5181605 2000-06-10 10:07 /76 rader/ Postmaster
Mottagare: Bugtraq (import) <11246>
Ärende: CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20000608201504.A16871@conectiva.com.br>
Date: Thu, 8 Jun 2000 20:15:04 -0300
Reply-To: Sergio Bruder <bruder@CONECTIVA.COM.BR>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Sergio Bruder <bruder@CONECTIVA.COM.BR>
X-To: lwn@lwn.net, facosta@centroin.com.br, brain@matrix.com.br
bos@sekure.org
To: BUGTRAQ@SECURITYFOCUS.COM
----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------
PACKAGE: kernel-2.2.14
SUMMARY : Security problems with capabilities
DATE : 2000-06-08
AFFECTED CONECTIVA VERSIONS : 4.0, 4.1, 4.2 and 5.0
DESCRIPTION
The 2.2.x series of the linux kernel implement capabilities.
Capabilites can be used to restrict what the root user can do.
Many privileged programs, such as SUID programs, drop root
privileges before taking certain action, such as executing an
user supplied program.
By constructing an environment where a certain capability is
set, the loss of root privileges doesn't work and the privileged
program keeps on taking its action, but as root, not as a normal
user as it was intended to do. This can lead to root compromise.
SOLUTION
All users MUST upgrade the kernel immediately by downloading
the appropriate package below. This release incorporates the
fix used in the 2.2.16 version.
This kernel vulnerability can be exploited in many ways. Some
vendors have provided updated packages for their SUID programs,
such as sendmail. By upgrading the kernel, these specific vendor
updates are not necessary for this problem, unless they fix
something else too that the user needs.
Updates for versions 4.0, 4.1 and 4.2 will follow shortly.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/alsasound-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-BOOT-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-doc-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-headers-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-ibcs-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-install-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-pcmcia-cs-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-smp-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-source-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-devel-2.2.14-19cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGE
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/kernel-2.2.14-19cl.src.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's PGP key. The key can be
obtained at http://www.conectiva.com.br/conectiva/contato.html
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
(5181605) ------------------------------------------(Ombruten)