor To: tsl-announce@trustix.org Cc: bugtraq@securityfocus.com Date: Fri, 19 Oct 2001 17:40:40 +0200 Subject: TSLSA-2001-0028 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0028 Package name: kernel Severity: local root exploit and DoS attack Date: 2001-10-19 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: As reported on Bugtraq, there is a local root exploit in the Linux kernel involving the ptrace call. In addition, it is possible to create a Denial of Service attack in the kernel by creating a number of symlinks. Action: We recommend that all systems with this package installed are upgraded. Location: All TSL updates are available from Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Note that kernel packages are not normally suited for automatic updates. Get SWUP from: Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 500f7da5dc643c7da6b900023a18ea73 ./1.5/SRPMS/kernel-2.2.19-6tr.src.rpm 2dfad37c0f412ea6cdb30934ea7dd45c ./1.5/RPMS/kernel-utils-2.2.19-6tr.i586.rpm 85e40ee2b1fb318e3a8672a3d726b266 ./1.5/RPMS/kernel-source-2.2.19-6tr.i586.rpm 53df116dd5786ba0f4ab7a78323ca982 ./1.5/RPMS/kernel-smp-2.2.19-6tr.i586.rpm 89763c2dafdba3219eba79f98c3cf103 ./1.5/RPMS/kernel-headers-2.2.19-6tr.i586.rpm 5ded0004d78152eeb41fed36909a5515 ./1.5/RPMS/kernel-doc-2.2.19-6tr.i586.rpm 21bf7f1ea5b670a528ece7912e1319c1 ./1.5/RPMS/kernel-BOOT-2.2.19-6tr.i586.rpm 10e836c1b2e459dce8345d2c6cc8f738 ./1.5/RPMS/kernel-2.2.19-6tr.i586.rpm 500f7da5dc643c7da6b900023a18ea73 ./1.2/SRPMS/kernel-2.2.19-6tr.src.rpm 6c49ef02fb26a9c3dec8aab08620e6e4 ./1.2/RPMS/kernel-utils-2.2.19-6tr.i586.rpm 24002feba70659641807d6b6c68bc2ed ./1.2/RPMS/kernel-source-2.2.19-6tr.i586.rpm fb18289a3345a6bfec070301b47cd4cc ./1.2/RPMS/kernel-smp-2.2.19-6tr.i586.rpm 21bb28fdb231fe880769814cf101c5a2 ./1.2/RPMS/kernel-headers-2.2.19-6tr.i586.rpm 0f99bd15cf50a79a24672cfb5a491e90 ./1.2/RPMS/kernel-doc-2.2.19-6tr.i586.rpm 8bfcdb3bb9e068ac15c70106b54c6bd6 ./1.2/RPMS/kernel-BOOT-2.2.19-6tr.i586.rpm 36e40a852babfc41ff9ec85aa18891ff ./1.2/RPMS/kernel-2.2.19-6tr.i586.rpm 500f7da5dc643c7da6b900023a18ea73 ./1.1/SRPMS/kernel-2.2.19-6tr.src.rpm 62d807a4fcd315db50ee240fda1c4226 ./1.1/RPMS/kernel-utils-2.2.19-6tr.i586.rpm 0e94b87f217e61a6d74e7877ef4f11d8 ./1.1/RPMS/kernel-source-2.2.19-6tr.i586.rpm 21552807585588aba14f67c8db557af2 ./1.1/RPMS/kernel-smp-2.2.19-6tr.i586.rpm 9894fc169fe6b368311aed91829214e1 ./1.1/RPMS/kernel-headers-2.2.19-6tr.i586.rpm bfec88d913d66927aa380540dc338ed4 ./1.1/RPMS/kernel-doc-2.2.19-6tr.i586.rpm 1ad783de52bc35e5cb2f83e4dbeadb69 ./1.1/RPMS/kernel-BOOT-2.2.19-6tr.i586.rpm 558f90d81e88084515626a5ed5341c2c ./1.1/RPMS/kernel-2.2.19-6tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE70EMewRTcg4BxxS0RAjS8AJ4hqLEmDo2BBSonmPAaMS8TSfUhjgCcDDzH b1TJs/wQKBrKvZKdUWeJfTA= =ZLsg -----END PGP SIGNATURE-----