Trustix Security Advisory - proftpd, kernel

[Trustix Security Advisory Team <tsl () TRUSTIX COM>]

Hi

Trustix has made available security updates for Trustix secure linux.

kernel:
Trustix specific: no
Distribution versions: All
A race condition in ptrace allows a malicious user to gain root.  A
signedness error in the sysctl interface also potentially allows a user
to gain root.

proftpd:
Trustix specific: no
Distribution versions: All
Several memory leaks connected to the USER and SIZE ftp commands leading
to potential DoS have been fixed.  Several other improvements have also
been made.

MD5Sums:
0c5f58bdaa46a3548a249e88458e713e  1.2/kernel-2.2.17-6tr.i586.rpm
2c4448c6ff20753ea6d56132657e377d  1.2/proftpd-1.2.0rc3-1tr.i586.rpm
b378af55cdf0cb09aa239eee5254fca9  1.1/proftpd-1.2.0rc3-1tr.i586.rpm

Attention:
When upgrading the kernel, follow the howto at:
http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html

If an update is not available for your (old) version of Trustix Secure
Linux, use the closest one.Packages can be downloaded from:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/

Or from one of our mirrors:
http://www.trustix.net/mirrors.php3

1.2 users who have installed the optional SWUP-package (from
ftp://ftp.trustix.com/pub/Trustix/software/swup/) can use
'swup --upgrade' to automatically download and install the new
packages.  An exception to this is the kernel.

For a full update history of the 1.2 release, see:
ftp://ftp.trustix.com/pub/Trustix/updates/1.2/ChangeLog

Trustix Security Team