[tinysofa-announce] TSSA-2005-021-ES - kernel

tinysofa Security Team security at tinysofa.org
Thu Apr 21 19:11:22 UTC 2005 

 ===========================================================================
                                             _     
                         |_ .  _      _  _  (_  _  
                         |_ | | ) \/ _) (_) |  (_| 
                                  /                


                      Security  Advisory  #2005-021-ES

 Package name:      kernel
 Summary:           Multiple security fixes
 Advisory ID:       TSSA-2005-021-ES
 Date:              2005-04-22
 Affected versions: tinysofa enterprise server 2.0
 CVE names:         CAN-2005-0135 CAN-2005-0207 CAN-2005-0209 CAN-2005-0384
                    CAN-2005-0400 CAN-2005-0449 CAN-2005-0529 CAN-2005-0530 
                    CAN-2005-0531 CAN-2005-0736 CAN-2005-0749 CAN-2005-0750
                    CAN-2005-0767 CAN-2005-0815 CAN-2005-0839 CAN-2005-0867 
                    CAN-2005-0977 CAN-2005-1041

 ===========================================================================

 Security Fixes
 ============== 

 Description
 -----------

  kernel:
  * Linux [0] is a clone of the operating system Unix, written from
    scratch by Linus Torvalds with assistance from a loosely-knit team of
    hackers across the Net. It aims towards POSIX and Single UNIX
    Specification compliance.


  Issues resolved:

    A flaw in the fib_seq_start function was discovered. A local user could 
    use this flaw to cause a denial of service (system crash) via 
    /proc/net/route. (CAN-2005-1041)

    A flaw in the tmpfs file system was discovered. A local user could use 
    this flaw to cause a denial of service (system crash). (CAN-2005-0977)

    An integer overflow flaw was found when writing to a sysfs file. A local
    user could use this flaw to overwrite kernel memory, causing a denial of
    service (system crash) or arbitrary code execution. (CAN-2005-0867)

    Keith Owens reported a flaw in the Itanium unw_unwind_to_user function.
    A local user could use this flaw to cause a denial of service 
    (system crash) on Itanium architectures. (CAN-2005-0135)

    A flaw in the NFS client O_DIRECT error case handling was discovered. A
    local user could use this flaw to cause a denial of service
    (system crash). (CAN-2005-0207)

    A flaw in fragment forwarding was discovered that affected the netfilter
    subsystem for certain network interface cards. A remote attacker could 
    send a set of bad fragments and cause a denial of service 
    (system crash). Acenic and SunGEM network interfaces were the only 
    adapters affected, which are in widespread use. (CAN-2005-0209)

    A flaw was discovered in the Linux PPP driver. On systems allowing 
    remote users to connect to a server using ppp, a remote client could 
    cause a denial of service (system crash). (CAN-2005-0384)

    A flaw was discovered in the ext2 file system code. When a new directory
    is created, the ext2 block written to disk is not initialized, which 
    could lead to an information leak if a disk image is made available to
    unprivileged users. (CAN-2005-0400)

    A flaw in fragment queuing was discovered that affected the Linux kernel
    netfilter subsystem. On systems configured to filter or process network
    packets (e.g. firewalling), a remote attacker could send a carefully
    crafted set of fragmented packets to a machine and cause a denial of
    service (system crash). In order to sucessfully exploit this flaw, the
    attacker would need to know or guess some aspects of the firewall 
    ruleset on the target system. (CAN-2005-0449)

    A number of flaws were found in the Linux 2.6 kernel. A local user could
    use these flaws to read kernel memory or cause a denial of service 
    (crash). (CAN-2005-0529, CAN-2005-0530, CAN-2005-0531)

    An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A
    local user could use this flaw to overwrite low kernel memory. This 
    memory is usually unused, not usually resulting in a security 
    consequence. (CAN-2005-0736)

    A flaw when freeing a pointer in load_elf_library was discovered. A 
    local user could potentially use this flaw to cause a denial of service 
    (crash). (CAN-2005-0749)

    A flaw was discovered in the bluetooth driver system. On systems where 
    the bluetooth modules are loaded, a local user could use this flaw to 
    gain elevated (root) privileges. (CAN-2005-0750)

    A race condition was discovered that affected the Radeon DRI driver. A
    local user who has DRI privileges on a Radeon graphics card may be able
    to use this flaw to gain root privileges. (CAN-2005-0767)

    Multiple range checking flaws were discovered in the iso9660 file system
    handler. An attacker could create a malicious file system image which 
    would cause a denial or service or potentially execute arbitrary code if
    mounted. (CAN-2005-0815)

    A flaw was discovered when setting line discipline on a serial tty. A 
    local user may be able to use this flaw to inject mouse movements or 
    keystrokes when another user is logged in. (CAN-2005-0839)  
      
 References
 ----------
  [0] http://www.kernel.org/


 Recommended Action
 ==================

  We recommend that all systems be upgraded as soon as possible.


 Location
 ========

  All tinysofa updates are available from
  <URI:http://http.tinysofa.org/pub/tinysofa/updates/>
  <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>


 Automatic Updates
 =================

  Users of the APT tool can enjoy having updates automatically
  installed using 'apt-get dist-upgrade'.

  Please make sure that the new kernel is set as the default kernel
  in /etc/grub.conf before rebooting. This can be achieved by changing
  the 'default=' line to match the correct position of the new kernel
  (which should be '0'.)

 Questions?
 ==========

  Check out our mailing lists:
  <URI:http://www.tinysofa.org/support/>


 Verification
 ============

  This advisory is signed with the tinysofa security sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>

  All tinysofa packages are signed with the tinysofa stable sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>

  The advisory is available from the tinysofa errata database at
  <URI:http://www.tinysofa.org/support/errata/>
  or directly at
  <URI:http://www.tinysofa.org/support/errata/2005/021.html>


 MD5sums Of The Packages
 =======================

 [server-2.0]

  1defcf27d7623bc79ebd18445aa9c0f4  kernel-2.6.9-5.0.5ts.i586.rpm
  d5da4323e1a305e0287a4450ee6b451a  kernel-2.6.9-5.0.5ts.i686.rpm
  fa3ae8bfec5567008452dedba0f36e59  kernel-devel-2.6.9-5.0.5ts.i586.rpm
  c3027fa594073f6cdbe70ad153f33090  kernel-devel-2.6.9-5.0.5ts.i686.rpm
  ca33dbd3804b094a686e8819d1d1dc76  kernel-doc-2.6.9-5.0.5ts.noarch.rpm
  e2cb731e44af0ae4297edbac94eeff12  kernel-smp-2.6.9-5.0.5ts.i686.rpm
  954d8d814428f038815a0ec4398e1fad  kernel-smp-devel-2.6.9-5.0.5ts.i686.rpm


 --
 tinysofa Security Team <security at tinysofa dot org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.tinysofa.org/pipermail/tinysofa-announce/attachments/20050421/59b416e6/attachment.bin

More information about the Tinysofa-announce mailing list