Slackware alert: Kernel 2.2.16 and /usr/bin/Mail

Posted by dave on Jun 9, 2000 11:58 PM EDT
Mailing list
Mail this story
Print this story

The 2.2.16 release of the Linux kernel is available and includes a number of security fixes. The following list of fixes comes from the kernel release notes:



==================================== Kernel Version 2.2.16 Security Fixes ====================================

The 2.2.16 release of the Linux kernel is available and includes a number of security fixes. The following list of fixes comes from the kernel release notes:

---------------------------------------------------------------------------- Capabilities - Fixes for serious setuid handling flaws when using restricted capability sets ELF loader - The ELF loader could be tricked by erroneous headers Procfs - Several /proc drivers failed to do correct sanity checking Readv/writev - Potential overflow bug fixed Signal Stacks - Exec failed to clear an existing alternate sigstack System 5 Shared Memory - If a user managed to attach a segment 65536 times bad things happened. TCP multiconnect hang - The TCP code had a bug that could cause the machine to hang. This was user exploitable. -----------------------------------------------------------------------------

We recommend that you read the above as a list of reasons to upgrade to 2.2.16, if you're running a 2.2.x kernel. The capabilities hole is especially nasty, as it allows a local user to gain root access from a program that normally drops root privileges.

The standard pre-built Slackware kernels have been built from 2.2.16 source and are now available in Slackware-current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/

You will probably also need a new set of modules, available from:

ftp://ftp.slackware.com/pub/slackware/slackware-current/modules/

They are also available in packaged form in the slackware-current ftp tree (ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/). The files, within that directory, are:

a1/modules.tgz, a1/scsimods.tgz, a1/sndmods.tgz, a1/fsmods.tgz, and n1/netmods.tgz

The kernel release notes are available here:

http://www.linux.org.uk/VERSION/relnotes.2216.html

========================= /usr/bin/Mail chmoded 755 =========================

The Mail program shipped with Slackware has been shown to be subject to a buffer overflow that, if the program is sgid (as shipped with Slackware), can provide a malicious user with gid "mail". Having gid "mail" does not allow a user any special priveleges, as the mail group hasn't been used in Slackware for years. There is a security advisory being passed around, but we assure you there's no threat from the Mail flaw. Nonetheless, holes are no fun, and we've closed this one by removing the sgid bit from /bin/Mail. A new mailx.tgz package is available in Slackware-current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/mailx.tgz

==============================================================================

As always, more information is available in the Slackware-current ChangeLog:

ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt

-- Your Friendly Neighborhood Slackware Security Team security@slackware.com



  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.