From security-announce@turbolinux.co.jp Wed Dec 3 17:01:02 2003 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 3 Dec 2003 21:15:00 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 03/Dec/2003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 03/Dec/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kernel -> Integer overflow =========================================================== * kernel -> Integer overflow =========================================================== More information : The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system. The kernel handles the basic functions of the operating system. A flaw in bounds checking in the do_brk() function in the Linux. Impact : The local users may be able to gain root privileges. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-15.src.rpm 41892334 9ce72130b877766f844277b6083789af Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-15.i586.rpm 14058497 69241f9f766ae8e3a8b90991c1ebb273 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm 7100399 5d87135fa0f5279604040fccf229fac1 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm 1458110 8cb3a7993e844c54dd537b7fdf00839f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm 1816129 5c1972c228227ce3d7aaa028ead65b71 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm 329023 b26f7a1a9df8dd7571930829e5490cdd ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm 14549721 3f3eca5764a3e9c5e7968947f95c4258 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm 14527839 57e25b0b12061b0e67328837a55da0c7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-15.i586.rpm 26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-15.src.rpm 41892334 9ce72130b877766f844277b6083789af Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-15.i586.rpm 14058497 69241f9f766ae8e3a8b90991c1ebb273 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm 7100399 5d87135fa0f5279604040fccf229fac1 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm 1458110 8cb3a7993e844c54dd537b7fdf00839f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm 1816129 5c1972c228227ce3d7aaa028ead65b71 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm 329023 b26f7a1a9df8dd7571930829e5490cdd ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm 14549721 3f3eca5764a3e9c5e7968947f95c4258 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm 14527839 57e25b0b12061b0e67328837a55da0c7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-15.i586.rpm 26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-15.src.rpm 41892334 9ce72130b877766f844277b6083789af Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-15.i586.rpm 14058497 69241f9f766ae8e3a8b90991c1ebb273 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm 7100399 5d87135fa0f5279604040fccf229fac1 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm 1458110 8cb3a7993e844c54dd537b7fdf00839f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm 1816129 5c1972c228227ce3d7aaa028ead65b71 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm 329023 b26f7a1a9df8dd7571930829e5490cdd ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm 14549721 3f3eca5764a3e9c5e7968947f95c4258 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm 14527839 57e25b0b12061b0e67328837a55da0c7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-15.i586.rpm 26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-15.src.rpm 41892334 9ce72130b877766f844277b6083789af Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-15.i586.rpm 14058497 69241f9f766ae8e3a8b90991c1ebb273 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm 7100399 5d87135fa0f5279604040fccf229fac1 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm 1458110 8cb3a7993e844c54dd537b7fdf00839f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm 1816129 5c1972c228227ce3d7aaa028ead65b71 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm 329023 b26f7a1a9df8dd7571930829e5490cdd ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm 14549721 3f3eca5764a3e9c5e7968947f95c4258 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm 14527839 57e25b0b12061b0e67328837a55da0c7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-15.i586.rpm 26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7 References : CVE [CAN-2003-0462] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0462 [CAN-2003-0465] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0465 [CAN-2002-0499] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0499 [CAN-2003-0501] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0501 [CAN-2003-0961] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/zdPPK0LzjOqIJMwRAhBKAKC9M9om9yt35k021whQx0OZ4L8hMgCfdjey 7mBX+8qanZnDyTsbsNg/uJ4= =kDIZ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html