<<< Date Index >>>     <<< Thread Index >>>

TSLSA-2006-0004 - multi



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0004

Package names:     kernel, openssh 
Summary:           Multiple vulnerabilities
Date:              2006-01-27
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

  openssh
  Ssh (Secure Shell) a program for logging into a remote machine and for
  executing commands in a remote machine.  It is intended to replace
  rlogin and rsh, and provide secure encrypted communications between
  two untrusted hosts over an insecure network.  X11 connections and
  arbitrary TCP/IP ports can also be forwarded over the secure channel.

Problem description:
  kernel < TSL 3.0 >
  - SECURITY Fix: Missing validation of the "nlmsg_len" value in
    "netlink_rcv_skb()" can cause an infinite loop which can be exploited
    by local users to cause a DoS by setting the value to 0.
  - An error in the PPTP NAT helper in the handling of inbound
    PPTP_IN_CALL_REQUEST packets can cause an error in offset calculation.
    This can be exploited to cause random memory corruption and can crash
    the kernel.
  - ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in
    Linux kernel 2.6.14, and other versions, allows local users to cause a
    denial of service via a crafted outbound packet that causes an incorrect
    offset to be calculated from pointer arithmetic when non-linear SKBs
    (socket buffers) are used.
  - Stefan Rompf has reported a vulnerability caused due to the "dm-crypt"
    driver failing to clear memory before freeing it. This can be exploited
    by local users to obtain sensitive information.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2006-0035, CVE-2006-0036, CVE-2006-0037 and
    CVE-2006-0095 to these issues.

  openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - SECURITY Fix: Josh Bressers has reported a weakness in OpenSSH
    caused due to the insecure use of the "system()" function in
    scp when performing copy operations using filenames that are
    supplied by the user from the command line. This can be exploited
    to execute shell commands with privileges of the user running scp.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2006-0225 to this issue.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2006/0004/>


MD5sums of the packages:
- --------------------------------------------------------------------------
027cea1f2f987f710fe2680337a4774f  3.0/rpms/kernel-2.6.15.1-1tr.i586.rpm
9f6cc359c94b874a8160b2744fb6d510  3.0/rpms/kernel-doc-2.6.15.1-1tr.i586.rpm
f6c272fadee97f280adee5f9a00576b0  3.0/rpms/kernel-headers-2.6.15.1-1tr.i586.rpm
31150a8b714720f20e290dccec845826  3.0/rpms/kernel-smp-2.6.15.1-1tr.i586.rpm
fce9c0bf230300cec808aea31ff7f718  
3.0/rpms/kernel-smp-headers-2.6.15.1-1tr.i586.rpm
cf6368abb17f22b64826d00bd8336cf5  3.0/rpms/kernel-source-2.6.15.1-1tr.i586.rpm
0608ad6bd8e97ddadd0b501206a11d20  3.0/rpms/kernel-utils-2.6.15.1-1tr.i586.rpm
ab20e49ff562fa8accc40ecbf13e7799  3.0/rpms/openssh-4.2p1-2tr.i586.rpm
ade6e066afe6e83bd99975bfa252f608  3.0/rpms/openssh-clients-4.2p1-2tr.i586.rpm
7290bb4c93f08314b72b589e6ed3b0b3  3.0/rpms/openssh-server-4.2p1-2tr.i586.rpm
934477d687fb6cb48b78fceb87e187e2  
3.0/rpms/openssh-server-config-4.2p1-2tr.i586.rpm

3bfc8e25184b964391c8c71ad95b2778  2.2/rpms/openssh-4.2p1-2tr.i586.rpm
8a3a8e810c8121ac10846922e0bffe6a  2.2/rpms/openssh-clients-4.2p1-2tr.i586.rpm
33c754e2048bb85822145c2063f63463  2.2/rpms/openssh-server-4.2p1-2tr.i586.rpm
0abb95f1c3c13c491e0233ae6f3a9944  
2.2/rpms/openssh-server-config-4.2p1-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD3gWOi8CEzsK9IksRAqoNAJ0VcXv/vxjGrn/uCznt7fVZcwLhYwCfUGQY
rnBSdrj/JGMGe6Y7iUrf3GQ=
=UQBl
-----END PGP SIGNATURE-----