From debian-security-announce@lists.debian.org Thu Aug 14 22:24:44 2003 From: debian-security-announce@lists.debian.org Resent-From: list@murphy.debian.org (SmartList) To: full-disclosure@lists.netsys.com Date: Wed, 13 Aug 2003 20:46:04 -0400 Reply-To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] [SECURITY] [DSA-358-4] New kernel packages fix potential "oops" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 358-4 security@debian.org http://www.debian.org/security/ Matt Zimmerman August 13th, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : linux-kernel-i386, linux-kernel-alpha This advisory provides a correction to the previous kernel updates, which contained an error introduced in kernel-source-2.4.18 version 2.4.18-10. This error could result in a kernel "oops" under certain circumstances involving POSIX locks and multithreaded programs. For the stable distribution (woody) on the i386 architecture, this problem has been fixed in kernel-source-2.4.18 version 2.4.18-13, kernel-image-2.4.18-i386bf version 2.4.18-5woody4, and kernel-image-2.4.18-1-i386 version 2.4.18-11. For the stable distribution (woody) on the alpha architecture, this problem has been fixed in kernel-source-2.4.18 version 2.4.18-13 and kernel-image-2.4.18-1-alpha version 2.4.18-10. For the unstable distribution (sid) this problem has been fixed in kernel-source-2.4.20 version 2.4.20-7. We recommend that you update your kernel packages. If you are using the kernel installed by the installation system when the "bf24" option is selected (for a 2.4.x kernel), you should install the kernel-image-2.4.18-bf2.4 package. If you installed a different kernel-image package after installation, you should install the corresponding 2.4.18-1 kernel. You may use the table below as a guide. | If "uname -r" shows: | Install this package: - ------------------------------------------------------ | 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4 | 2.4.18-386 | kernel-image-2.4.18-1-386 | 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc | 2.4.18-686 | kernel-image-2.4.18-1-686 | 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp | 2.4.18-k6 | kernel-image-2.4.18-1-k6 | 2.4.18-k7 | kernel-image-2.4.18-1-k7 NOTE: that this kernel is binary compatible with the previous kernel security updates, but not binary compatible with the corresponding kernel included in Debian 3.0r1. If you have not already applied the previous security update (kernel-image-2.4.18-bf2.4 version 2.4.18-5woody1 or any of the 2.4.18-1-* kernels), then any custom modules will need to be rebuilt in order to work with the new kernel. New PCMCIA modules are provided for all of the above kernels. NOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-13.dsc Size/MD5 checksum: 798 0474286fe0631aca601a668f3b9a6f7d http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-13.diff.gz Size/MD5 checksum: 66753 a4b199baa42082fccbd3992f77b442bf http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody4.dsc Size/MD5 checksum: 654 5410ea3327a01dbba31f6a1c9318040d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody4.tar.gz Size/MD5 checksum: 25953 710399a835192f323b4e5b3d59691e0c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-11.dsc Size/MD5 checksum: 1325 d8e3c8474c79f7e5470b8e66ba06cd64 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-11.tar.gz Size/MD5 checksum: 69701 01893cf83ce365ce9d149c48aad5c4fb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-10.dsc Size/MD5 checksum: 874 fd6016646413699527f2bd92b97c27bf http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-10.tar.gz Size/MD5 checksum: 24151 31b559520b81e580cc6b8356d662417b Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-13_all.deb Size/MD5 checksum: 1710390 82a21d0bb4a9cf24a2b54109edee95c5 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-13_all.deb Size/MD5 checksum: 23886478 b3e50b8313c93d06cec058d6daecd32e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody4_i386.deb Size/MD5 checksum: 3395152 ce36117cf285cec2712b04b63bcfa123 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody4_i386.deb Size/MD5 checksum: 6424840 754ecbe313899bfa60c0f82cc1ed27e2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-11_i386.deb Size/MD5 checksum: 3398074 e7a82c669bc55b575478c9d5b9f3da29 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-11_i386.deb Size/MD5 checksum: 3487382 fcd83e99910a94b6f5b6f1dd2fb3dc72 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-11_i386.deb Size/MD5 checksum: 3488092 165203c91288aa3a6ddfb5a3d2ec9636 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-11_i386.deb Size/MD5 checksum: 3488438 e4fc0d2c216c2b64d678fe8cd8484132 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-11_i386.deb Size/MD5 checksum: 3489652 ca72c5d39f40db35a16bb0bb8e60e93e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-11_i386.deb Size/MD5 checksum: 3487788 b445f5bb84ad1e06a689dcc058c77aae http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-11_i386.deb Size/MD5 checksum: 3488102 be025488d37c786137240a7e00d18e65 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-11_i386.deb Size/MD5 checksum: 8797522 8ba95c7330e02ab60379bb81ef93b4b1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-11_i386.deb Size/MD5 checksum: 8704278 6905e1bcd5b9b06b9db0e5e50660be05 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-11_i386.deb Size/MD5 checksum: 8702472 9ec990c325db4161e2797b7ba1a33acf http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-11_i386.deb Size/MD5 checksum: 8959994 75c5185d3faebe8f3385fc8d9344e545 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-11_i386.deb Size/MD5 checksum: 8661098 e90103e93919ceaaf18678af3d674842 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-11_i386.deb Size/MD5 checksum: 8863096 c4cb4b2b04298cb11e1e84bc54d0649c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-11_i386.deb Size/MD5 checksum: 228246 9d7f9e9bf6fa6d587b7bb20db0353f5c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-11_i386.deb Size/MD5 checksum: 227784 c32bdcf2afbd288a706739a3d62d801d http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-11_i386.deb Size/MD5 checksum: 227246 7b2314445633627f41abf8c7225e174a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-11_i386.deb Size/MD5 checksum: 230890 2cb9020c466b5060586af74891a96724 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-11_i386.deb Size/MD5 checksum: 226876 212ad6114bce72a5583b525eda135ab4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-11_i386.deb Size/MD5 checksum: 230158 f612244cf007da73705acd321e2804d2 Alpha architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-10_alpha.deb Size/MD5 checksum: 3333366 25618ec62983262745220841e6969ba3 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-10_alpha.deb Size/MD5 checksum: 3474594 3c02c28156b031071d43d0d2c7f9385f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-10_alpha.deb Size/MD5 checksum: 3477020 f0ba185dddbf538c55ba50ba35616fb6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-10_alpha.deb Size/MD5 checksum: 12425880 459d277c533fa19ce78bb3dc02cef36e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-10_alpha.deb Size/MD5 checksum: 12799764 454388dbca3f95c864075771066941c8 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/OtuhArxCt0PiXR4RAkZxAKCL0P2yKedPmfKNVMGhziiOMcKdEwCggSTZ iuEDsUlq0wq4jqhmnHH/JrE= =sHnj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html