Date: Fri, 19 Oct 2001 17:40:40 +0200
From: Trustix Secure Linux Advisor <[email protected]>
To: [email protected]Subject: TSLSA-2001-0028
Cc: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0028
Package name: kernel
Severity: local root exploit and DoS attack
Date: 2001-10-19
Affected versions: TSL 1.01, 1.1, 1.2, 1.5
- --------------------------------------------------------------------------
Problem description:
As reported on Bugtraq, there is a local root exploit in the Linux
kernel involving the ptrace call. In addition, it is possible to create
a Denial of Service attack in the kernel by creating a number of symlinks.
Action:
We recommend that all systems with this package installed are upgraded.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>;
Automatic updates:
Users of the SWUP tool, can enjoy having updates automatically
installed using 'swup --upgrade'. Note that kernel packages are not
normally suited for automatic updates.
Get SWUP from:
<URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>;
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>;
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>;
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.2/>; and
<URI:http://www.trustix.net/errata/trustix-1.5/>;
or directly at
<URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0028-kernel.asc.txt>;
MD5sums of the packages:
- --------------------------------------------------------------------------
500f7da5dc643c7da6b900023a18ea73 ./1.5/SRPMS/kernel-2.2.19-6tr.src.rpm
2dfad37c0f412ea6cdb30934ea7dd45c ./1.5/RPMS/kernel-utils-2.2.19-6tr.i586.rpm
85e40ee2b1fb318e3a8672a3d726b266 ./1.5/RPMS/kernel-source-2.2.19-6tr.i586.rpm
53df116dd5786ba0f4ab7a78323ca982 ./1.5/RPMS/kernel-smp-2.2.19-6tr.i586.rpm
89763c2dafdba3219eba79f98c3cf103 ./1.5/RPMS/kernel-headers-2.2.19-6tr.i586.rpm
5ded0004d78152eeb41fed36909a5515 ./1.5/RPMS/kernel-doc-2.2.19-6tr.i586.rpm
21bf7f1ea5b670a528ece7912e1319c1 ./1.5/RPMS/kernel-BOOT-2.2.19-6tr.i586.rpm
10e836c1b2e459dce8345d2c6cc8f738 ./1.5/RPMS/kernel-2.2.19-6tr.i586.rpm
500f7da5dc643c7da6b900023a18ea73 ./1.2/SRPMS/kernel-2.2.19-6tr.src.rpm
6c49ef02fb26a9c3dec8aab08620e6e4 ./1.2/RPMS/kernel-utils-2.2.19-6tr.i586.rpm
24002feba70659641807d6b6c68bc2ed ./1.2/RPMS/kernel-source-2.2.19-6tr.i586.rpm
fb18289a3345a6bfec070301b47cd4cc ./1.2/RPMS/kernel-smp-2.2.19-6tr.i586.rpm
21bb28fdb231fe880769814cf101c5a2 ./1.2/RPMS/kernel-headers-2.2.19-6tr.i586.rpm
0f99bd15cf50a79a24672cfb5a491e90 ./1.2/RPMS/kernel-doc-2.2.19-6tr.i586.rpm
8bfcdb3bb9e068ac15c70106b54c6bd6 ./1.2/RPMS/kernel-BOOT-2.2.19-6tr.i586.rpm
36e40a852babfc41ff9ec85aa18891ff ./1.2/RPMS/kernel-2.2.19-6tr.i586.rpm
500f7da5dc643c7da6b900023a18ea73 ./1.1/SRPMS/kernel-2.2.19-6tr.src.rpm
62d807a4fcd315db50ee240fda1c4226 ./1.1/RPMS/kernel-utils-2.2.19-6tr.i586.rpm
0e94b87f217e61a6d74e7877ef4f11d8 ./1.1/RPMS/kernel-source-2.2.19-6tr.i586.rpm
21552807585588aba14f67c8db557af2 ./1.1/RPMS/kernel-smp-2.2.19-6tr.i586.rpm
9894fc169fe6b368311aed91829214e1 ./1.1/RPMS/kernel-headers-2.2.19-6tr.i586.rpm
bfec88d913d66927aa380540dc338ed4 ./1.1/RPMS/kernel-doc-2.2.19-6tr.i586.rpm
1ad783de52bc35e5cb2f83e4dbeadb69 ./1.1/RPMS/kernel-BOOT-2.2.19-6tr.i586.rpm
558f90d81e88084515626a5ed5341c2c ./1.1/RPMS/kernel-2.2.19-6tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE70EMewRTcg4BxxS0RAjS8AJ4hqLEmDo2BBSonmPAaMS8TSfUhjgCcDDzH
b1TJs/wQKBrKvZKdUWeJfTA=
=ZLsg
-----END PGP SIGNATURE-----
