Immunix OS update Linux Kernel

From: Immunix Security Team (security@wirex.com)
Date: Sat Oct 20 2001 - 03:32:57 CEST

Previous message: Trustix Secure Linux Advisor: "TSLSA-2001-0028"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----------------------------------------------------------------------
Immunix OS Security Advisory

Packages updated: kernel-2.2.19
Affected products: Immunix OS 7.0 and 6.2
Bugs fixed: immunix/1760
Date: Fri Oct 19 2001
Advisory ID: IMNX-2001-70-035-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------

Description:
  Rafal Wojtczuk has found two serious flaws in the Linux kernel, both
  versions 2.2.19 and 2.4.11 are affected. The problems include deeply
  nested symlinks spending arbitrary amounts of time in kernel code, and
  yet another ptrace vulnerability. This release of kernel 2.2.19-8_imnx
  comes with two patches to fix the problems, supplied in Rafal's
  bugtraq post. We expect these patches to be included in 2.2.20 when it
  is released, but in the meantime we are making updated 2.2.19 packages
  available for our users.

  Note that kernel installs are different than other .rpms -- usually,
  one would want to use: rpm -ivh kernel-2.2.19-8_imnx.i386.rpm
  then check the /boot directory, /etc/lilo.conf file, and re-run lilo
  to install the new kernel. A reboot is required to complete the
  installation.

References:
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21

Source package for Immunix 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/kernel-2.2.19-8_imnx.src.rpm

Immunix OS 7.0 md5sums:
  f344f706fca87a2170c84cd17048ad48 RPMS/kernel-2.2.19-8_imnx.i386.rpm
  5f5a63ff9b9231a4d7de82eaac924fa1 RPMS/kernel-2.2.19-8_imnx.i586.rpm
  4517a2b0d8cfbc84627e63e238ab81af RPMS/kernel-2.2.19-8_imnx.i686.rpm
  36213cde1c21b52ad67257820bc90c9b RPMS/kernel-BOOT-2.2.19-8_imnx.i386.rpm
  cde7b782750a0cfdd7b6fa3b6702522c RPMS/kernel-doc-2.2.19-8_imnx.i386.rpm
  e81b411f1e247ba4283c6f2497bacab4 RPMS/kernel-pcmcia-cs-2.2.19-8_imnx.i386.rpm
  865a80d27ba7af3ee04db38cc0ddfca5 RPMS/kernel-smp-2.2.19-8_imnx.i386.rpm
  19cd3923f379b32c8e14b66e392f42a0 RPMS/kernel-smp-2.2.19-8_imnx.i586.rpm
  f11780c3f4fd1eac59ffa16f23d02795 RPMS/kernel-smp-2.2.19-8_imnx.i686.rpm
  3d291b0157735ff65ff5c8df2c3c15c8 RPMS/kernel-source-2.2.19-8_imnx.i386.rpm
  09fded8efc7baf5031c2fb03a200c5d8 RPMS/kernel-utils-2.2.19-8_imnx.i386.rpm
  97959b471e5eeb8e34cdad380cd03ab7 SRPMS/kernel-2.2.19-8_imnx.src.rpm

GPG verification:
  Our public key is available at <http://wirex.com/security/GPG_KEY>.
  *** NOTE *** This key is different from the one used in advisories
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@wirex.com. WireX
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

application/pgp-signature attachment: stored

Previous message: Trustix Secure Linux Advisor: "TSLSA-2001-0028"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Sat Oct 20 2001 - 09:09:47 CEST