<<< Date Index >>>     <<< Thread Index >>>

Immunix Secured OS 7.3 kernel update



-----------------------------------------------------------------------
        Immunix Secured OS Security Advisory

Packages updated:       kernel
Affected products:      Immunix 7.3
Bugs fixed:             CAN-2003-0985
Date:                   Mon Jan  5 2004
Advisory ID:            IMNX-2004-73-001-01
Author:                 Seth Arnold <sarnold@xxxxxxxxxxx>
-----------------------------------------------------------------------

Description:
  Paul Starzetz has discovered a mishandled boundary condition in the
  mremap(2) systemcall; Starzetz reports this vulnerability may be
  exploited by local untrusted users to gain root privileges. Neither
  StackGuard nor SubDomain will prevent exploitation of this
  vulnerability, though they may frustrate attempts to exploit this
  problem through a remote vulnerability. Even though we currently know
  of no active use of this vulnerability, we recommend upgrading your
  kernels when convenient.

  We've chosen to use the patch provided by Solar Designer to address
  CAN-2003-0985 -- it appears to provide stronger long-term protection
  against similar bugs than the fix provided by Andrea Arcangeli. We
  thank Solar Designer, Andrea Arcangeli, Paul Starzetz, and Wojciech
  Purczynski for their efforts to fix this problem.

  References: http://isec.pl/vulnerabilities/isec-0012-mremap.txt
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985

  Immunix 7.3 users may use our up2date service to install fixed 
  packages: you may run either "up2date" within X, and follow the
  directions, or run "up2date -u" to ensure your system is current.

  By default, kernel packages are not automatically upgraded by up2date.
  To install updated kernel packages via up2date, please run "up2date
  -fv kernel" (or "kernel-smp", "kernel-bigmem", etc.) To install
  updated kernel packages via rpm, please run "rpm -ivh <filename>".

  Ensure your /etc/grub.conf (or /etc/lilo.conf, if you've configured
  your Immunix system to use lilo) automatically selects the proper
  kernel for your configuration at boot. (If you use lilo, re-run lilo
  to install the new boot block.) For details on grub and lilo, please
  see the grub(8) and lilo(8) manpages.

Package names and locations:
  Precompiled binary packages for Immunix 7.3 are available at:
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.athlon.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.i386.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.i586.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-2.4.20-20_imnx_11.i686.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-bigmem-2.4.20-20_imnx_11.i686.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-smp-2.4.20-20_imnx_11.athlon.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-smp-2.4.20-20_imnx_11.i586.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-smp-2.4.20-20_imnx_11.i686.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-doc-2.4.20-20_imnx_11.i386.rpm
  
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/kernel-source-2.4.20-20_imnx_11.i386.rpm

  Source packages for Immunix 7.3 are available at:
  
http://download.immunix.org/ImmunixOS/7.3/Updates/SRPMS/kernel-2.4.20-20_imnx_11.src.rpm

Immunix OS 7.3 md5sums:
  e7f4bf52e9085a4caecb44bedf3472f4  RPMS/kernel-2.4.20-20_imnx_11.athlon.rpm
  a801c7f4c5615974753b7776a1864ed4  RPMS/kernel-2.4.20-20_imnx_11.i386.rpm
  a652b813d2e362dd2a819c53f537528b  RPMS/kernel-2.4.20-20_imnx_11.i586.rpm
  1533edf8fbffeea90467fde1f5c937f1  RPMS/kernel-2.4.20-20_imnx_11.i686.rpm
  8200a07c78ecb6e6a4aeb704e5957b01  RPMS/kernel-BOOT-2.4.20-20_imnx_11.i386.rpm
  6fe0e219731e6feb1a831197c36a0cd6  
RPMS/kernel-bigmem-2.4.20-20_imnx_11.i686.rpm
  cf771e85d93bf9dc127a7e272e8b393e  RPMS/kernel-doc-2.4.20-20_imnx_11.i386.rpm
  a70a411b1154f2d3fc12d8e9573a9b7c  RPMS/kernel-smp-2.4.20-20_imnx_11.athlon.rpm
  3f728f9c682fd0ede1f0df5019d6de43  RPMS/kernel-smp-2.4.20-20_imnx_11.i586.rpm
  3d44b3907b01f20661c8ddcf45a088b8  RPMS/kernel-smp-2.4.20-20_imnx_11.i686.rpm
  2756a204b4bcef0a6ee8b6fe3e308691  
RPMS/kernel-source-2.4.20-20_imnx_11.i386.rpm
  f028d960cc9c94d62f46233c70cdbb6d  SRPMS/kernel-2.4.20-20_imnx_11.src.rpm

GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.


NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 7.3 will not be officially supported after March 31 2005.
  ImmunixOS 7+ will not be officially supported after March 1 2004.
  ImmunixOS 7.0 is no longer officially supported.
  ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@xxxxxxxxxxxx
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.

Attachment: pgpkaDrtjEUav.pgp
Description: PGP signature