[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files

2005-01-12 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 636-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 12th, 2005  http://www.debian.org/security/faq
- --

Package: glibc
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID : CAN-2004-0968
BugTraq ID : 11286
Debian Bug : 279680 278278 205600

Several insecure uses of temporary files have been discovered in
support scripts in the libc6 package which provices the c library for
a GNU/Linux system.  Trustix developers found that the catchsegv
script uses temporary files insecurely.  Openwall developers
discovered insecure temporary files in the glibcbug script.  These
scripts are vulnerable to a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 2.2.5-11.8.

For the unstable distribution (sid) these problems have been fixed in
version 2.3.2.ds1-20.

We recommend that you upgrade your libc6 package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- 

  Source archives:

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.dsc
  Size/MD5 checksum: 1458 bc2b80a7f76bbf4243fa86f5245f5a50

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.diff.gz
  Size/MD5 checksum:   399970 4e1576598f13f2a628b3eef2c9bcdc48
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
  Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9

  Architecture independent components:


http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.8_all.deb
  Size/MD5 checksum:  2699182 c7a50fe321349d3593a8aa14a1a2c86a

http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.8_all.deb
  Size/MD5 checksum:  3387990 8aaa9b854416e5a6e9b1a65b1bf7ea62

  Alpha architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_alpha.deb
  Size/MD5 checksum:  4557986 2a37871e21fdb5a514d09110814d43b5

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_alpha.deb
  Size/MD5 checksum:  1351232 def6755e17e3bc9384f9fa2c0d568b55

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_alpha.deb
  Size/MD5 checksum:  2981066 41abb2fe30295e762110e4e065c9e188

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_alpha.deb
  Size/MD5 checksum:  1321546 f41b8bce8503579888203ac22c866344

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_alpha.deb
  Size/MD5 checksum:  1538778 526584f3262d17309a68b1c8fae6

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_alpha.deb
  Size/MD5 checksum:69866 b7135768c785f453a3027e811d8b

  ARM architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_arm.deb
  Size/MD5 checksum:  3686218 05ab21bcfd365fd6e56f6745eb0005fd

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_arm.deb
  Size/MD5 checksum:  2767406 c5d453caa9030ebf82023e3ded3ff844

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_arm.deb
  Size/MD5 checksum:  2863418 4bf8522f010cc826fd494e8deac0a504

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_arm.deb
  Size/MD5 checksum:  1182298 6197804eeb01e05a195b4360115cb19d

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_arm.deb
  Size/MD5 checksum:  1282776 557442af8531a7dccf5ed38865edfac1
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_arm.deb
  Size/MD5 checksum:59674 c191744f43225bc100f127267dbbd38b

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_i386.deb
  Size/MD5 checksum:  3383144 143978addc25816d4da0e850549a17fb

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_i386.deb
  Size/MD5 checksum:  2433964 efb2d99d347c2bd1f7a0904c1df18201

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_i386.deb
  Size/MD5 checksum:  2390882 78374bee4d59301db2ef508c44517260


Re: [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution

2005-01-12 Thread Rainer Dorsch
Joey,

is exim-tls also affected? If yes, when can we expect an update.

Many thanks,
Rainer

Am Mittwoch, 12. Januar 2005 08:47 schrieb Martin Schulze:
 --
 Debian Security Advisory DSA 635-1 [EMAIL PROTECTED]
 http://www.debian.org/security/ Martin Schulze
 January 12th, 2005  http://www.debian.org/security/faq
 --

 Package: exim
 Vulnerability  : buffer overflow
 Problem-Type   : remote
 Debian-specific: no
 CVE ID : CAN-2005-0021
 Debian Bug : 289046

 Philip Hazel announced a buffer overflow in the host_aton function in
 exim, the default mail-tranport-agent in Debian, which can lead to the
 execution of arbitrary code via an illegal IPv6 address.

 For the stable distribution (woody) this problem has been fixed in
 version 3.35-1woody4.

 For the unstable distribution (sid) this problem has been fixed in
 version 3.36-13 of exim and 4.34-10 of exim4.

 We recommend that you upgrade your exim and exim4 packages.


 Upgrade Instructions
 

 wget url
 will fetch the file for you
 dpkg -i file.deb
 will install the referenced file.

 If you are using the apt-get package manager, use the line for
 sources.list as given below:

 apt-get update
 will update the internal database
 apt-get upgrade
 will install corrected packages

 You may use an automated update by adding the resources from the
 footer to the proper configuration.


 Debian GNU/Linux 3.0 alias woody
 

   Source archives:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.dsc
 Size/MD5 checksum:  661 d97ecab579bd3dbaa3e9be00b8b16d85
 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.diff.
gz Size/MD5 checksum:80195 a02abeefa9d1145ae623ad661aab5f5a
 http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
 Size/MD5 checksum:  1271057 42d362e40a21bd7ffc298f92c8bd986a

   Alpha architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_alpha
.deb Size/MD5 checksum:   872796 a46f5dc95d777366cb492eb57ec8dd9f
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_alp
ha.deb Size/MD5 checksum:52318 bf93e35aec9f401d8413015c50f5cbae

   ARM architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_arm.d
eb Size/MD5 checksum:   785980 5ced90e4c4ecd1ca6a60980634b309e8
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_arm
.deb Size/MD5 checksum:43514 07b7324395ff66f68db354c6b4589db7

   Intel IA-32 architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_i386.
deb Size/MD5 checksum:   759270 9001a456b0a34f4bf5de88d901c70a97
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_i38
6.deb Size/MD5 checksum:39210 78e5eecee7101a355ddabec9d0f07b98

   Intel IA-64 architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_ia64.
deb Size/MD5 checksum:   972852 43f4fc30483d8ad5c42e031fd64a9e8d
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_ia6
4.deb Size/MD5 checksum:65166 cdc921d9be2ec60b5f0ed95a5b976732

   HP Precision architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_hppa.
deb Size/MD5 checksum:   815358 c506baffb4404f32762468fbc494551c
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_hpp
a.deb Size/MD5 checksum:48294 d90efe5be79e966e07a7cbe8e9013939

   Motorola 680x0 architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_m68k.
deb Size/MD5 checksum:   737856 aefe6b63ebd03e9fe449afe22e752547
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_m68
k.deb Size/MD5 checksum:37752 e0d2b938e50c3b408928b8150459ad2b

   Big endian MIPS architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mips.
deb Size/MD5 checksum:   824458 0c1db679287a6de37f2c320f335c650c
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mip
s.deb Size/MD5 checksum:48882 1670c36409482a8a870becf826f7ae68

   Little endian MIPS architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mipse
l.deb Size/MD5 checksum:   824846 88564f1d1b0c1781587d5db1bccdde77
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mip
sel.deb Size/MD5 checksum:48778 6a7002c766a84dd81eed39d23f8709d5

   PowerPC architecture:


 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_power
pc.deb Size/MD5 checksum:   794244 abfa2009cd6417101d120a5980641012
 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_pow
erpc.deb 

Re: Log file IDS package?

2005-01-12 Thread Javier Fernández-Sanguino Peña
On Wed, Jan 12, 2005 at 04:57:41PM +1100, Andrew Pollock wrote:
 Hi,
 
 I've done some cursory apt-cache searching, and nothing's jumped out at
 me...

Have you read this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-log-alerts

Logcheck is more or less the standard way of doing this in Debian although 
others like alternative logchecking tools.

I've been meaning to look at btail (a bayesian log filter that could 
probably make it easier to generate the logcheck ignore patters, see 
http://www.vanheusden.com/btail/. Also LoGS 
(http://savannah.nongnu.org/projects/logs/) might be of interested (still 
in active development, looks promising)

Note that the URL that the document points to (Counterpane's) is not
current, it should be http://www.loganalysis.org/ (wonderful source of log
analysis information maintained by Tina Bird, of Standfor University) This
is actually fixed in the document source (CVS) but it has not yet
propagated to the online version :-(


 I want to tarpit excessive SSH login failures.

You might want to review the discussion on this we had at this same list, 
available at http://lists.debian.org/debian-security/2004/10/msg00118.html
(I'm not sure the PAM module developed by Kevin is useful for you, but the 
thread has a lot of suggestions from many people, me includd).

Check out also http://ethernet.org/~brian/src/timelox/ which might or might 
not do what you are looking for (found this while reading 
http://seclists.org/lists/incidents/2004/Dec/0039.html, which is also an 
interesting read)

Hope that helps

Javier



signature.asc
Description: Digital signature


Re: Log file IDS package?

2005-01-12 Thread Greg Folkert
On Wed, 2005-01-12 at 16:57 +1100, Andrew Pollock wrote:
 Hi,
 
 I've done some cursory apt-cache searching, and nothing's jumped out at
 me...
 
 Is there software in Debian that will do something along the lines of a tail
 -f of a given logfile, looking for supplied regexs and do custom actions on
 matches?
 
 I want to tarpit excessive SSH login failures.

Are you talking about the recent (since July 27th 2004) brute force ssh
attempts? The ones with NO_USER attached to them?

things like this:
Jan 10 23:52:45 knight sshd[12863]: Failed password for illegal user test from 
220.75.202.225 port 35881 ssh2
Jan 10 23:52:51 knight sshd[12865]: Failed password for illegal user guest from 
220.75.202.225 port 35973 ssh2
Jan 10 23:52:55 knight sshd[12867]: Failed password for admin from 
220.75.202.225 port 36117 ssh2
Jan 10 23:52:57 knight sshd[12869]: Failed password for admin from 
220.75.202.225 port 36212 ssh2
Jan 10 23:53:00 knight sshd[12871]: Failed password for illegal user user from 
220.75.202.225 port 36284 ssh2
Jan 10 23:53:03 knight sshd[12873]: Failed password for root from 
220.75.202.225 port 36367 ssh2
Jan 10 23:53:07 knight sshd[12882]: Failed password for root from 
220.75.202.225 port 36457 ssh2
Jan 10 23:52:45 knight sshd[12863]: Illegal user test from 220.75.202.225
Jan 10 23:52:45 knight sshd[12863]: error: Could not get shadow information for 
NOUSER
Jan 10 23:52:50 knight sshd[12865]: Illegal user guest from 220.75.202.225
Jan 10 23:52:51 knight sshd[12865]: error: Could not get shadow information for 
NOUSER
Jan 10 23:53:00 knight sshd[12871]: Illegal user user from 220.75.202.225
Jan 10 23:53:00 knight sshd[12871]: error: Could not get shadow information for 
NOUSER

Or something else?

If it is that... well unless you are doing something stupid for
passwords, you really shouldn't worry about it. This goes back to tarpit
setups for mail... it won't stop them, just increase number of
connections you'll have tied up, possibly DoS style.
-- 
greg, [EMAIL PROTECTED]

The technology that is
Stronger, better, faster:  Linux


signature.asc
Description: This is a digitally signed message part


CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

2005-01-12 Thread Jan Lühr
Greetings,

things seem to be in a rush right now, and I'm looking for a little overview.
In the past 1-2 months several kernel exploits rushed through the news that 
might / can / probably will affect debian stable. However, I haven't seen any 
signle DSA regarding the following issues: Can you please give me an 
overview:  Which problems do affected kernel-source-2,4.18? - If so, what is 
the current status of the according DSA? Because of running an 
terminal-Server I'd like to know, what's going on at these issues.


Thanks in advance, Keep smiling
yanosz

CAN-2005-0001 Linux kernel i386 SMP page fault handler privilege escalation: 
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt (I'm not runnig 
SMP ;)
CAN-2004-1235 Linux kernel uselib() privilege elevation 
http://isec.pl/vulnerabilities/isec-0021-uselib.txt (Sounds scary PoC Code is 
included, seems to be discussed here)
CAN-2004-1137 Linux kernel IGMP vulnerabilities (Sounds really scary. Are we 
effected? Debian Woody seems to be uneffected, but what about sarge / sid?)
http://isec.pl/vulnerabilities/isec-0018-igmp.txt
CAN-2004-1016 Linux kernel scm_send local DoS
 http://isec.pl/vulnerabilities/isec-0019-scm.txt
Georgi Guninski security advisory #72, 2004 Fun with the linux kernel 
(2.6,2.4)
http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
grsecurity 2.1.0
 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0070.html
gives on scary / FUD-ish view on the linux kernel. Without discussing their 
thesis in detail, are patches available? Is kernel-source-2.4.18 affected?







-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

2005-01-12 Thread Sam Morris
Jan Lhr wrote:
Greetings,
things seem to be in a rush right now, and I'm looking for a little overview.
In the past 1-2 months several kernel exploits rushed through the news that 
might / can / probably will affect debian stable. However, I haven't seen any 
signle DSA regarding the following issues: Can you please give me an 
overview:  Which problems do affected kernel-source-2,4.18? - If so, what is 
the current status of the according DSA? Because of running an 
terminal-Server I'd like to know, what's going on at these issues.
Add CAN-2004-0554 as well--bug #261521 has been open against 
kernel-image-2.4.18-1-i386 (but not against kernel-image-2.4.18-i386) 
since July wish no updates.

I believe someone posted here a few months ago asking about the bug, and 
was told that updates were being prepared--but that has not yet happened. :(
Thanks in advance, Keep smiling
yanosz
--
Regards,
Sam Morris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]


UNSUBSCRIBE

2005-01-12 Thread Paweł



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

2005-01-12 Thread Joey Hess
Jan Lühr wrote:
 things seem to be in a rush right now, and I'm looking for a little overview.
 In the past 1-2 months several kernel exploits rushed through the news that
 might / can / probably will affect debian stable. However, I haven't seen any
 signle DSA regarding the following issues: Can you please give me an
 overview:  Which problems do affected kernel-source-2,4.18? - If so, what is
 the current status of the according DSA?

I'm afraid that I can only tell you the status of 2.6.8 and 2.4.27 in
unstable/testing. AFAIK there have not been DSAs for any of these to fix
stable, and I don't know which ones really affect stable. Probably most of
them.

Some of the information below may be incorrect, the kernel team knows better
than I.

 CAN-2005-0001 Linux kernel i386 SMP page fault handler privilege 
 escalation: 
 http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt (I'm not runnig 
 SMP ;)

The kernel team are aware of it, I expect a fix will be uploaded soon
for unstable.

 CAN-2004-1235 Linux kernel uselib() privilege elevation 
 http://isec.pl/vulnerabilities/isec-0021-uselib.txt (Sounds scary PoC Code is 
 included, seems to be discussed here)

Fixed in kernel-source-2.6.8 2.6.9-5 and kernel-source-2.4.27 2.4.27-8
(which should be released today or so), and the kernel-image packages
indirectly built from them.

 CAN-2004-1137 Linux kernel IGMP vulnerabilities (Sounds really scary. Are 
 we 
 effected? Debian Woody seems to be uneffected, but what about sarge / sid?)
 http://isec.pl/vulnerabilities/isec-0018-igmp.txt

Fixed in kernel-source-2.4.27 2.4.27-7.

 CAN-2004-1016 Linux kernel scm_send local DoS
  http://isec.pl/vulnerabilities/isec-0019-scm.txt

Also fixed in kernel-source-2.4.27 2.4.27-7.

 Georgi Guninski security advisory #72, 2004 Fun with the linux kernel 
 (2.6,2.4)
 http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html

This is CAN-2004-1333 and was fixed in kernel-source-2.6.8 2.6.8-11.
AFAIK 2.4 is not yet fixed.

 grsecurity 2.1.0
  
 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0070.html
 gives on scary / FUD-ish view on the linux kernel. Without discussing their 
 thesis in detail, are patches available? Is kernel-source-2.4.18 affected?

I don't think CANs have yet been assigned for those holes.


A few others you left out:

CAN-2004-1337

Apparently only affects 2.6, we're not very vulnerable since the
module is loaded by the initrd. Not yet fixed.

CAN-2004-1335

Fixed in kernel-source-2.6.8. 2.4 is not fixed.

CAN-2004-1234

Does not affect sarge since we have a kernel  2.4.25.

CAN-2004-1191

Should not affect our 2.4 kernel since it was fixed in 2.4.27.
Probably our 2.6.8 kernel is vulnerable.

CAN-2004-1190

Could be SuSE specific, unclear and not enough info.

CAN-2004-1151

My notes indicate that this was fixed in svn at some point, but
I can't find the fix now.

CAN-2004-1144

Amd64 specific, don't know if we're vulnerable.

CAN-2004-1074

Fixed in kernel-source-2.6.8 2.6.8-11, kernel-source-2.4.27
2.4.27-7, and te binary packages uild from them.

CAN-2004-1073
CAN-2004-1072
CAN-2004-1071
CAN-2004-1070

2.6.8 and 2.4.27 are not vulnerable to these.

CAN-2004-1069

Only affects 2.6. Fixed in kernel-source-2.6.8 2.6.8-11.

CAN-2004-1068

Fixed in kernel-source-2.4.27 2.4.27-7, kernel-source-2.6.8 2.6.8-11.

CAN-2004-1058

AFAIK it's unfixed.

CAN-2004-1056

Fixed in kernel-source-2.4.27 2.4.27-8 (not yet released),
kernel-source-2.6.8 2.6.8-11.

CAN-2004-1017

Unknown.

CAN-2004-1016

Fixed in kernel-image-2.4.27-i386 2.4.27-7.

CAN-2004-0949

Fixed in 2.4.27, but 2.6.8 may still be vulnerable.

CAN-2004-0887

s390 specific. Fixed in linux-kernel-image-2.6.8-s390 2.6.8-3,
kernel-source-2.6.8 2.6.8-10

CAN-2004-0883

Unknown.

CAN-2004-0814

Fixed in kernel-source-2.6.8 2.6.8-8, kernel-source-2.4.27 2.4.27-7

CAN-2004-0813

Fixed in recent 2.6 and 2.4 kernels.

CAN-2004-0685

Unknown.

CAN-2004-0596

Unknown.

CAN-2003-0465

May be unfixed in our 2.4.27 kernel on some arches (bug #280492)
i386 and ppc32 are ok.
2.6 fixed.

-- 
see shy jo, wondering when the kernel security silly season closes


signature.asc
Description: Digital signature


Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

2005-01-12 Thread Jan Lühr
Greetings,

Am Mittwoch, 12. Januar 2005 18:27 schrieb Sam Morris:
 Jan Lhr wrote:
  Greetings,
 
  things seem to be in a rush right now, and I'm looking for a little
  overview. In the past 1-2 months several kernel exploits rushed through
  the news that might / can / probably will affect debian stable. However,
  I haven't seen any signle DSA regarding the following issues: Can you
  please give me an overview:  Which problems do affected
  kernel-source-2,4.18? - If so, what is the current status of the
  according DSA? Because of running an
  terminal-Server I'd like to know, what's going on at these issues.

 Add CAN-2004-0554 as well--bug #261521 has been open against
 kernel-image-2.4.18-1-i386 (but not against kernel-image-2.4.18-i386)
 since July wish no updates.

Uhoh. I tend to use 4-letter words, but this would be highly inappropriate. If 
it's true, can someone from the official security / kernel team post an 
official statement on this issue, please?
It was scared, when I saw a CAN Id from 1999 in 2004 when a squid bug was 
fixed, but this quite serious.
But anyway, it's not my point to critize the work of the teams. I don't know 
how to fix it, I don't the reasons for not fixing it already.
@who-ever-is-in-charge-with this. Please state your reasons and give a view on 
comming DSAs.
   
 I believe someone posted here a few months ago asking about the bug, and
 was told that updates were being prepared--but that has not yet happened.
 :(

Release Sarge! - and I will switch to testing using the freebsd kernel. 
Hopefully, things are not that mad then :-(

keep smiling
yanosz



Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

2005-01-12 Thread Jan Lühr
Greetings,

Am Mittwoch, 12. Januar 2005 20:32 schrieb Joey Hess:
 Jan Lühr wrote:
  things seem to be in a rush right now, and I'm looking for a little
  overview. In the past 1-2 months several kernel exploits rushed through
  the news that might / can / probably will affect debian stable. However,
  I haven't seen any signle DSA regarding the following issues: Can you
  please give me an overview:  Which problems do affected
  kernel-source-2,4.18? - If so, what is the current status of the
  according DSA?

 I'm afraid that I can only tell you the status of 2.6.8 and 2.4.27 in
 unstable/testing. AFAIK there have not been DSAs for any of these to fix
 stable, and I don't know which ones really affect stable. Probably most of
 them.

 Some of the information below may be incorrect, the kernel team knows
 better than I.

(...) Interesting and helpful information not quoted for better reading.

 A few others you left out:

Thanks for your help, the topic is quite wide-spreded, and I'm a part time 
network administrator..
Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of 
2.4.18 from woody?

 CAN-2004-1337

  Apparently only affects 2.6, we're not very vulnerable since the
  module is loaded by the initrd. Not yet fixed.
 CAN-2004-1335

  Fixed in kernel-source-2.6.8. 2.4 is not fixed.

 CAN-2004-1234

  Does not affect sarge since we have a kernel  2.4.25.

 CAN-2004-1191

  Should not affect our 2.4 kernel since it was fixed in 2.4.27.
  Probably our 2.6.8 kernel is vulnerable.

 CAN-2004-1190

  Could be SuSE specific, unclear and not enough info.

 CAN-2004-1151

  My notes indicate that this was fixed in svn at some point, but
  I can't find the fix now.

 CAN-2004-1144

  Amd64 specific, don't know if we're vulnerable.

 CAN-2004-1074

  Fixed in kernel-source-2.6.8 2.6.8-11, kernel-source-2.4.27
  2.4.27-7, and te binary packages uild from them.

 CAN-2004-1073
 CAN-2004-1072
 CAN-2004-1071
 CAN-2004-1070

  2.6.8 and 2.4.27 are not vulnerable to these.

 CAN-2004-1069

  Only affects 2.6. Fixed in kernel-source-2.6.8 2.6.8-11.

 CAN-2004-1068

  Fixed in kernel-source-2.4.27 2.4.27-7, kernel-source-2.6.8 2.6.8-11.

 CAN-2004-1058

  AFAIK it's unfixed.

 CAN-2004-1056

  Fixed in kernel-source-2.4.27 2.4.27-8 (not yet released),
  kernel-source-2.6.8 2.6.8-11.

 CAN-2004-1017

  Unknown.

 CAN-2004-1016

  Fixed in kernel-image-2.4.27-i386 2.4.27-7.

 CAN-2004-0949

  Fixed in 2.4.27, but 2.6.8 may still be vulnerable.

 CAN-2004-0887

  s390 specific. Fixed in linux-kernel-image-2.6.8-s390 2.6.8-3,
  kernel-source-2.6.8 2.6.8-10

 CAN-2004-0883

  Unknown.

 CAN-2004-0814

  Fixed in kernel-source-2.6.8 2.6.8-8, kernel-source-2.4.27 2.4.27-7

 CAN-2004-0813

  Fixed in recent 2.6 and 2.4 kernels.

 CAN-2004-0685

  Unknown.

 CAN-2004-0596

  Unknown.

 CAN-2003-0465

  May be unfixed in our 2.4.27 kernel on some arches (bug #280492)
  i386 and ppc32 are ok.
  2.6 fixed.

Thanks for your help. I'll look for information on this tomorrow. Is all 
information available, (as far as I need 'em to check whether it concerns me) 
or is it kept under disclosure?

Keep smiling
yanosz