[Dearest Bugtraq readers, please do not use challenge-response antispam tools, please do not report our GPG signature as a virus, and please do not send us out of office autoreplies. Thanks.] ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: Immunix OS 7+ Affected products: kernel Bugs fixed: CAN-2004-0077 Date: Thu Feb 26 2004 Advisory ID: IMNX-2004-7+-001-01 Author: Seth Arnold <sarnold@immunix.com> ----------------------------------------------------------------------- Description: Paul Starzetz and Wojciech Purczynski report finding a flaw in the mremap(2) system call due to a missing function return value check. While they found the flaw on the 2.4 series of Linux kernels, the 2.2 series of Linux kernels is also vulnerable to the same problem. This updated package includes a patch from Solar Designer to address this flaw, as well as some additional uninitialized memory leaking to userspace fixes. Immunix, Inc., would like to remind Immunix OS 7+ users that support for 7+ will be terminated on March 1, 2004. We will be happy to host updated packages sent to us by users; contact the immunix-users mail list for further information. Users may purchase Immunix OS 7.3 at: http://www.immunix.com/products/immunixos/ Immunix OS 7.3 includes StackGuard, FormatGuard, SubDomain, the 2.4 version of the Linux kernel with better scalability and device support, and up2date. More information on Immunix OS 7.3 is at: http://www.immunix.org/immunix73.html Package names and locations: Precompiled binary packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i586.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-2.2.19-16_imnx_29.i686.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-enterprise-2.2.19-16_imnx_29.i686.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-ibcs-2.2.19-16_imnx_29.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-pcmcia-cs-2.2.19-16_imnx_29.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i586.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-smp-2.2.19-16_imnx_29.i686.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-source-2.2.19-16_imnx_29.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/kernel-utils-2.2.19-16_imnx_29.i386.rpm Source packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/kernel-2.2.19-16_imnx_29.src.rpm Immunix OS 7+ md5sums: c2b9a8f0ab3026491fa8fb04234208ba RPMS/kernel-2.2.19-16_imnx_29.i386.rpm 454c4eb51de6d229c85c33900f85de84 RPMS/kernel-2.2.19-16_imnx_29.i586.rpm 448a88fb052a9e9c1afcecbbbfddc74e RPMS/kernel-2.2.19-16_imnx_29.i686.rpm 4468c2dc2f6c9138d18760699128eb19 RPMS/kernel-BOOT-2.2.19-16_imnx_29.i386.rpm bc740f31f66f7edbb5b4d5305b61012a RPMS/kernel-doc-2.2.19-16_imnx_29.i386.rpm 78c7b0fa3cabf9519174611f0f9413ae RPMS/kernel-enterprise-2.2.19-16_imnx_29.i686.rpm a1f34f891a53601b2ece582f8dea184d RPMS/kernel-ibcs-2.2.19-16_imnx_29.i386.rpm 6bc9e0872791f84f7475e4955215652a RPMS/kernel-pcmcia-cs-2.2.19-16_imnx_29.i386.rpm 74e32963fe41ad4a24dc0e8c00a2af2f RPMS/kernel-smp-2.2.19-16_imnx_29.i386.rpm 0599c5197b64db2711f71545de6db67e RPMS/kernel-smp-2.2.19-16_imnx_29.i586.rpm 30ba663d45fc6d7f0b4646b74ac5807b RPMS/kernel-smp-2.2.19-16_imnx_29.i686.rpm 0bdb57e7c70b45add66fdae520e2772a RPMS/kernel-source-2.2.19-16_imnx_29.i386.rpm a7c4640d6d4a0ad2cf3cbb638bd6c35f RPMS/kernel-utils-2.2.19-16_imnx_29.i386.rpm cc0d6ab4a6aec94565649bbf7a1926b8 SRPMS/kernel-2.2.19-16_imnx_29.src.rpm GPG verification: Our public keys are available at http://download.immunix.org/GPG_KEY Immunix, Inc., has changed policy with GPG keys. We maintain several keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for Immunix 7.3 package signing, and 1B7456DA for general security issues. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 7.3 will not be officially supported after March 31 2005. ImmunixOS 7+ will not be officially supported after March 1 2004. ImmunixOS 7.0 is no longer officially supported. ImmunixOS 6.2 is no longer officially supported. Contact information: To report vulnerabilities, please contact security@immunix.com. Immunix attempts to conform to the RFP vulnerability disclosure protocol http://www.wiretrip.net/rfp/policy.html.
Attachment:
pgp00491.pgp
Description: PGP signature