TUCoPS :: Linux :: Conectiva

TUCoPS :: Linux :: Conectiva :: bt696.txt
kernel CLA-2003:701


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : kernel
SUMMARY   : Vulnerabilities and bugfixes for the kernel
DATE      : 2003-07-22 14:27:00
ID        : CLA-2003:701
RELEVANT
RELEASES  : 9

- -------------------------------------------------------------------------

DESCRIPTION
 The Linux kernel is responsible for handling the basic functions of
 the GNU/Linux operating system.
 
 This update for Conectiva Linux 9 addresses several issues which are
 outlined below.
 
 Security fixes:
 
 1. Denial of service in the TTY layer (CAN-2003-0247 [1][2])
 Al Viro found a vulnerability in the TTY layer where a local attacker
 could cause a denial of service condition.
 
 2. ioperm() restrictions (CAN-2003-0246 [3])
 The ioperm() system call does not properly restrict privileges, which
 allows local users to gain read or write access to certain I/O
 ports.
 
 3. mxcsr (CAN-2003-0248 [4])
 Andrea Arcangeli found a vulnerability in the mxcsr code which allows
 local attackers to change CPU registers, possibly causing a denial of
 service condition.
 
 4. TCP/IP fragments denial of service (CAN-2003-0364 [5])
 The TCP/IP fragment reassembly routines contain a denial of service
 vulnerability where a remote attacker is able to make the targeted
 system consume excessive amounts of CPU time due to hash table
 entries collisions.
 
 5. Denial of service in routing table (CAN-2003-0244 [6])
 There is a denial of service vulnerability in the routing cache table
 and in the netfilter connection tracking module which could be
 exploited by remote attackers. Carefully constructed network traffic,
 when hitting a vulnerable system, would cause internal hash table
 entries collisions and excessive CPU usage.
 
 6. Insecure device permissions when using devfs [7]
 Christoph Hellwig <hch@infradead.org> reported that the dev
 filesystem (devfs) creates several devices with insecure default
 permissions, which would allow local users to read from and write to
 these devices. Please note that "devfs" is not used by default in
 Conectiva Linux.
 
 Below are other important fixes, not security related, to the kernel
 pacakages:
 
 7. Better ptrace[16] fix
 The previous patch which fixes the ptrace vulnerability also
 introduces some undesired collateral effects, such as the inability
 to ptrace some processes (useful when debugging) and gather command
 line parameters.
 
 8. Module aic79xx missing [8]
 The kernel shipped with Conectiva Linux 9 did not have the aic79xx
 module, which is necessary for some SCSI Adaptec cards.
 
 9. No drbd support [9]
 The kernel shipped with Conectiva Linux 9 did not have drbd support.
 In high availability systems, drbd is used to replicate data between
 the nodes.
 
 10. IPX networking support [10]
 The "full internal IPX network" option was inadvertently enabled in
 the kernel packages shipped with Conectiva Linux 9. This caused
 problems in IPX networks.
 
 11. "init=" boot parameter not working [11]
 The "init=" boot parameter in Conectiva Linux 9 does not work as
 expected, making it impossible to be used. This has been fixed.
 
 12. Third party modules [12][13][14]
 The kernel packages have been fixed to allow the correct compilation
 of third party modules such as NVidia and vmware. Previously this was
 only possible via a sequence of make mrproper, make oldconfig and
 make dep.


SOLUTION
 It is recommended that all Conectiva Linux 9 users upgrade their
 kernel packages. The kernel in Conectiva Linux 8 and 7.0 is also
 affected. These versions of the distribution will get a separate
 announcement.
 
 IMPORTANT: exercise caution and preparation when upgrading the
 kernel, since it will require a reboot after the new packages are
 installed. In particular, Conectiva Linux 9 will most likely require
 an initrd file (which is automatically created in the /boot directory
 after the new packages are installed). Generic kernel update
 instructions can be obtained in the manuals and in our updates
 page[17]. More detailed instructions are also available in Portuguese
 at our Moin[15] page.
 
 
 REFERENCES
 1.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8527
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246
 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248
 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364
 6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244
 7.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8500
 8.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8278
 9.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8308
 10.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8316
 11.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8414
 12.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8503
 13.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8502
 14.http://bugzilla.conectiva.com.br/show_bug.cgi?id=7456
 15.https://moin.conectiva.com.br/UpdatingKernelPackages
 16.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000589
 17.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.athlon.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_4cl.athlon.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.athlon.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_4cl.pentium4.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_4cl.pentium4.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_4cl.pentium4.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/HXQg42jd0JmAcZARAuutAJ4vjghPKabsgTlyvE9AoueyHnnL3gCdHBG3
G2Gs76COhdoFAdVzJtXRQDs=
=djVZ
-----END PGP SIGNATURE-----