-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0083 Package name: kernel Summary: Local DoS Date: 2002-19-12 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Problem description: In all Linux 2.2 kernels up to and including 2.2.23, the /proc/<pid>/mem interface can be abused to crash the system. This release is patched disabling the usage of mmap() on /proc/<pid>/mem. Action: We recommend that all systems with this package installed be upgraded. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 8bf46717922b74dce7cce2c20c1c40b2 ./1.1/RPMS/kernel-2.2.22-8tr.i586.rpm 128f2bedd2b75b5b826e1192b1c8014f ./1.1/RPMS/kernel-BOOT-2.2.22-8tr.i586.rpm 4faa41fa29ef216e410b502bf7f3bc8d ./1.1/RPMS/kernel-doc-2.2.22-8tr.i586.rpm e96cb88f6265670a9df6693bb5146c76 ./1.1/RPMS/kernel-headers-2.2.22-8tr.i586.rpm a863c612964514d0414d39c838edd33c ./1.1/RPMS/kernel-smp-2.2.22-8tr.i586.rpm 8281ac5ac9db2edfd774b0b36cd29305 ./1.1/RPMS/kernel-source-2.2.22-8tr.i586.rpm 871ff841cc270853e40685b1ca73ee7b ./1.1/RPMS/kernel-utils-2.2.22-8tr.i586.rpm 6fbf42ab35d5eaf8140b1a1725655bb5 ./1.1/SRPMS/kernel-2.2.22-8tr.src.rpm c2edcf9e0aa8deff4a85e680d654e6dd ./1.2/RPMS/kernel-2.2.22-8tr.i586.rpm 992d44d4fa51bf4098ffa595da758e90 ./1.2/RPMS/kernel-BOOT-2.2.22-8tr.i586.rpm ecbbcfc05db0f38ec1e76488a8b0ca72 ./1.2/RPMS/kernel-doc-2.2.22-8tr.i586.rpm 8f101137b75b75b12345f659abb352a6 ./1.2/RPMS/kernel-headers-2.2.22-8tr.i586.rpm 7039175a62f4a9ac561377ef57f61ea9 ./1.2/RPMS/kernel-smp-2.2.22-8tr.i586.rpm 1dd50cf1b95272ce95db2037d4e1d477 ./1.2/RPMS/kernel-source-2.2.22-8tr.i586.rpm 0b92b66f37b6811c329d6c96f21df7c1 ./1.2/RPMS/kernel-utils-2.2.22-8tr.i586.rpm 6fbf42ab35d5eaf8140b1a1725655bb5 ./1.2/SRPMS/kernel-2.2.22-8tr.src.rpm 6b9a40f9e62b263fdb2375172655dbcd ./1.5/RPMS/kernel-2.2.22-8tr.i586.rpm 3eb4bfd459653baa628d3eea3935ab9b ./1.5/RPMS/kernel-BOOT-2.2.22-8tr.i586.rpm b721d5c6ff919dea0323de510abc0a85 ./1.5/RPMS/kernel-doc-2.2.22-8tr.i586.rpm 0a792c78a2c912115fd9ad741b75ccfe ./1.5/RPMS/kernel-headers-2.2.22-8tr.i586.rpm 1e33ee7bc7a7caafbadd9e0f0114977b ./1.5/RPMS/kernel-smp-2.2.22-8tr.i586.rpm 5677a192a348c38513c08dfc6aa28b04 ./1.5/RPMS/kernel-source-2.2.22-8tr.i586.rpm e1da8df14695e351d6e0d27c91c991f2 ./1.5/RPMS/kernel-utils-2.2.22-8tr.i586.rpm 6fbf42ab35d5eaf8140b1a1725655bb5 ./1.5/SRPMS/kernel-2.2.22-8tr.src.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+AhWhwRTcg4BxxS0RAg5SAJ91WGHrd62kyKo3HX2jOKpYwyh/EgCfRGCt qwNq+X+7+E/XuM9afdyGn5s= =b0Kv -----END PGP SIGNATURE-----
