From security-announce@turbolinux.co.jp Fri May 21 14:14:02 2004 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Fri, 21 May 2004 21:41:54 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 21/May/2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 21/May/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kernel -> Multiple vulnerabilities within the kernel =========================================================== * kernel -> Multiple vulnerabilities within the kernel =========================================================== More information : The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system. - Real time clock (RTC) routines in Linux kernel does not properly initialize their structures, which could leak kernel data to user space. - The R128 driver has a vulnerability. - Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel. - Buffer overflow in the ISO9660 file system component for Linux kernel. - The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash). - The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for an ext3 file system, which allows local users to obtain sensitive information by reading the raw device. - A "potential" buffer overflow exists in the panic() function in kernel. - The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion). Impact : The vulnerabilities may allow an attacker to cause a denial of service to the kernel and gain sensitive information from your system. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- # turboupdate # turbopkg # zabom update kernel kernel-BOOT kernel-doc kernel-headers \ kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source --------------------------------------------- Source Packages Size : MD5 kernel-2.4.25-3.src.rpm 36845560 43f987c9ba58bef4d2052d517bae91a3 Binary Packages Size : MD5 kernel-2.4.25-3.i586.rpm 13768395 961cb1242dc89e6b815cece76aecfe42 kernel-BOOT-2.4.25-3.i586.rpm 6894271 f2ed3e7abd7cba9d90a50a8996aa8115 kernel-doc-2.4.25-3.i586.rpm 1573387 4d5f79df18f678771d1a8470d21810e0 kernel-headers-2.4.25-3.i586.rpm 1986966 7c265f85713748fc7fd20df340c8d7ee kernel-pcmcia-cs-2.4.25-3.i586.rpm 365681 f74d9b0d52602a69df8825831d92edca kernel-smp-2.4.25-3.i586.rpm 14161425 9cc5b89c2f126904a2cca9ebd7700531 kernel-smp64G-2.4.25-3.i586.rpm 14139065 65dcf2069df77cd6ecd74b234187df8a kernel-source-2.4.25-3.i586.rpm 27434031 a965e854d02602e541b26409e4d1d244 Source Packages Size : MD5 kernel-2.4.25-3.src.rpm 36845560 43f987c9ba58bef4d2052d517bae91a3 Binary Packages Size : MD5 kernel-2.4.25-3.i586.rpm 13768395 961cb1242dc89e6b815cece76aecfe42 kernel-BOOT-2.4.25-3.i586.rpm 6894271 f2ed3e7abd7cba9d90a50a8996aa8115 kernel-doc-2.4.25-3.i586.rpm 1573387 4d5f79df18f678771d1a8470d21810e0 kernel-headers-2.4.25-3.i586.rpm 1986966 7c265f85713748fc7fd20df340c8d7ee kernel-pcmcia-cs-2.4.25-3.i586.rpm 365681 f74d9b0d52602a69df8825831d92edca kernel-smp-2.4.25-3.i586.rpm 14161425 9cc5b89c2f126904a2cca9ebd7700531 kernel-smp64G-2.4.25-3.i586.rpm 14139065 65dcf2069df77cd6ecd74b234187df8a kernel-source-2.4.25-3.i586.rpm 27434031 a965e854d02602e541b26409e4d1d244 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kernel-2.6.0-8.src.rpm 47387817 b0e9f3c652a6692b6d4741cd2e539453 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-2.6.0-8.i586.rpm 13148949 99104a31b0a0d5c71028a76d8bd00ad9 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-doc-2.6.0-8.i586.rpm 1662274 c2db44905b2022da855158cd38f0de33 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-extramodules-2.6.0-8.i586.rpm 2965265 69554343ca7d2a30a9636bd5255b0b45 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-headers-2.6.0-8.i586.rpm 1753842 9d31c7f0e6a0a075a6bc6bc5f4ce20c7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-pcmcia-cs-2.6.0-8.i586.rpm 315306 495778a6eb08807ce19ec0a7e3dae0db ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-smp-2.6.0-8.i586.rpm 13768557 2361cbb154eb9aa3eaac8531fe6f3ed8 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-source-2.6.0-8.i586.rpm 28488662 0a9026a322b4706f1778c27cae6e199a Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-19.src.rpm 42490854 5761fc3d88ea02e8a9f4df3df14bcf23 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-19.i586.rpm 14113738 2d76e70834488d6f50d66a9afa1f597a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm 7155061 bd1dd1d261efa45d5ceaf82053236c8f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm 1458658 979a80fd18e5aec2fd1c5f5b31f90e0a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm 1823440 88f3e57e5b28a482bca32b77c36767d4 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm 330265 a0484c72d42f1b915201932daea34627 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm 14622675 a9939b840cd5d091ca04c8b4e10b2990 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm 14606327 a8ea380db63bef81b78b37bd66cd23b7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm 26627664 99fc6ae43a40a3257e63e7f09853f681 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-19.src.rpm 42490854 5761fc3d88ea02e8a9f4df3df14bcf23 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-19.i586.rpm 14113738 2d76e70834488d6f50d66a9afa1f597a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm 7155061 bd1dd1d261efa45d5ceaf82053236c8f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm 1458658 979a80fd18e5aec2fd1c5f5b31f90e0a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm 1823440 88f3e57e5b28a482bca32b77c36767d4 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm 330265 a0484c72d42f1b915201932daea34627 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm 14622675 a9939b840cd5d091ca04c8b4e10b2990 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm 14606327 a8ea380db63bef81b78b37bd66cd23b7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm 26627664 99fc6ae43a40a3257e63e7f09853f681 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-19.src.rpm 42490854 5761fc3d88ea02e8a9f4df3df14bcf23 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-19.i586.rpm 14113738 2d76e70834488d6f50d66a9afa1f597a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm 7155061 bd1dd1d261efa45d5ceaf82053236c8f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm 1458658 979a80fd18e5aec2fd1c5f5b31f90e0a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm 1823440 88f3e57e5b28a482bca32b77c36767d4 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm 330265 a0484c72d42f1b915201932daea34627 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm 14622675 a9939b840cd5d091ca04c8b4e10b2990 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm 14606327 a8ea380db63bef81b78b37bd66cd23b7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm 26627664 99fc6ae43a40a3257e63e7f09853f681 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-19.src.rpm 42490854 5761fc3d88ea02e8a9f4df3df14bcf23 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-19.i586.rpm 14113738 2d76e70834488d6f50d66a9afa1f597a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm 7155061 bd1dd1d261efa45d5ceaf82053236c8f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm 1458658 979a80fd18e5aec2fd1c5f5b31f90e0a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm 1823440 88f3e57e5b28a482bca32b77c36767d4 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm 330265 a0484c72d42f1b915201932daea34627 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm 14622675 a9939b840cd5d091ca04c8b4e10b2990 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm 14606327 a8ea380db63bef81b78b37bd66cd23b7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm 26627664 99fc6ae43a40a3257e63e7f09853f681 Notice : You have to reboot your system after this update is finished. kernel-2.4.25-3 CAN-2004-0010, CAN-2004-0394, CAN-2004-0427 kernel-2.6.0-8 CAN-2004-0109, CAN-2004-0427 kernel-2.4.18-19 CAN-2003-0984, CAN-2004-0003, CAN-2004-0010, CAN-2004-0109 CAN-2004-0178, CAN-2004-0181, CAN-2004-0394, CAN-2004-0427 References: CVE [CAN-2003-0984] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984 [CAN-2004-0003] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003 [CAN-2004-0010] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0010 [CAN-2004-0109] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109 [CAN-2004-0178] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0178 [CAN-2004-0181] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181 [CAN-2004-0394] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394 [CAN-2004-0427] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFArfkUK0LzjOqIJMwRAjiaAKCwR1fuBQGtyjEgHkUdkbyPywz5eQCfXCBX dKcvDeuxkyjyHnGcfKedwsg= =pfn/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html