Trustix alert: kernel

Posted by dave on Apr 16, 2004 4:50 AM EDT
Mailing list; By Trustix Security Advisor <tsl@trustix.org>
Mail this story
Print this story

zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2004-0020

Package name: kernel Summary: Multiple vulnerabilities Date: 2004-04-15 Affected versions: Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2

- -------------------------------------------------------------------------- Package description: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Problem description:

CAN-2004-0109: zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0133: Usage of not properly initialized memory in the XFS code was discovered. This lead to an information leakage where some blocks in the file system would contain old data from the system memory.

CAN-2004-0177: Usage of not properly initialized memory in the ext3 code was discovered by Solar Designer of the Openwall project. This lead to an information leakage where some blocks in the file system would contain old data from the system memory. This was the first such vulnerability discovered, and directly lead to XFS and JFS being checked for this.

CAN-2004-0181: Usage of not properly initialized memory in the JFS code was discovered. This lead to an information leakage where some blocks in the file system would contain old data from the system memory.

Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location: All Trustix updates are available from

About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Public testing: Most updates for Trustix Secure Linux are made available for public testing some time before release. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at

You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf" regexp = ".*" }

Questions? Check out our mailing lists:

Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from:

The advisory itself is available from the errata pages at and or directly at

MD5sums of the packages: - -------------------------------------------------------------------------- 8d994963e068c1f16a562ee0485fc9fa TSEL-2/kernel-2.4.25-6tr.i586.rpm 542280963b534f90112766c3904f8bcf TSEL-2/kernel-BOOT-2.4.25-6tr.i586.rpm 55b076d1d91b5ad3d385b538dabc905e TSEL-2/kernel-doc-2.4.25-6tr.i586.rpm 3e5c324e8ea77f531d002d9b5371cb7a TSEL-2/kernel-firewall-2.4.25-6tr.i586.rpm 57a4a8656cbae06fce8347a42c1fc4b4 TSEL-2/kernel-firewallsmp-2.4.25-6tr.i586.rpm 2e150dbf1349c7c92d0ae60a63533c2c TSEL-2/kernel-smp-2.4.25-6tr.i586.rpm bab6bbb2d84387dd9f0637ee5ef067d1 TSEL-2/kernel-source-2.4.25-6tr.i586.rpm a146ec23af7707aa15a7c247b6c68517 TSEL-2/kernel-utils-2.4.25-6tr.i586.rpm 3d48910ac3b996ceb07ba370ace9e774 2.1/rpms/kernel-2.4.25-6tr.i586.rpm ca98156d867624018197d740056dfa72 2.1/rpms/kernel-BOOT-2.4.25-6tr.i586.rpm 5d2bfdc7694bccd5b413d1daae88800f 2.1/rpms/kernel-doc-2.4.25-6tr.i586.rpm 5293cd0c0b42edb093c6b2a4f92d1569 2.1/rpms/kernel-firewall-2.4.25-6tr.i586.rpm 102b113fe2e291350119b2063217d2d0 2.1/rpms/kernel-firewallsmp-2.4.25-6tr.i586.rpm 20c16de77e87fbdd5165503354486c31 2.1/rpms/kernel-smp-2.4.25-6tr.i586.rpm 0d7e62e11b9e0ac5d03ea998900ac8e5 2.1/rpms/kernel-source-2.4.25-6tr.i586.rpm e09c9a0acdb963e8658ab45a35eac51e 2.1/rpms/kernel-utils-2.4.25-6tr.i586.rpm 786f322bf38eb503e52c4da4d0a7f9e2 2.0/rpms/kernel-2.4.25-6tr.i586.rpm f1a499b5e887d2055bb446d8cb7dcc37 2.0/rpms/kernel-BOOT-2.4.25-6tr.i586.rpm c9ff6f7f2ed7b679a1ebe98689207acb 2.0/rpms/kernel-doc-2.4.25-6tr.i586.rpm 78cc78b887a4deedf0a14d1caa96b0d1 2.0/rpms/kernel-firewall-2.4.25-6tr.i586.rpm 79dcffe57e77d88feb1151d6735cc2fd 2.0/rpms/kernel-firewallsmp-2.4.25-6tr.i586.rpm a260b4aab909974f47787e5563f0ed7f 2.0/rpms/kernel-smp-2.4.25-6tr.i586.rpm fa5dcf6fd70a7be6405908da3f675ed8 2.0/rpms/kernel-source-2.4.25-6tr.i586.rpm 82bc2d674b471c04362613d9553a63b8 2.0/rpms/kernel-utils-2.4.25-6tr.i586.rpm - --------------------------------------------------------------------------

Trustix Security Team

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAf8xoi8CEzsK9IksRAseKAKCL6pfIp8J9ZyF9JYvK0nMIWmF9LQCfS39s 4zCEwxec7NrIY0dz5Q7WnEU= =3NOJ -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list [e-mail:tsl-announce@lists.trustix.org] http://lists.trustix.org/mailman/listinfo/tsl-announce

[PARSEASHTML]

  Nav
» Read more about: Story Type: Security; Groups: Trustix

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.