6311693 2001-04-03 16:16 -0600  /200 rader/ Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-04  12:17  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: sup-info@LOCUTUS3.CALDERASYSTEMS.COM
Mottagare: Bugtraq (import) <16323>
Ärende: Security update: several security problems in linux kernel
------------------------------------------------------------
 CSSA-2001-012.0
From: Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010403161633.A21380@locutus3.calderasystems.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		several security problems in linux kernel
Advisory number: 	CSSA-2001-012.0
Issue date: 		2001 April, 3
Cross reference:
______________________________________________________________________________


1. Problem Description

   During code audits of the Linux Kernel several security problems
   have been found. Some of them allow a local attacker to gain
   root privileges through race conditions, others allow reading
   and possibly writing of random kernel memory.

   With these patches now being available in the 2.2.19 kernel, this
   update backports them to the kernels used in our products.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		All packages previous to
   				linux-2.2.10-12

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	linux-2.2.14-11S

   OpenLinux eDesktop 2.4       All packages previous to
   				linux-2.2.14-7

3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:
        
       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

c0abd6e725f9791545738d74e7a338f0
RPMS/linux-kernel-binary-2.2.10-12.i386.rpm
43907dfa0696a0d0e23b3d74ac98d6a0
RPMS/linux-kernel-doc-2.2.10-12.i386.rpm
ff332be214d5796097ee81bb436aa8aa
RPMS/linux-kernel-include-2.2.10-12.i386.rpm
bb28b2c5f99f601014e8c5f0f41b8e38
RPMS/linux-source-alpha-2.2.10-12.i386.rpm
4544ba8d0bd42d7cacb7624ac55cb97e
RPMS/linux-source-arm-2.2.10-12.i386.rpm
f6f6249203c1c01d7ce1343e2526a7c8
RPMS/linux-source-common-2.2.10-12.i386.rpm
7a6089c9c84b7ffece6429c0cc4061d5
RPMS/linux-source-i386-2.2.10-12.i386.rpm
d882ef84c328a93f7fe5ef4be618053e
RPMS/linux-source-m68k-2.2.10-12.i386.rpm
d65460cb00441d97ea84ccc4beebd8d9
RPMS/linux-source-mips-2.2.10-12.i386.rpm
6c8f1575dd55c3421081a1d225c808b8
RPMS/linux-source-ppc-2.2.10-12.i386.rpm
4b2ede9a55b08f7cfece30c60c82b25c
RPMS/linux-source-sparc-2.2.10-12.i386.rpm
2556435b553f1ad13974d6c5997639fe
RPMS/linux-source-sparc64-2.2.10-12.i386.rpm
21e54c126869848f2a87e13be8c8cf3e  RPMS/pcmcia-cs-3.0.14-3.i386.rpm
eb1bd121022e40501edb26104142dfdb  SRPMS/linux-2.2.10-12.src.rpm
45a67c026f4ec2f215431a77e593d318  SRPMS/pcmcia-cs-3.0.14-3.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  modprobe loop
          rpm -Fhv *.i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

4d81026c3b760cd3dfe6b18d6acbe123  RPMS/iBCS-2.1-6.i386.rpm
724c1ac2254480bbc0c694281d32e3b7  RPMS/iBCS-extras-2.1-6.i386.rpm
fa0b96983659f4394960420cc5840e06
RPMS/linux-kernel-binary-2.2.14-11S.i386.rpm
caa634390f73722de809082cb357f701
RPMS/linux-kernel-doc-2.2.14-11S.i386.rpm
5c4f321a82fdbe517a504124a6b52b99
RPMS/linux-kernel-include-2.2.14-11S.i386.rpm
db9dde4d02b3e7f8c49ed2e003ac2bec
RPMS/linux-source-alpha-2.2.14-11S.i386.rpm
0e25fda46af2085881085fdba0664061
RPMS/linux-source-arm-2.2.14-11S.i386.rpm
5c3c76c792108e2a50a7a13a9f450494
RPMS/linux-source-common-2.2.14-11S.i386.rpm
6a42f80110b86b34a74bf84b08b69d44
RPMS/linux-source-i386-2.2.14-11S.i386.rpm
abcfb03c424cbbb4584741659753f8dc
RPMS/linux-source-m68k-2.2.14-11S.i386.rpm
0cf7968c5c3e518cc44caf1931c406ec
RPMS/linux-source-mips-2.2.14-11S.i386.rpm
bc580c613872ce59319583f793fddb9f
RPMS/linux-source-ppc-2.2.14-11S.i386.rpm
040f856963f39940b93eb15203281337
RPMS/linux-source-sparc-2.2.14-11S.i386.rpm
ac0c3167d324a920f2fb96c63b80a38c
RPMS/linux-source-sparc64-2.2.14-11S.i386.rpm
3847dc7f2f8c0e38f8becedb5c252bf4  RPMS/pcmcia-cs-3.1.4-3.i386.rpm
5945740159408f1776dcb6aa2fb49b03  SRPMS/iBCS-2.1-6.src.rpm
563cf982dba25b5952040bcd47ea581b  SRPMS/linux-2.2.14-11S.src.rpm
d15ab81be9d67ffec3242b4ec48e8eb9  SRPMS/pcmcia-cs-3.1.4-3.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  modprobe loop
          rpm -Fvh *.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

831b263708b378875b5e70c30b2d1a81  RPMS/hwprobe-20000214-4.i386.rpm
25af31770447ac4fd18b050a0c0c3b9e  RPMS/iBCS-2.1-10.i386.rpm
01a135805e279368bd829daef4a6af78  RPMS/iBCS-extras-2.1-10.i386.rpm
d4370bf7f3a68df55ff0001aea1d1f32
RPMS/iBCS-module-2.1_2.2.14-10.i386.rpm
d5fa42ab1c129f89f6aac8ab594bf7e6
RPMS/linux-kernel-binary-2.2.14-7.i386.rpm
b39cf54a0ff4a3f0de6edc02f6f15804
RPMS/linux-kernel-doc-2.2.14-7.i386.rpm
d5e005ab9e3d568d82aa002c14336fb0
RPMS/linux-kernel-include-2.2.14-7.i386.rpm
69d1f35ff0afe3e3f3ac33c22c6c08a9
RPMS/linux-source-alpha-2.2.14-7.i386.rpm
619af8b2535238d5b0fc01ccc1aa4b15
RPMS/linux-source-arm-2.2.14-7.i386.rpm
563a2448d1eb3a66ed744e705aede3d3
RPMS/linux-source-common-2.2.14-7.i386.rpm
065ac34ecc23b322e3481752ddeb1a29
RPMS/linux-source-i386-2.2.14-7.i386.rpm
760c2a64d58f3f44ee113ccbf7490777
RPMS/linux-source-m68k-2.2.14-7.i386.rpm
460047a1cc64a92bfafc953790388b3d
RPMS/linux-source-mips-2.2.14-7.i386.rpm
596aadafa3a68461ec9957810d20629e
RPMS/linux-source-ppc-2.2.14-7.i386.rpm
a5070e30981d650498ac3c5dd67b361c
RPMS/linux-source-sparc-2.2.14-7.i386.rpm
2db448f5eb2e7aac48f0a9c7f07d71c6
RPMS/linux-source-sparc64-2.2.14-7.i386.rpm
fed0d802f6a9d8b19eeb39f13e3d9b17  RPMS/pcmcia-cs-3.1.8-3.i386.rpm
7d585fa7cc3201aa554bfba0bc923f9d  SRPMS/hwprobe-20000214-4.src.rpm
7042ea57831b9e4c5649a8cd668a8624  SRPMS/iBCS-2.1-10.src.rpm
9a055948c09c36ed379de72525bf2896  SRPMS/linux-2.2.14-7.src.rpm
db43acbef146ae3be972f1515d030c82  SRPMS/pcmcia-cs-3.1.8-3.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

       rpm -Fvh *.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 9633.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of
   the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera
   OpenLinux.

9. Acknowledgements

   Caldera Systems wishes to thank Chris Evans, Solar Designer, Alan
   Cox and David Miller for spotting and fixing these problems.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6yfqH18sy83A/qfwRAhVuAJ4i/QYECTWBX8Hb4PImolhojEG3zACfeIJd
iw77xxCGpFcv7KeAk2OfomM=
=FrD0
-----END PGP SIGNATURE-----

(6311693) /Caldera OpenLinux User <sup-info@LOCUTUS3.CALDERASYSTEMS.COM>/(Ombruten)