TSLSA-2006-0037 - multi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0037
Package names: kernel, netpbm
Summary: Multiple vulnerabilities
Date: 2006-06-23
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
- --------------------------------------------------------------------------
Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.
netpbm
The netpbm package contains a library of functions which support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps) and others.
Problem description:
kernel < TSL 3.0 >
- New upstream.
- Module qlogicfc successfully replaced with qla2xxx.
- Added scsi_transport_spi to initrd module list.
- SECURITY FIX: A race condition error in the "posix-cpu-timers.c"
script that does not prevent another CPU from attaching the timer
to an exiting process, which could be exploited by attackers to
cause a denial of service.
- Flaw due to errors in "powerpc/kernel/signal_32.c" and
"powerpc/kernel/signal_32.c", which could allow userspace to
provoke a machine check on 32-bit kernels.
- An infinite loop in "netfilter/xt_sctp.c", which could be exploited
by attackers to exhaust all available memory resources, creating
a denial of service condition.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-2445, CVE-2006-2448 and
CVE-2006-3085 to this issue.
netpbm < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: A vulnerability has been reported in NetPBM, caused due
to an off-by-one boundary error within "pamtofits". This can be
exploited to cause a single byte buffer overflow when processing
a specially crafted input file.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0037/>
MD5sums of the packages:
- --------------------------------------------------------------------------
ae7e3694eba27ec7af20bfadc1638315 3.0/rpms/kernel-2.6.17.1-1tr.i586.rpm
cfbc555e5e86ba415ab094e974f2b6f2 3.0/rpms/kernel-doc-2.6.17.1-1tr.i586.rpm
c1423efc2597311d2b3b1a8ee38ab290 3.0/rpms/kernel-headers-2.6.17.1-1tr.i586.rpm
6ec505e5241a5eb46ff8b543a414c581 3.0/rpms/kernel-smp-2.6.17.1-1tr.i586.rpm
d49930ce1311746c267597ac746307d8
3.0/rpms/kernel-smp-headers-2.6.17.1-1tr.i586.rpm
02e00fa5331718396926d0a3731dfe38 3.0/rpms/kernel-source-2.6.17.1-1tr.i586.rpm
f41bb3d37a2c4aa544f1f6e4febaccbe 3.0/rpms/kernel-utils-2.6.17.1-1tr.i586.rpm
50b0ae6413722d2a1bdae33351681f91 3.0/rpms/netpbm-10.30-2tr.i586.rpm
3920883cc71f6cb001fc6af104ccc683 3.0/rpms/netpbm-devel-10.30-2tr.i586.rpm
4a18575d3cec2782273cdfd273d83cc7 3.0/rpms/netpbm-progs-10.30-2tr.i586.rpm
005b2a0731b52605636428d177347f89 2.2/rpms/netpbm-10.30-2tr.i586.rpm
f8f08954e91ea373d461baf65b0a85d1 2.2/rpms/netpbm-devel-10.30-2tr.i586.rpm
ac86b308ccf229ee6715619b38b07fac 2.2/rpms/netpbm-progs-10.30-2tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEm9gei8CEzsK9IksRAgXJAKCVD4qbnQLqeHaWorWTfbxcYB2OOgCghASq
1Ke12Cjkrp5R5OeqqkS/W9M=
=e1Sg
-----END PGP SIGNATURE-----