Movatterモバイル変換

[0]ホーム
URL:

Home page logo
bugtraq logo

Bugtraqmailing list archives

PreviousBy DateNext
PreviousBy ThreadNext

TSLSA-2005-0049 - multi

From: Trustix Security Advisor <tsl () trustix org>
Date: Fri, 16 Sep 2005 20:13:29 +0200
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1- --------------------------------------------------------------------------Trustix Secure Linux Security Advisory #2005-0049Package names:     kernel, util-linux, xorg-x11   Summary:           Multiple vulnerabilitiesDate:              2005-09-16Affected versions: Trustix Secure Linux 2.2                   Trustix Secure Linux 3.0                   Trustix Operating System - Enterprise Server 2- --------------------------------------------------------------------------Package description:  kernel  The kernel package contains the Linux kernel (vmlinuz), the core of your  Trustix Secure Linux operating system.  The kernel handles the basic  functions of the operating system: memory allocation, process allocation,  device input and output, etc.  util-linux  The util-linux package contains a large variety of low-level system  utilities that are necessary for a Linux system to function.  Among  many features, Util-linux contains the fdisk configuration tool and  the login program.   xorg-x11  X.org X11 is an open source implementation of the X Window System. It  provides the basic low level functionality which full fledged graphical  user interfaces (GUIs) such as GNOME and KDE are designed upon.Problem description:  kernel < TSL 3.0 >  - SECURITY Fix: Fix unchecked __get_user that could be tricked into     generating a memory read on an arbitrary address. The result of the    read is not returned directly but you may be able to divine some    information about it, or use the read to cause a crash on some    architectures by reading hardware state.      The Common Vulnerabilities and Exposures project has assigned the    name CAN-2005-2492 to this issue.  - SECURITY Fix: Al Viro reported a flaw in sendmsg(). "When we copy    32bit ->msg_control contents to kernel, we walk the same userland data    twice without sanity checks on the second pass. Moreover, if original    looks small enough, we end up copying to on-stack array."    The Common Vulnerabilities and Exposures project has assigned the    name CAN-2005-2490 to this issue.  util-linux < TSL 3.0 > < TSL 2.2 > < TSEL-2 >  - SECURITY Fix: unintentional grant of privileges by umount in util-linux    allows local users with unmount permissions to gain privileges via the    -r (remount) option, which causes the file system to be remounted with    just the read-only flag, which effectively clears the nosuid, nodev,    and other flags. (SA16795)  xorg-x11 < TSL 3.0 >  - SECURITY Fix:  Heap overflow in pixmap allocation, An integer overflow    in pixmap memory allocation potentially allows any xorg-x11 user to    execute arbitrary code with elevated privileges.    The Common Vulnerabilities and Exposures project has assigned the    name CAN-2005-2495 to this issue.Action:  We recommend that all systems with this package installed be upgraded.  Please note that if you do not need the functionality provided by this  package, you may want to remove it from your system.Location:  All Trustix Secure Linux updates are available from  <URI:http://http.trustix.org/pub/trustix/updates/>  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>About Trustix Secure Linux:  Trustix Secure Linux is a small Linux distribution for servers. With focus  on security and stability, the system is painlessly kept safe and up to  date from day one using swup, the automated software updater.Automatic updates:  Users of the SWUP tool can enjoy having updates automatically  installed using 'swup --upgrade'.Questions?  Check out our mailing lists:  <URI:http://www.trustix.org/support/>Verification:  This advisory along with all Trustix packages are signed with the  TSL sign key.  This key is available from:  <URI:http://www.trustix.org/TSL-SIGN-KEY>  The advisory itself is available from the errata pages at  <URI:http://www.trustix.org/errata/trustix-2.2/> and  <URI:http://www.trustix.org/errata/trustix-3.0/>  or directly at  <URI:http://www.trustix.org/errata/2005/0049/>MD5sums of the packages:- --------------------------------------------------------------------------8de6ff8be742734fb85c3daf1f614f98  3.0/rpms/agetty-2.12q-4tr.i586.rpme825cc734e779b04f92bcf88b958eacf  3.0/rpms/bfsprogs-2.12q-4tr.i586.rpm67ae6f1c3d4f194e13d380d68149f01a  3.0/rpms/cramfsprogs-2.12q-4tr.i586.rpm4bbee025d5e4b6f99d2273d126acbb5d  3.0/rpms/kernel-2.6.12.6-2tr.i586.rpm20996e0638342d541887443d57bd1eab  3.0/rpms/kernel-doc-2.6.12.6-2tr.i586.rpm685078a46f6fab9177d976c660e48ede  3.0/rpms/kernel-headers-2.6.12.6-2tr.i586.rpm084c99fb974347cb37dfb4a16c253938  3.0/rpms/kernel-smp-2.6.12.6-2tr.i586.rpmd94b53365688200b8be5ea09009e7340  3.0/rpms/kernel-smp-headers-2.6.12.6-2tr.i586.rpmea7600c7b6eeb875d4fd0ca7dea800ba  3.0/rpms/kernel-source-2.6.12.6-2tr.i586.rpm3b8ab9f431fd7087be44a0b038424217  3.0/rpms/kernel-utils-2.6.12.6-2tr.i586.rpmcd25a41e7afe9fe87bab8729bb627acb  3.0/rpms/login-2.12q-4tr.i586.rpm2886260d7f9119abbb37457f3fd1c16a  3.0/rpms/losetup-2.12q-4tr.i586.rpm4df8998a130e88f7ae7302b6a0a79692  3.0/rpms/minixprogs-2.12q-4tr.i586.rpm14c617257f76cd47418f61535c78c155  3.0/rpms/mount-2.12q-4tr.i586.rpmd2dcfa8274455f054ffa0740a357670d  3.0/rpms/util-linux-2.12q-4tr.i586.rpmb73575a628d02e7022b407c9fdcbf1e0  3.0/rpms/xorg-x11-6.8.2-9tr.i586.rpmcdd13673c73e258e8b3d5146c53d74e3  3.0/rpms/xorg-x11-devel-6.8.2-9tr.i586.rpme2b05b0f9205dbdfd5dc739f675b3266  3.0/rpms/xorg-x11-doc-6.8.2-9tr.i586.rpm2077a6737e8c02bb6384c038b64b062f  3.0/rpms/xorg-x11-fonts-100dpi-6.8.2-9tr.i586.rpmda721531fed5aa57d6d7de31af0ec005  3.0/rpms/xorg-x11-fonts-6.8.2-9tr.i586.rpm803908bd34dda6debd214169c61b9938  3.0/rpms/xorg-x11-fonts-75dpi-6.8.2-9tr.i586.rpmcc92a568afb653b66b985481673ca169  3.0/rpms/xorg-x11-fonts-cid-6.8.2-9tr.i586.rpm3294ac394747eb7aacfb80664f802296  3.0/rpms/xorg-x11-fonts-cyrillic-6.8.2-9tr.i586.rpmcab59f2305dcb2df4f1f960209d137ca  3.0/rpms/xorg-x11-fonts-otf-6.8.2-9tr.i586.rpm26b03a4ef89f7a8b75c46f14626f6423  3.0/rpms/xorg-x11-fonts-speedo-6.8.2-9tr.i586.rpm4689468bd9ecf4e6054de45252e9cc06  3.0/rpms/xorg-x11-fonts-ttf-6.8.2-9tr.i586.rpm5f47e4cf2876afa70b3ae96e04cee9ab  3.0/rpms/xorg-x11-fonts-type1-6.8.2-9tr.i586.rpmeb8835bebad76b4a9613de0ba8862a64  3.0/rpms/xorg-x11-libs-6.8.2-9tr.i586.rpmccda082ae90441cc62e18a4706bdab95  3.0/rpms/xorg-x11-sdk-6.8.2-9tr.i586.rpm2bf6fc64f0be9155a5e6c7123d9173d6  2.2/rpms/agetty-2.12b-2tr.i586.rpm8228eadc552dd2ac30a51bf360117609  2.2/rpms/bfsprogs-2.12b-2tr.i586.rpm0bdff988dc5ab45fb6397f8a97ce2c53  2.2/rpms/cramfsprogs-2.12b-2tr.i586.rpm62088c25c1180b08249f14ae22cf4e32  2.2/rpms/login-2.12b-2tr.i586.rpm8f3a6d0705118645480ef83a5fecfa7a  2.2/rpms/losetup-2.12b-2tr.i586.rpm8037a14f7a8b76348a3524592273b2f1  2.2/rpms/minixprogs-2.12b-2tr.i586.rpmd513814edebcda5635248c1859423761  2.2/rpms/mount-2.12b-2tr.i586.rpm1a1c94eb86be4b2afa1fdf143e86475e  2.2/rpms/util-linux-2.12b-2tr.i586.rpm- --------------------------------------------------------------------------Trustix Security Team-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.1 (GNU/Linux)iD8DBQFDKwqqi8CEzsK9IksRAuvsAKCcp0sft5mqfCwAXwYZQBwQqDtpSACgmLD4QL1P5otuWZwXe3dXagOIjRc==4RQ8-----END PGP SIGNATURE-----
PreviousBy DateNext
PreviousBy ThreadNext

Current thread:

[8]ページ先頭
©2009-2026 Movatter.jp