From tsl@TRUSTIX.COM Fri Apr 6 05:42:17 2001 From: tsl@TRUSTIX.COM To: BUGTRAQ@SECURITYFOCUS.COM Date: Thu, 5 Apr 2001 17:59:44 +0200 Subject: [BUGTRAQ] Trustix Security Advisory #2001-0003 - kernel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0003 Package name: kernel Severity: Local root exploit Date: 2001-04-05 Affected versions: TSL 1.01, 1.1, 1.2 - -------------------------------------------------------------------------- Problem description: Some time ago, a vulnerability was discovered that allowed for root access through ptrace call in the linux kernel. This was originally considered fixed in a previous patch, but as it turns out, it wasn't. This is fixed in kernel version 2.2.19. Action: We recommend all systems which has this package installed to be upgraded. Please see the Kernel Upgrade Howto, available from for more information on how to upgrade your TSL kernel. Location: All TSL updates are available from Users of the SWUP tool, can enjoy having the security updates automatically installed using 'swup --upgrade'. Get SWUP from: ftp://ftp.trustix.net/pub/Trustix/software/swup/ Note that you may not want to use SWUP to do unattended kernel upgrades, and it does not do so by default. Questions? Check out our mailinglists: http://www.trustix.net/support/ Verification: This advisory is signed with the TSL sign key. It is available from: http://www.trustix.net/TSL-GPG-KEY Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6zI25wRTcg4BxxS0RAnTXAJ9e/T9ysKpK9TQnXhP7V2aXsCiArgCdF12s K17kWuT59qtzxW64YMduZFQ= =m9sm -----END PGP SIGNATURE----- -- Trustix Secure Linux Advisor Homepage: http://www.trustix.net/ Errata: http://www.trustix.net/errata/ Automatic updates: http://www.trustix.net/pub/Trustix/software/swup/