![[LWN Logo]](/images/lc.png) |
|
![[Timeline]](/images/Included.png) |
Date: Mon, 19 Jun 2000 18:05:57 -0700
From: Roger Luethi <rluethi@TURBOLINUX.COM>
Subject: [TL-Security-Announce] Linux Kernel TLSA2000013-1
To: BUGTRAQ@SECURITYFOCUS.COM
--W/nzBZO5zC0uMSeA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
___________________________________________________________________________
TurboLinux Security Announcement
Package: kernel-2.2.15 and earlier
Date: Monday June 19 17:45 PDT 2000
Affected TurboLinux versions: 6.0.5 and earlier
Vulnerability Type: local root compromise
TurboLinux Advisory ID#: TLSA2000013-1
BugTraq ID#: 1322
Credits: This vulnerability was discovered by Wojciech Purczynski.
___________________________________________________________________________
A security hole was discovered in the package mentioned above.
Please update the package in your installation as soon as possible.
___________________________________________________________________________
1. Problem Summary
Originally this security bug was reported by Sendmail. An unsafe
fgets() usage in sendmail's mail.local exposes the setuid() security
hole in the Linux kernel. This vunlnerability allows local users to
obtain root privilege by exploiting setuid root applications.
2. Impact
Any local user with an account can use this vulnerability to obtain
root priviledges by exploiting setuid root applications.
3. a) Solution
Please read section 3. b) if you use "TurboLinux Data Server with
DB2" or "TurboLinux Data Server Optimized for Oracle 8i".
Update the packages from our ftp server by running the following command
for each package:
rpm -Uvh --nodeps --Force ftp_path_to_filename
Where ftp_path_to_filename is one of the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-BOOT-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-doc-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-headers-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-ibcs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-smp-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-source-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-utils-2.2.16-0.4.i386.rpm
The source RPM can be downloaded here:
ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/kernel-2.2.16-0.4.src.rpm
**Note: You must rebuild and install the RPM if you choose to download
and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE
THE SECURITY HOLE.
Please verify the MD5 checksum of the update before you install:
MD5 sum Package Name
---------------------------------------------------------------------------
8861693c10c2a784f35ba603270d2ade kernel-2.2.16-0.4.i386.rpm
d527dcb4a491eae049a560cc6ff0a4e0 kernel-2.2.16-0.4.src.rpm
3d70924bf24c74c9d2173ab2b7e696b0 kernel-BOOT-2.2.16-0.4.i386.rpm
8138707ad72cea856d9aed01042870ae kernel-doc-2.2.16-0.4.i386.rpm
acca46851b1781a6c42e6a8a0a0a4426 kernel-headers-2.2.16-0.4.i386.rpm
b8f54e8971270827bf5b5df1520877b5 kernel-ibcs-2.2.16-0.4.i386.rpm
6b2a24f7d677aa0739a5a113f0621f4f kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
60aa909b603afa5fd895fbd693463e50 kernel-smp-2.2.16-0.4.i386.rpm
e2a15e2ee9679f390908861513effd94 kernel-source-2.2.16-0.4.i386.rpm
9668cfd45fac0332c304a4e9f78dc4c9 kernel-utils-2.2.16-0.4.i386.rpm
___________________________________________________________________________
3. b) Solution for TurboLinux Data Server
This section only applies if you use "TurboLinux Data Server with
DB2" or "TurboLinux Data Server Optimized for Oracle 8i".
Update the packages from our ftp server by running the following command
for each package:
rpm -Uvh --nodeps --Force ftp_path_to_filename
Where ftp_path_to_filename is one of the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-BOOT-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-doc-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-headers-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-ibcs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-smp-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-source-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-utils-2.2.16-0.4.i386.rpm
The source RPM can be downloaded here:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-2.2.16-0.4.src.rpm
**Note: You must rebuild and install the RPM if you choose to download
and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE
THE SECURITY HOLE.
Please verify the MD5 checksum of the update before you install:
MD5 sum Package Name
---------------------------------------------------------------------------
72b08a2760ef2f6ab7d1c3861bfb5d77 kernel-2.2.16-0.4.i386.rpm
872639a08f38b32f1879ad585b388624 kernel-2.2.16-0.4.src.rpm
6e9f553a05d85440d6405f539a0b0e25 kernel-BOOT-2.2.16-0.4.i386.rpm
eee26cc58861b1ebf8bf9cef5263aedf kernel-doc-2.2.16-0.4.i386.rpm
1f8f01f0b3e2d598ed1569ce99a25b75 kernel-headers-2.2.16-0.4.i386.rpm
a5fd0f5f1dcc175b324606dd26162238 kernel-ibcs-2.2.16-0.4.i386.rpm
a9957820afeb81274d6a15d2411213b6 kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
a03c1aee79c2c7a9a8e92abd7df5ea08 kernel-smp-2.2.16-0.4.i386.rpm
8a669d467d515ad88f8710a13fd97ccb kernel-source-2.2.16-0.4.i386.rpm
138719960abc9eb52925f1507816cadf kernel-utils-2.2.16-0.4.i386.rpm
___________________________________________________________________________
These packages are GPG signed by Turbolinux for security. Our key
is available here:
http://www.turbolinux.com/security/tlgpgkey.asc
To verify a package, use the following command:
rpm --checksig name_of_rpm
To examine only the md5sum, use the following command:
rpm --checksig --nogpg name_of_rpm
**Note: Checking GPG keys requires RPM 3.0 or higher.
___________________________________________________________________________
You can find more updates on our ftp server:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation
and Server security updates
ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation
and Server security updates
Our webpage for security announcements:
http://www.turbolinux.com/security
If you want to report vulnerabilities, please contact:
rt-security@turbolinux.com
___________________________________________________________________________
Subscribe to the TurboLinux Security Mailing lists:
TL-security - A moderated list for discussing security issues in TurboLinux
products.
Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security
TL-security-announce - An announce-only mailing list for security updates
and alerts.
Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security-announce
--W/nzBZO5zC0uMSeA
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5TsN17eR7bnHQKeQRAtVKAJ0cnTTdqNyL4yWx/WiwMyjz66cwIwCZAQtY
xK9oni1MVFk5GdF6LtbIyOs=r0WF
-----END PGP SIGNATURE-----
--W/nzBZO5zC0uMSeA--
_______________________________________________
TL-Security-Announce mailing list
TL-Security-Announce@www.turbolinux.com
http://www.turbolinux.com/mailman/listinfo/tl-security-announce