6311693 2001-04-03 16:16 -0600 /200 rader/ Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-04 12:17 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: sup-info@LOCUTUS3.CALDERASYSTEMS.COM
Mottagare: Bugtraq (import) <16323>
Ärende: Security update: several security problems in linux kernel
------------------------------------------------------------
CSSA-2001-012.0
From: Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010403161633.A21380@locutus3.calderasystems.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: several security problems in linux kernel
Advisory number: CSSA-2001-012.0
Issue date: 2001 April, 3
Cross reference:
______________________________________________________________________________
1. Problem Description
During code audits of the Linux Kernel several security problems
have been found. Some of them allow a local attacker to gain
root privileges through race conditions, others allow reading
and possibly writing of random kernel memory.
With these patches now being available in the 2.2.19 kernel, this
update backports them to the kernels used in our products.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
linux-2.2.10-12
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder linux-2.2.14-11S
OpenLinux eDesktop 2.4 All packages previous to
linux-2.2.14-7
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
c0abd6e725f9791545738d74e7a338f0
RPMS/linux-kernel-binary-2.2.10-12.i386.rpm
43907dfa0696a0d0e23b3d74ac98d6a0
RPMS/linux-kernel-doc-2.2.10-12.i386.rpm
ff332be214d5796097ee81bb436aa8aa
RPMS/linux-kernel-include-2.2.10-12.i386.rpm
bb28b2c5f99f601014e8c5f0f41b8e38
RPMS/linux-source-alpha-2.2.10-12.i386.rpm
4544ba8d0bd42d7cacb7624ac55cb97e
RPMS/linux-source-arm-2.2.10-12.i386.rpm
f6f6249203c1c01d7ce1343e2526a7c8
RPMS/linux-source-common-2.2.10-12.i386.rpm
7a6089c9c84b7ffece6429c0cc4061d5
RPMS/linux-source-i386-2.2.10-12.i386.rpm
d882ef84c328a93f7fe5ef4be618053e
RPMS/linux-source-m68k-2.2.10-12.i386.rpm
d65460cb00441d97ea84ccc4beebd8d9
RPMS/linux-source-mips-2.2.10-12.i386.rpm
6c8f1575dd55c3421081a1d225c808b8
RPMS/linux-source-ppc-2.2.10-12.i386.rpm
4b2ede9a55b08f7cfece30c60c82b25c
RPMS/linux-source-sparc-2.2.10-12.i386.rpm
2556435b553f1ad13974d6c5997639fe
RPMS/linux-source-sparc64-2.2.10-12.i386.rpm
21e54c126869848f2a87e13be8c8cf3e RPMS/pcmcia-cs-3.0.14-3.i386.rpm
eb1bd121022e40501edb26104142dfdb SRPMS/linux-2.2.10-12.src.rpm
45a67c026f4ec2f215431a77e593d318 SRPMS/pcmcia-cs-3.0.14-3.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
modprobe loop
rpm -Fhv *.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
4d81026c3b760cd3dfe6b18d6acbe123 RPMS/iBCS-2.1-6.i386.rpm
724c1ac2254480bbc0c694281d32e3b7 RPMS/iBCS-extras-2.1-6.i386.rpm
fa0b96983659f4394960420cc5840e06
RPMS/linux-kernel-binary-2.2.14-11S.i386.rpm
caa634390f73722de809082cb357f701
RPMS/linux-kernel-doc-2.2.14-11S.i386.rpm
5c4f321a82fdbe517a504124a6b52b99
RPMS/linux-kernel-include-2.2.14-11S.i386.rpm
db9dde4d02b3e7f8c49ed2e003ac2bec
RPMS/linux-source-alpha-2.2.14-11S.i386.rpm
0e25fda46af2085881085fdba0664061
RPMS/linux-source-arm-2.2.14-11S.i386.rpm
5c3c76c792108e2a50a7a13a9f450494
RPMS/linux-source-common-2.2.14-11S.i386.rpm
6a42f80110b86b34a74bf84b08b69d44
RPMS/linux-source-i386-2.2.14-11S.i386.rpm
abcfb03c424cbbb4584741659753f8dc
RPMS/linux-source-m68k-2.2.14-11S.i386.rpm
0cf7968c5c3e518cc44caf1931c406ec
RPMS/linux-source-mips-2.2.14-11S.i386.rpm
bc580c613872ce59319583f793fddb9f
RPMS/linux-source-ppc-2.2.14-11S.i386.rpm
040f856963f39940b93eb15203281337
RPMS/linux-source-sparc-2.2.14-11S.i386.rpm
ac0c3167d324a920f2fb96c63b80a38c
RPMS/linux-source-sparc64-2.2.14-11S.i386.rpm
3847dc7f2f8c0e38f8becedb5c252bf4 RPMS/pcmcia-cs-3.1.4-3.i386.rpm
5945740159408f1776dcb6aa2fb49b03 SRPMS/iBCS-2.1-6.src.rpm
563cf982dba25b5952040bcd47ea581b SRPMS/linux-2.2.14-11S.src.rpm
d15ab81be9d67ffec3242b4ec48e8eb9 SRPMS/pcmcia-cs-3.1.4-3.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
modprobe loop
rpm -Fvh *.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
831b263708b378875b5e70c30b2d1a81 RPMS/hwprobe-20000214-4.i386.rpm
25af31770447ac4fd18b050a0c0c3b9e RPMS/iBCS-2.1-10.i386.rpm
01a135805e279368bd829daef4a6af78 RPMS/iBCS-extras-2.1-10.i386.rpm
d4370bf7f3a68df55ff0001aea1d1f32
RPMS/iBCS-module-2.1_2.2.14-10.i386.rpm
d5fa42ab1c129f89f6aac8ab594bf7e6
RPMS/linux-kernel-binary-2.2.14-7.i386.rpm
b39cf54a0ff4a3f0de6edc02f6f15804
RPMS/linux-kernel-doc-2.2.14-7.i386.rpm
d5e005ab9e3d568d82aa002c14336fb0
RPMS/linux-kernel-include-2.2.14-7.i386.rpm
69d1f35ff0afe3e3f3ac33c22c6c08a9
RPMS/linux-source-alpha-2.2.14-7.i386.rpm
619af8b2535238d5b0fc01ccc1aa4b15
RPMS/linux-source-arm-2.2.14-7.i386.rpm
563a2448d1eb3a66ed744e705aede3d3
RPMS/linux-source-common-2.2.14-7.i386.rpm
065ac34ecc23b322e3481752ddeb1a29
RPMS/linux-source-i386-2.2.14-7.i386.rpm
760c2a64d58f3f44ee113ccbf7490777
RPMS/linux-source-m68k-2.2.14-7.i386.rpm
460047a1cc64a92bfafc953790388b3d
RPMS/linux-source-mips-2.2.14-7.i386.rpm
596aadafa3a68461ec9957810d20629e
RPMS/linux-source-ppc-2.2.14-7.i386.rpm
a5070e30981d650498ac3c5dd67b361c
RPMS/linux-source-sparc-2.2.14-7.i386.rpm
2db448f5eb2e7aac48f0a9c7f07d71c6
RPMS/linux-source-sparc64-2.2.14-7.i386.rpm
fed0d802f6a9d8b19eeb39f13e3d9b17 RPMS/pcmcia-cs-3.1.8-3.i386.rpm
7d585fa7cc3201aa554bfba0bc923f9d SRPMS/hwprobe-20000214-4.src.rpm
7042ea57831b9e4c5649a8cd668a8624 SRPMS/iBCS-2.1-10.src.rpm
9a055948c09c36ed379de72525bf2896 SRPMS/linux-2.2.14-7.src.rpm
db43acbef146ae3be972f1515d030c82 SRPMS/pcmcia-cs-3.1.8-3.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh *.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 9633.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of
the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.
9. Acknowledgements
Caldera Systems wishes to thank Chris Evans, Solar Designer, Alan
Cox and David Miller for spotting and fixing these problems.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6yfqH18sy83A/qfwRAhVuAJ4i/QYECTWBX8Hb4PImolhojEG3zACfeIJd
iw77xxCGpFcv7KeAk2OfomM=
=FrD0
-----END PGP SIGNATURE-----
�
(6311693) /Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>/(Ombruten)