[LWN Logo]


Date: Sat, 10 Jun 2000 00:58:02 -0700 (PDT)
From: Slackware Security Team 
To: slackware-security@slackware.com
Subject: Kernel 2.2.16 and /usr/bin/Mail



====================================
Kernel Version 2.2.16 Security Fixes
====================================

The 2.2.16 release of the Linux kernel is available and includes a number of
security fixes.  The following list of fixes comes from the kernel release 
notes:

----------------------------------------------------------------------------
Capabilities -
   Fixes for serious setuid handling flaws when using restricted capability 
   sets 
ELF loader -
   The ELF loader could be tricked by erroneous headers 
Procfs -
   Several /proc drivers failed to do correct sanity checking 
Readv/writev - 
   Potential overflow bug fixed 
Signal Stacks -
   Exec failed to clear an existing alternate sigstack 
System 5 Shared Memory -
   If a user managed to attach a segment 65536 times bad things happened. 
TCP multiconnect hang -
   The TCP code had a bug that could cause the machine to hang. This was user 
   exploitable. 
-----------------------------------------------------------------------------

We recommend that you read the above as a list of reasons to upgrade to 2.2.16,
if you're running a 2.2.x kernel.  The capabilities hole is especially nasty,
as it allows a local user to gain root access from a program that normally
drops root privileges.

The standard pre-built Slackware kernels have been built from 2.2.16 source 
and are now available in Slackware-current:

     ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/

You will probably also need a new set of modules, available from:

     ftp://ftp.slackware.com/pub/slackware/slackware-current/modules/

They are also available in packaged form in the slackware-current ftp tree
(ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/).  The
files, within that directory, are:

     a1/modules.tgz, a1/scsimods.tgz, a1/sndmods.tgz, a1/fsmods.tgz,
     and n1/netmods.tgz

The kernel release notes are available here:

     http://www.linux.org.uk/VERSION/relnotes.2216.html


=========================
/usr/bin/Mail chmoded 755
=========================

The Mail program shipped with Slackware has been shown to be subject to a
buffer overflow that, if the program is sgid (as shipped with Slackware), can
provide a malicious user with gid "mail".  Having gid "mail" does not allow a 
user any special priveleges, as the mail group hasn't been used in Slackware
for years.  There is a security advisory being passed around, but we assure
you there's no threat from the Mail flaw.  Nonetheless, holes are no fun, and
we've closed this one by removing the sgid bit from /bin/Mail.  A new 
mailx.tgz package is available in Slackware-current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/mailx.tgz

==============================================================================

As always, more information is available in the Slackware-current ChangeLog:

     
ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt


   -- Your Friendly Neighborhood Slackware Security Team
      security@slackware.com