Date: Thu, 5 Apr 2001 17:59:44 +0200
From: [email protected]
To: [email protected]Subject: Trustix Security Advisory #2001-0003 - kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0003
Package name: kernel
Severity: Local root exploit
Date: 2001-04-05
Affected versions: TSL 1.01, 1.1, 1.2
- --------------------------------------------------------------------------
Problem description:
Some time ago, a vulnerability was discovered that allowed for root
access through ptrace call in the linux kernel. This was
originally considered fixed in a previous patch, but as it turns
out, it wasn't. This is fixed in kernel version 2.2.19.
Action:
We recommend all systems which has this package installed to be upgraded.
Please see the Kernel Upgrade Howto, available from
<URL:http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html>;
for more information on how to upgrade your TSL kernel.
Location:
All TSL updates are available from
<URL:http://www.trustix.net/pub/Trustix/updates/>;
<URL:ftp://ftp.trustix.net/pub/Trustix/updates/>;
Users of the SWUP tool, can enjoy having the security updates
automatically installed using 'swup --upgrade'.
Get SWUP from:
ftp://ftp.trustix.net/pub/Trustix/software/swup/
Note that you may not want to use SWUP to do unattended kernel upgrades,
and it does not do so by default.
Questions?
Check out our mailinglists:
http://www.trustix.net/support/
Verification:
This advisory is signed with the TSL sign key. It is available from:
http://www.trustix.net/TSL-GPG-KEY
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6zI25wRTcg4BxxS0RAnTXAJ9e/T9ysKpK9TQnXhP7V2aXsCiArgCdF12s
K17kWuT59qtzxW64YMduZFQ=
=m9sm
-----END PGP SIGNATURE-----
--
Trustix Secure Linux Advisor
Homepage: http://www.trustix.net/
Errata: http://www.trustix.net/errata/
Automatic updates: http://www.trustix.net/pub/Trustix/software/swup/
