From secure@conectiva.com.br Tue Dec 17 00:37:46 2002 From: secure@conectiva.com.br To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org Date: Mon, 16 Dec 2002 17:41:54 -0200 Subject: [CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kernel 2.4 SUMMARY : Local denial of service vulnerability DATE : 2002-12-16 17:41:00 ID : CLA-2002:553 RELEVANT RELEASES : 7.0, 8 - ------------------------------------------------------------------------- DESCRIPTION The Linux kernel is responsible for handling the basic functions of the Conectiva Linux operating system. Christophe Devine reported[1] a vulnerability in versions prior to 2.4.20 of the linux kernel that could be exploited by a local non-root user to completely "freeze" the machine. A local attacker could exploit this vulnerability to cause a Denial of Service (DoS) condition. This update fixes this problem. Please note that the updated kernel packages here listed are available in our update servers since November 20, 2002. SOLUTION All users should upgrade the kernel immediately. IMPORTANT: it is not possible to use apt to apply kernel updates. These packages have to be updated manually. Generic kernel update instructions can be found in our updates page[2]. Kernel 2.2 users in Conectiva Linux 6.0 and 7.0 are also vulnerable to this issue. It is recommended that these users upgrade to the latest (2.4) kernel, but updated packages for the 2.2 series are being prepared and will be released in a near future. REFERENCES: 1.http://online.securityfocus.com/archive/1/299687/2002-11-11/2002-11-17/0 2.http://distro.conectiva.com.br/atualizacoes/?idioma=en UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i586.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i686.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-BOOT-2.4.12-4U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-doc-2.4.12-4U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-enterprise-2.4.12-4U70_4cl.i686.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-headers-2.4.12-4U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i586.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i686.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-source-2.4.12-4U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/kernel-2.4.12-4U70_4cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_5cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i586.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i686.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_5cl.src.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9/iyB42jd0JmAcZARAtowAKCrKe0jynFrgxg73SN2sXQp169x9ACfXK3U Ey8KmP/NTc16x3SEyjFBQzw= =aOtt -----END PGP SIGNATURE-----