6311693 2001-04-03 16:16 -0600 /200 rader/ Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM> Sänt av: joel@lysator.liu.se Importerad: 2001-04-04 12:17 av Brevbäraren Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: sup-info@LOCUTUS3.CALDERASYSTEMS.COM Mottagare: Bugtraq (import) <16323> Ärende: Security update: several security problems in linux kernel ------------------------------------------------------------ CSSA-2001-012.0 From: Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <20010403161633.A21380@locutus3.calderasystems.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: several security problems in linux kernel Advisory number: CSSA-2001-012.0 Issue date: 2001 April, 3 Cross reference: ______________________________________________________________________________ 1. Problem Description During code audits of the Linux Kernel several security problems have been found. Some of them allow a local attacker to gain root privileges through race conditions, others allow reading and possibly writing of random kernel memory. With these patches now being available in the 2.2.19 kernel, this update backports them to the kernels used in our products. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to linux-2.2.10-12 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder linux-2.2.14-11S OpenLinux eDesktop 2.4 All packages previous to linux-2.2.14-7 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification c0abd6e725f9791545738d74e7a338f0 RPMS/linux-kernel-binary-2.2.10-12.i386.rpm 43907dfa0696a0d0e23b3d74ac98d6a0 RPMS/linux-kernel-doc-2.2.10-12.i386.rpm ff332be214d5796097ee81bb436aa8aa RPMS/linux-kernel-include-2.2.10-12.i386.rpm bb28b2c5f99f601014e8c5f0f41b8e38 RPMS/linux-source-alpha-2.2.10-12.i386.rpm 4544ba8d0bd42d7cacb7624ac55cb97e RPMS/linux-source-arm-2.2.10-12.i386.rpm f6f6249203c1c01d7ce1343e2526a7c8 RPMS/linux-source-common-2.2.10-12.i386.rpm 7a6089c9c84b7ffece6429c0cc4061d5 RPMS/linux-source-i386-2.2.10-12.i386.rpm d882ef84c328a93f7fe5ef4be618053e RPMS/linux-source-m68k-2.2.10-12.i386.rpm d65460cb00441d97ea84ccc4beebd8d9 RPMS/linux-source-mips-2.2.10-12.i386.rpm 6c8f1575dd55c3421081a1d225c808b8 RPMS/linux-source-ppc-2.2.10-12.i386.rpm 4b2ede9a55b08f7cfece30c60c82b25c RPMS/linux-source-sparc-2.2.10-12.i386.rpm 2556435b553f1ad13974d6c5997639fe RPMS/linux-source-sparc64-2.2.10-12.i386.rpm 21e54c126869848f2a87e13be8c8cf3e RPMS/pcmcia-cs-3.0.14-3.i386.rpm eb1bd121022e40501edb26104142dfdb SRPMS/linux-2.2.10-12.src.rpm 45a67c026f4ec2f215431a77e593d318 SRPMS/pcmcia-cs-3.0.14-3.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: modprobe loop rpm -Fhv *.i386.rpm 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 4d81026c3b760cd3dfe6b18d6acbe123 RPMS/iBCS-2.1-6.i386.rpm 724c1ac2254480bbc0c694281d32e3b7 RPMS/iBCS-extras-2.1-6.i386.rpm fa0b96983659f4394960420cc5840e06 RPMS/linux-kernel-binary-2.2.14-11S.i386.rpm caa634390f73722de809082cb357f701 RPMS/linux-kernel-doc-2.2.14-11S.i386.rpm 5c4f321a82fdbe517a504124a6b52b99 RPMS/linux-kernel-include-2.2.14-11S.i386.rpm db9dde4d02b3e7f8c49ed2e003ac2bec RPMS/linux-source-alpha-2.2.14-11S.i386.rpm 0e25fda46af2085881085fdba0664061 RPMS/linux-source-arm-2.2.14-11S.i386.rpm 5c3c76c792108e2a50a7a13a9f450494 RPMS/linux-source-common-2.2.14-11S.i386.rpm 6a42f80110b86b34a74bf84b08b69d44 RPMS/linux-source-i386-2.2.14-11S.i386.rpm abcfb03c424cbbb4584741659753f8dc RPMS/linux-source-m68k-2.2.14-11S.i386.rpm 0cf7968c5c3e518cc44caf1931c406ec RPMS/linux-source-mips-2.2.14-11S.i386.rpm bc580c613872ce59319583f793fddb9f RPMS/linux-source-ppc-2.2.14-11S.i386.rpm 040f856963f39940b93eb15203281337 RPMS/linux-source-sparc-2.2.14-11S.i386.rpm ac0c3167d324a920f2fb96c63b80a38c RPMS/linux-source-sparc64-2.2.14-11S.i386.rpm 3847dc7f2f8c0e38f8becedb5c252bf4 RPMS/pcmcia-cs-3.1.4-3.i386.rpm 5945740159408f1776dcb6aa2fb49b03 SRPMS/iBCS-2.1-6.src.rpm 563cf982dba25b5952040bcd47ea581b SRPMS/linux-2.2.14-11S.src.rpm d15ab81be9d67ffec3242b4ec48e8eb9 SRPMS/pcmcia-cs-3.1.4-3.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: modprobe loop rpm -Fvh *.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 831b263708b378875b5e70c30b2d1a81 RPMS/hwprobe-20000214-4.i386.rpm 25af31770447ac4fd18b050a0c0c3b9e RPMS/iBCS-2.1-10.i386.rpm 01a135805e279368bd829daef4a6af78 RPMS/iBCS-extras-2.1-10.i386.rpm d4370bf7f3a68df55ff0001aea1d1f32 RPMS/iBCS-module-2.1_2.2.14-10.i386.rpm d5fa42ab1c129f89f6aac8ab594bf7e6 RPMS/linux-kernel-binary-2.2.14-7.i386.rpm b39cf54a0ff4a3f0de6edc02f6f15804 RPMS/linux-kernel-doc-2.2.14-7.i386.rpm d5e005ab9e3d568d82aa002c14336fb0 RPMS/linux-kernel-include-2.2.14-7.i386.rpm 69d1f35ff0afe3e3f3ac33c22c6c08a9 RPMS/linux-source-alpha-2.2.14-7.i386.rpm 619af8b2535238d5b0fc01ccc1aa4b15 RPMS/linux-source-arm-2.2.14-7.i386.rpm 563a2448d1eb3a66ed744e705aede3d3 RPMS/linux-source-common-2.2.14-7.i386.rpm 065ac34ecc23b322e3481752ddeb1a29 RPMS/linux-source-i386-2.2.14-7.i386.rpm 760c2a64d58f3f44ee113ccbf7490777 RPMS/linux-source-m68k-2.2.14-7.i386.rpm 460047a1cc64a92bfafc953790388b3d RPMS/linux-source-mips-2.2.14-7.i386.rpm 596aadafa3a68461ec9957810d20629e RPMS/linux-source-ppc-2.2.14-7.i386.rpm a5070e30981d650498ac3c5dd67b361c RPMS/linux-source-sparc-2.2.14-7.i386.rpm 2db448f5eb2e7aac48f0a9c7f07d71c6 RPMS/linux-source-sparc64-2.2.14-7.i386.rpm fed0d802f6a9d8b19eeb39f13e3d9b17 RPMS/pcmcia-cs-3.1.8-3.i386.rpm 7d585fa7cc3201aa554bfba0bc923f9d SRPMS/hwprobe-20000214-4.src.rpm 7042ea57831b9e4c5649a8cd668a8624 SRPMS/iBCS-2.1-10.src.rpm 9a055948c09c36ed379de72525bf2896 SRPMS/linux-2.2.14-7.src.rpm db43acbef146ae3be972f1515d030c82 SRPMS/pcmcia-cs-3.1.8-3.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh *.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 9633. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Caldera Systems wishes to thank Chris Evans, Solar Designer, Alan Cox and David Miller for spotting and fixing these problems. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6yfqH18sy83A/qfwRAhVuAJ4i/QYECTWBX8Hb4PImolhojEG3zACfeIJd iw77xxCGpFcv7KeAk2OfomM= =FrD0 -----END PGP SIGNATURE----- (6311693) /Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>/(Ombruten)