-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2004-14
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 21 May 2004
Last revised : 24 May 2004
Package : kernel
Summary : Multiple vulnerabilities within the kernel
More information :
The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
- Real time clock (RTC) routines in Linux kernel does not properly initialize their structures,
which could leak kernel data to user space.
- The R128 driver has a vulnerability.
- Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel.
- Buffer overflow in the ISO9660 file system component for Linux kernel.
- The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes,
which allows local users to cause a denial of service (crash).
- The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written
to the device for an ext3 file system, which allows local users to obtain sensitive information by
reading the raw device.
- A "potential" buffer overflow exists in the panic() function in kernel.
- The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter
when an error occurs after the mm_struct for a child process has been activated,
which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion).
Impact :
The vulnerabilities may allow an attacker to cause a denial of
service to the kernel and gain sensitive information from your system.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turboupdate
# turbopkg
# zabom update kernel kernel-BOOT kernel-doc kernel-headers \
kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
kernel-2.4.25-3.src.rpm
36845560 43f987c9ba58bef4d2052d517bae91a3
Binary Packages
Size : MD5
kernel-2.4.25-3.i586.rpm
13768395 961cb1242dc89e6b815cece76aecfe42
kernel-BOOT-2.4.25-3.i586.rpm
6894271 f2ed3e7abd7cba9d90a50a8996aa8115
kernel-doc-2.4.25-3.i586.rpm
1573387 4d5f79df18f678771d1a8470d21810e0
kernel-headers-2.4.25-3.i586.rpm
1986966 7c265f85713748fc7fd20df340c8d7ee
kernel-pcmcia-cs-2.4.25-3.i586.rpm
365681 f74d9b0d52602a69df8825831d92edca
kernel-smp-2.4.25-3.i586.rpm
14161425 9cc5b89c2f126904a2cca9ebd7700531
kernel-smp64G-2.4.25-3.i586.rpm
14139065 65dcf2069df77cd6ecd74b234187df8a
kernel-source-2.4.25-3.i586.rpm
27434031 a965e854d02602e541b26409e4d1d244
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
kernel-2.4.25-3.src.rpm
36845560 43f987c9ba58bef4d2052d517bae91a3
Binary Packages
Size : MD5
kernel-2.4.25-3.i586.rpm
13768395 961cb1242dc89e6b815cece76aecfe42
kernel-BOOT-2.4.25-3.i586.rpm
6894271 f2ed3e7abd7cba9d90a50a8996aa8115
kernel-doc-2.4.25-3.i586.rpm
1573387 4d5f79df18f678771d1a8470d21810e0
kernel-headers-2.4.25-3.i586.rpm
1986966 7c265f85713748fc7fd20df340c8d7ee
kernel-pcmcia-cs-2.4.25-3.i586.rpm
365681 f74d9b0d52602a69df8825831d92edca
kernel-smp-2.4.25-3.i586.rpm
14161425 9cc5b89c2f126904a2cca9ebd7700531
kernel-smp64G-2.4.25-3.i586.rpm
14139065 65dcf2069df77cd6ecd74b234187df8a
kernel-source-2.4.25-3.i586.rpm
27434031 a965e854d02602e541b26409e4d1d244
<Turbolinux 10 Desktop>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kernel-2.6.0-8.src.rpm
47387817 b0e9f3c652a6692b6d4741cd2e539453
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-2.6.0-8.i586.rpm
13148949 99104a31b0a0d5c71028a76d8bd00ad9
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-doc-2.6.0-8.i586.rpm
1662274 c2db44905b2022da855158cd38f0de33
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-extramodules-2.6.0-8.i586.rpm
2965265 69554343ca7d2a30a9636bd5255b0b45
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-headers-2.6.0-8.i586.rpm
1753842 9d31c7f0e6a0a075a6bc6bc5f4ce20c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-pcmcia-cs-2.6.0-8.i586.rpm
315306 495778a6eb08807ce19ec0a7e3dae0db
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-smp-2.6.0-8.i586.rpm
13768557 2361cbb154eb9aa3eaac8531fe6f3ed8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-source-2.6.0-8.i586.rpm
28488662 0a9026a322b4706f1778c27cae6e199a
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/images/dd/README.dd040520
687 aa2f0160e7b01e2763002ad945c52ade
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/images/dd/dd040520.img
1474560 e8ab7546a77c21ea8d5c79b9a396c5c3
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-19.src.rpm
42490854 5761fc3d88ea02e8a9f4df3df14bcf23
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-19.i586.rpm
14113738 2d76e70834488d6f50d66a9afa1f597a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-19.i586.rpm
7155061 bd1dd1d261efa45d5ceaf82053236c8f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-19.i586.rpm
1458658 979a80fd18e5aec2fd1c5f5b31f90e0a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-19.i586.rpm
1823440 88f3e57e5b28a482bca32b77c36767d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-19.i586.rpm
330265 a0484c72d42f1b915201932daea34627
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-19.i586.rpm
14622675 a9939b840cd5d091ca04c8b4e10b2990
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-19.i586.rpm
14606327 a8ea380db63bef81b78b37bd66cd23b7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-19.i586.rpm
26627664 99fc6ae43a40a3257e63e7f09853f681
Notice : You have to reboot your system after this update is finished.
kernel-2.4.25-3
CAN-2004-0010,
CAN-2004-0394,
CAN-2004-0427
kernel-2.6.0-8
CAN-2004-0109,
CAN-2004-0427
kernel-2.4.18-19
CAN-2003-0984,
CAN-2004-0003,
CAN-2004-0010,
CAN-2004-0109
CAN-2004-0178,
CAN-2004-0181,
CAN-2004-0394,
CAN-2004-0427
[README.dd040520]
----------------------------------------------------------------------
Driver disk for TL8 Server (kernel-2.4.18-5)
At installer boot prompt, please type dd and press enter.
boot: dd
megaraid2: Ver.2.10.3 support PERC4E(Si,Di,DC,SC) MegaRAID SATA-150
bcm5700: Ver.7.1.22 support 5901, 5705F and 5704 B0 step
bcm4400: Ver.3.0.7 support 4401 B0 step, no support smp64G
aic79xx: Ver.1.3.10, many new devices support
aacraid: Ver.1.1.3, support SATA RAIDs
e100: Ver.2.3.40, support 82541 and 82547(ICH5 CSA)
e1000: Ver.5.2.39, many new devices support
ips: Ver.7.00.15, support ServeRAID ServeRAID 7t/k/M
cciss: Ver.2.4.50, support HP SA 6400 U320 Expansion Module/ 6i
mptscsih: Ver.2.05.11.03, supoort LSI1035
aic7xxx: Ver.6.2.36, add other detection IDs
----------------------------------------------------------------------
References:
CVE
[
CAN-2003-0984]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0984
[
CAN-2004-0003]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0003
[
CAN-2004-0010]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0010
[
CAN-2004-0109]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0109
[
CAN-2004-0178]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0178
[
CAN-2004-0181]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0181
[
CAN-2004-0394]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0394
[
CAN-2004-0427]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0427
--------------------------------------------------------------------------
Revision History
21 May 2004 Initial release
24 May 2004 added Driver disk for Turbolinux 8 Server
--------------------------------------------------------------------------
Copyright(C) 2004 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAsfIXK0LzjOqIJMwRAmLOAKC9YuOsD/Q4Tfc+2/dpMuYzfTSVLACfSMgJ
mBx1agLvLdKSaOW++gUuSNA=
=vLSE
-----END PGP SIGNATURE-----