Date: Tue, 14 Sep 2004 14:41:12 +0200
From: Trustix Security Advisor <[email protected]>
To: [email protected]Subject: TSL-2004-0046 - multi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2004-0046
Package name: kernel, samba, swup
Summary: Multiple bugfixes
Date: 2004-09-14
Affected versions: Trustix Secure Linux 2.1
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
kernel:
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
samba:
Samba provides an SMB server which can be used to provide network
services to SMB (sometimes called "Lan Manager") clients, including
various versions of MS Windows, OS/2, and other Linux machines.
swup:
SWUP - SoftWare UPdater is an extension for existing software packaging
systems to facilitate automatic and secure update and install. SWUP
handles dependencies between software packages, and is able to fetch
additional required software when installing or upgrading.
Problem description:
kernel:
Added support for DMA on the ESB_3 ATA adapter.
samba:
A defect in smbd's ASN.1 parsing allows an attacker to send
a specially crafted packet during the authentication request
which will send the newly spawned smbd process into an infinite
loop. Given enough of these packets, it is possible to exhaust
the available memory on the server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0807 to this issue.
A defect in nmbd's process of mailslot packets can allow
an attacker to anonymously crash nmbd.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0808 to this issue.
swup:
Added patch to fix missing encoding specification in rdfs.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Public testing:
Most updates for Trustix Secure Linux are made available for public
testing some time before release.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://tsldev.trustix.org/horizon/>
You may also use swup for public testing of updates:
site {
class = 0
location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
regexp = ".*"
}
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.1/>
or directly at
<URI:http://www.trustix.org/errata/2004/0046>
MD5sums of the packages:
- --------------------------------------------------------------------------
19be9cb5b6d3937b1527456d2212210f 2.1/rpms/kernel-2.4.27-2tr.i586.rpm
5dfa0ef1425544f9b62433c820440876 2.1/rpms/kernel-BOOT-2.4.27-2tr.i586.rpm
aa82e870f726c232f75a160058e9c53c 2.1/rpms/kernel-doc-2.4.27-2tr.i586.rpm
222a8a05c08ee5f18b1faf359f9d05d7 2.1/rpms/kernel-firewall-2.4.27-2tr.i586.rpm
dbc5f79dfbeed46a993e626da60d7bd4 2.1/rpms/kernel-firewallsmp-2.4.27-2tr.i586.rpm
c5d6ef9f6c9e3e5e34ae3a195a3c18d9 2.1/rpms/kernel-smp-2.4.27-2tr.i586.rpm
444453086cb9a0ae547729a7b6a4b6da 2.1/rpms/kernel-source-2.4.27-2tr.i586.rpm
06535b39c5f06e9f9afb5ca6ba212212 2.1/rpms/kernel-utils-2.4.27-2tr.i586.rpm
72da49fd640c69a53e16b45d4c0cb6bf 2.1/rpms/rdfgen-2.3.17-6tr.noarch.rpm
8e00801a495d5411ff5ed75f1da648ed 2.1/rpms/samba-3.0.7-1tr.i586.rpm
0667743e0dab72ed87c975161cd91e8c 2.1/rpms/samba-client-3.0.7-1tr.i586.rpm
c41af774a062453f02e8f60841ff0ebf 2.1/rpms/samba-common-3.0.7-1tr.i586.rpm
79e8d7700d896a903699fc0910d14812 2.1/rpms/samba-mysql-3.0.7-1tr.i586.rpm
5fb51df02fe25b40f24a15f91f50c2e1 2.1/rpms/swup-2.3.17-6tr.noarch.rpm
0afab84fcd7e3d218bb432d7a9336f94 2.1/rpms/swup-libs-2.3.17-6tr.noarch.rpm
c55e41e7afba004535e5be65fac388a2 2.1/rpms/swupconf-2.3.17-6tr.noarch.rpm
466ac8629babb4766a81f10fcdda012a 2.1/rpms/swupcron-2.3.17-6tr.noarch.rpm
c0544f33675968794ec358b77883ce99 e-2/kernel-2.4.27-2tr.i586.rpm
dfb9950c41f875eac64dc7216a50934c e-2/kernel-BOOT-2.4.27-2tr.i586.rpm
45f004810e7dcca6bd92f8f46f3d59fb e-2/kernel-doc-2.4.27-2tr.i586.rpm
41d6859369271c62cc2bd42ebd71c413 e-2/kernel-firewall-2.4.27-2tr.i586.rpm
813e09b727820b86df024e647dbd3afa e-2/kernel-firewallsmp-2.4.27-2tr.i586.rpm
48506c61aa5824e4729c7e62829f8ad5 e-2/kernel-smp-2.4.27-2tr.i586.rpm
66bcdbc7f224c8cdb1806a77c57d66cf e-2/kernel-source-2.4.27-2tr.i586.rpm
47116c3b387631f6c5809a7f36a2d09e e-2/kernel-utils-2.4.27-2tr.i586.rpm
f952c2612b0dd0fa84877fe5dee29ca3 e-2/samba-3.0.7-1tr.i586.rpm
2955b7e7058eacc9753e899961520430 e-2/samba-client-3.0.7-1tr.i586.rpm
1c3d0f9516a40a262ba94bf56f9dc837 e-2/samba-common-3.0.7-1tr.i586.rpm
6e0846aa3baaec05865fd199600e3777 e-2/samba-mysql-3.0.7-1tr.i586.rpm
859f7de9e292ddb88018a0f9e28b6f8e e-2/rdfgen-2.3.17-6tr.noarch.rpm
e5b1c499207e6a9bff2cc2a8901c2fb7 e-2/swup-2.3.17-6tr.noarch.rpm
3fae3c9a71c860d810d54c1ddabbae1a e-2/swup-libs-2.3.17-6tr.noarch.rpm
c970ac0596005e82d47083b68e7d04b3 e-2/swupconf-2.3.17-6tr.noarch.rpm
8c149c6fb61878148ecab7a0ae4c848f e-2/swupcron-2.3.17-6tr.noarch.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFBRuP8i8CEzsK9IksRAiqXAKCkwg5BSAE+rXD1El6SxRF5OjhiaQCfV6PV
/43U35NNcyih4doeBYxBNUQ=
=St7Y
-----END PGP SIGNATURE-----