Full Disclosure mailing list archives
[TURBOLINUX SECURITY INFO] 23/Feb/2004
From: Turbolinux <security-announce () turbolinux co jp>
Date: Mon, 23 Feb 2004 16:23:43 +0900
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 23/Feb/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kernel -> kernel mremap vulnerability =========================================================== * kernel -> kernel mremap vulnerability =========================================================== More information : The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system. The kernel handles the basic functions of the operating system. The Linux memory management subsystem (mremap) isssue have been discovered in Kernel2.4. This vulnerability is a different than TLSA-2004-1. Impact : The local users may be able to gain root privileges. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs \ kernel-smp kernel-smp64G kernel-source --------------------------------------------- <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-17.src.rpm 41913933 5ccb9a89c3be94deab1c97ab586c09c9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-17.i586.rpm 14075980 30ccd11d880a7e0e32bbee21439ec709 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm 7101289 e30110e267be513da3c358ad0d4b4550 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm 1457830 24714114e93a4a93a814cdf4498159bc ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm 1816441 85f24c7dd6dd7cf8da00e8050c124195 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm 329393 488edeb522ce0790bf4298e8d11b25eb ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm 14549351 a17c70329b0912939a60bb4ca9017049 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm 14542476 c5346adab1623182b4c75e6392a08d62 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-17.i586.rpm 26544848 6fe1468ae10699ea55b0421c8e89db32 <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-17.src.rpm 41913933 5ccb9a89c3be94deab1c97ab586c09c9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-17.i586.rpm 14075980 30ccd11d880a7e0e32bbee21439ec709 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm 7101289 e30110e267be513da3c358ad0d4b4550 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm 1457830 24714114e93a4a93a814cdf4498159bc ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm 1816441 85f24c7dd6dd7cf8da00e8050c124195 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm 329393 488edeb522ce0790bf4298e8d11b25eb ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm 14549351 a17c70329b0912939a60bb4ca9017049 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm 14542476 c5346adab1623182b4c75e6392a08d62 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-17.i586.rpm 26544848 6fe1468ae10699ea55b0421c8e89db32 <Turbolinux 7 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-17.src.rpm 41913933 5ccb9a89c3be94deab1c97ab586c09c9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-17.i586.rpm 14075980 30ccd11d880a7e0e32bbee21439ec709 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm 7101289 e30110e267be513da3c358ad0d4b4550 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm 1457830 24714114e93a4a93a814cdf4498159bc ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm 1816441 85f24c7dd6dd7cf8da00e8050c124195 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm 329393 488edeb522ce0790bf4298e8d11b25eb ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm 14549351 a17c70329b0912939a60bb4ca9017049 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm 14542476 c5346adab1623182b4c75e6392a08d62 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-17.i586.rpm 26544848 6fe1468ae10699ea55b0421c8e89db32 <Turbolinux 7 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-17.src.rpm 41913933 5ccb9a89c3be94deab1c97ab586c09c9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-17.i586.rpm 14075980 30ccd11d880a7e0e32bbee21439ec709 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-17.i586.rpm 7101289 e30110e267be513da3c358ad0d4b4550 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-17.i586.rpm 1457830 24714114e93a4a93a814cdf4498159bc ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-17.i586.rpm 1816441 85f24c7dd6dd7cf8da00e8050c124195 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-17.i586.rpm 329393 488edeb522ce0790bf4298e8d11b25eb ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-17.i586.rpm 14549351 a17c70329b0912939a60bb4ca9017049 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-17.i586.rpm 14542476 c5346adab1623182b4c75e6392a08d62 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-17.i586.rpm 26544848 6fe1468ae10699ea55b0421c8e89db32 References : CVE [CAN-2004-0077] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact <supp_info () turbolinux co jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAOaqCK0LzjOqIJMwRAjSwAKCYURsgoIQi5KaUxAX7R8EAm8VFdACdHSrQ Kz0qI7oMT7Qc+4jcYCf36gE= =OxkY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [TURBOLINUX SECURITY INFO] 23/Feb/2004 Turbolinux (Feb 23)