Date: Mon, 30 Jan 2006 14:12:49 +0100
From: Trustix Security Advisor <tsl@trustix.org.>
To: [email protected]Subject: TSLSA-2006-0004 - multi
Message-ID: <20060130131249.GA16803@tsunami.trustix.net.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0004
Package names: kernel, openssh
Summary: Multiple vulnerabilities
Date: 2006-01-27
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
openssh
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
Problem description:
kernel < TSL 3.0 >
- SECURITY Fix: Missing validation of the "nlmsg_len" value in
"netlink_rcv_skb()" can cause an infinite loop which can be exploited
by local users to cause a DoS by setting the value to 0.
- An error in the PPTP NAT helper in the handling of inbound
PPTP_IN_CALL_REQUEST packets can cause an error in offset calculation.
This can be exploited to cause random memory corruption and can crash
the kernel.
- ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in
Linux kernel 2.6.14, and other versions, allows local users to cause a
denial of service via a crafted outbound packet that causes an incorrect
offset to be calculated from pointer arithmetic when non-linear SKBs
(socket buffers) are used.
- Stefan Rompf has reported a vulnerability caused due to the "dm-crypt"
driver failing to clear memory before freeing it. This can be exploited
by local users to obtain sensitive information.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-0035, CVE-2006-0036, CVE-2006-0037 and
CVE-2006-0095 to these issues.
openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Josh Bressers has reported a weakness in OpenSSH
caused due to the insecure use of the "system()" function in
scp when performing copy operations using filenames that are
supplied by the user from the command line. This can be exploited
to execute shell commands with privileges of the user running scp.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-0225 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0004/>
MD5sums of the packages:
- --------------------------------------------------------------------------
027cea1f2f987f710fe2680337a4774f 3.0/rpms/kernel-2.6.15.1-1tr.i586.rpm
9f6cc359c94b874a8160b2744fb6d510 3.0/rpms/kernel-doc-2.6.15.1-1tr.i586.rpm
f6c272fadee97f280adee5f9a00576b0 3.0/rpms/kernel-headers-2.6.15.1-1tr.i586.rpm
31150a8b714720f20e290dccec845826 3.0/rpms/kernel-smp-2.6.15.1-1tr.i586.rpm
fce9c0bf230300cec808aea31ff7f718 3.0/rpms/kernel-smp-headers-2.6.15.1-1tr.i586.rpm
cf6368abb17f22b64826d00bd8336cf5 3.0/rpms/kernel-source-2.6.15.1-1tr.i586.rpm
0608ad6bd8e97ddadd0b501206a11d20 3.0/rpms/kernel-utils-2.6.15.1-1tr.i586.rpm
ab20e49ff562fa8accc40ecbf13e7799 3.0/rpms/openssh-4.2p1-2tr.i586.rpm
ade6e066afe6e83bd99975bfa252f608 3.0/rpms/openssh-clients-4.2p1-2tr.i586.rpm
7290bb4c93f08314b72b589e6ed3b0b3 3.0/rpms/openssh-server-4.2p1-2tr.i586.rpm
934477d687fb6cb48b78fceb87e187e2 3.0/rpms/openssh-server-config-4.2p1-2tr.i586.rpm
3bfc8e25184b964391c8c71ad95b2778 2.2/rpms/openssh-4.2p1-2tr.i586.rpm
8a3a8e810c8121ac10846922e0bffe6a 2.2/rpms/openssh-clients-4.2p1-2tr.i586.rpm
33c754e2048bb85822145c2063f63463 2.2/rpms/openssh-server-4.2p1-2tr.i586.rpm
0abb95f1c3c13c491e0233ae6f3a9944 2.2/rpms/openssh-server-config-4.2p1-2tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD3gWOi8CEzsK9IksRAqoNAJ0VcXv/vxjGrn/uCznt7fVZcwLhYwCfUGQY
rnBSdrj/JGMGe6Y7iUrf3GQ=
=UQBl
-----END PGP SIGNATURE-----