![[LWN Logo]](/images/lc.png)
![[Timeline]](/images/Included.png)
|
|
|
|
Date: Thu, 8 Jun 2000 20:15:04 -0300 From: Sergio Bruder <bruder@conectiva.com.br> To: lwn@lwn.net, facosta@centroin.com.br, brain@matrix.com.br, bos@sekure.org, Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel ---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ---------------------------------------------------------------------- PACKAGE: kernel-2.2.14 SUMMARY : Security problems with capabilities DATE : 2000-06-08 AFFECTED CONECTIVA VERSIONS : 4.0, 4.1, 4.2 and 5.0 DESCRIPTION The 2.2.x series of the linux kernel implement capabilities. Capabilites can be used to restrict what the root user can do. Many privileged programs, such as SUID programs, drop root privileges before taking certain action, such as executing an user supplied program. By constructing an environment where a certain capability is set, the loss of root privileges doesn't work and the privileged program keeps on taking its action, but as root, not as a normal user as it was intended to do. This can lead to root compromise. SOLUTION All users MUST upgrade the kernel immediately by downloading the appropriate package below. This release incorporates the fix used in the 2.2.16 version. This kernel vulnerability can be exploited in many ways. Some vendors have provided updated packages for their SUID programs, such as sendmail. By upgrading the kernel, these specific vendor updates are not necessary for this problem, unless they fix something else too that the user needs. Updates for versions 4.0, 4.1 and 4.2 will follow shortly. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/alsasound-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-BOOT-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-doc-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-headers-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-ibcs-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-install-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-pcmcia-cs-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-smp-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-source-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-2.2.14-19cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-devel-2.2.14-19cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGE ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/kernel-2.2.14-19cl.src.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br