Debian alert: New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa)

Posted by dave on Apr 14, 2004 7:45 AM EDT
Mailing list; By joey@infodrom.org (Martin Schulze)
Mail this story
Print this story

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the hppa (PA-RISC) architecture.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 480-1 [e-mail:security@debian.org] http://www.debian.org/security/ Martin Schulze April 14th, 2004 http://www.debian.org/security/faq - --------------------------------------------------------------------------

Package : kernel-image-2.4.17-hppa kernel-image-2.4.18-hppa Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the hppa (PA-RISC) architecture. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update:

CAN-2004-0003

A vulnerability has been discovered in the R128 drive in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this

CAN-2004-0010

Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this.

CAN-2004-0109

zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this.

CAN-2004-0178

Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction for this.

These problems will also be fixed by upstream in Linux 2.4.26 and future versions of 2.6.

For the stable distribution (woody) these problems have been fixed in version 32.4 for Linux 2.4.17 and in version 62.3 for Linux 2.4.18.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your kernel packages immediately, either with a Debian provided kernel or with a self compiled one.

Upgrade Instructions - --------------------

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.dsc Size/MD5 checksum: 713 d6e475210d87586fafc91e1d557a1a81 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.tar.gz Size/MD5 checksum: 29958654 8357b4f2946cd1256a0ddf51395aaa1b

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.dsc Size/MD5 checksum: 713 a7dd8816219af9d8af30e0dd5d4933ae http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.tar.gz Size/MD5 checksum: 30341920 73ebcb15f4e1245792af77ab2edc8133

Architecture independent components:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.4_all.deb Size/MD5 checksum: 24111814 32a7c5a4b9b7f56f76a3810ee1c671bd

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-source-2.4.18-hppa_62.3_all.deb Size/MD5 checksum: 24403622 c5600ecd5365f4699e3937328536d997

HP Precision architecture:

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.4_hppa.deb Size/MD5 checksum: 3531374 1ace6b1a6f1575bb05cfa38eef8ae28e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.4_hppa.deb Size/MD5 checksum: 2738008 7460b70d3551740b099f47cc00f75a9a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.4_hppa.deb Size/MD5 checksum: 2870152 3012e161b10a40ef75b5ca7dc99f646a http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.4_hppa.deb Size/MD5 checksum: 3024374 dc9b851d809cbe09e4d4db58c905c8a8 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.4_hppa.deb Size/MD5 checksum: 3165848 b6b8cbf7f48fbf729c859350c7d09e11

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-headers-2.4.18-hppa_62.3_hppa.deb Size/MD5 checksum: 3545648 cdc19e048e49678e4f42bef608a24461 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32_62.3_hppa.deb Size/MD5 checksum: 2763774 f51ec93fcb6101a2e3ecf4d9767237c8 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32-smp_62.3_hppa.deb Size/MD5 checksum: 2903956 88e4ca002820f71fcc5101762f8b24e4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64_62.3_hppa.deb Size/MD5 checksum: 3061206 9ef449c857ec8a57c505fdee26b7a936 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64-smp_62.3_hppa.deb Size/MD5 checksum: 3199070 e59926283c57ef868881e6cc1e501e6b

These files will probably be moved into the stable distribution on its next revision.

- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [e-mail:debian-security-announce@lists.debian.org] Package info: 'apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfVO+W5ql+IAeqTIRAiSeAJ93ehL1LmbRBheMrhISXJb2IcMRSQCgna2i QZMFDWSgY4WZsGOz8HAYDcg= =pO1N -----END PGP SIGNATURE-----

-- To UNSUBSCRIBE, email to [e-mail:debian-security-announce-REQUEST@lists.debian.org] with a subject of "unsubscribe". Trouble? Contact [e-mail:listmaster@lists.debian.org]

[PARSEASHTML]

  Nav
» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.