-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0057
Package names: cups, kernel, openssl
Summary: Multiple vulnerabilities
Date: 2005-10-14
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
cups
The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
openssl
A C library that provides various crytographic algorithms and protocols,
including DES, RC4, RSA, and SSL. Includes shared libraries.
Problem description:
cups < TSL 2.2 > < TSEL 2 >
- Re-Apply Security Fix. CVE-2004-0888, CVE-2005-0064.
kernel < TSL 3.0 >
- New Upstream
- SECURITY Fix: The sys_set_mempolicy function in mempolicy.c in Linux
kernel 2.6.x allows local users to cause a denial of service
(kernel BUG()) via a negative first argument.
- Race condition in Linux 2.6, when threads are sharing memory mapping
via CLONE_VM (such as linuxthreads and vfork), might allow local users
to cause a denial of service (deadlock) by triggering a core dump while
waiting for a thread that has just performed an exec.
- fs/exec.c in Linux 2.6, when one thread is tracing another thread that
shares the same memory map, might allow local users to cause a denial
of service (deadlock) by forcing a core dump when the traced thread is
in the TASK_TRACED state.
- The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to cause
a denial of service (oops) by using hfsplus to mount a filesystem that is
not hfsplus.
- Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
when running on an SMP system that is operating under a heavy load, might
allow remote attackers to cause a denial of service (crash) via a series
of packets that cause a value to be modified after it has been read but
before it has been locked.
- Memory leak in "/security/keys/request_key_auth.c" can potentially be
exploited by non-privileged users to cause a DoS.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2005-3053, CVE-2005-3106, CVE-2005-3107,
CVE-2005-3108, CVE-2005-3109, CVE-2005-3110, CVE-2005-3119.
openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
(part of SSL_OP_ALL). This option used to disable the countermeasure
against man-in-the-middle protocol-version rollback in the SSL 2.0 server
implementation, which is a bad idea.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-2969
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2005/0057/>
MD5sums of the packages:
- --------------------------------------------------------------------------
71996744ffdba603d36050fa341a6d61 2.2/rpms/cups-1.1.23-5tr.i586.rpm
4b4d5fe96512a50ae96686930681c95b 2.2/rpms/cups-devel-1.1.23-5tr.i586.rpm
39ec4d3d5d976165d0ab638e32d8b4e8 2.2/rpms/cups-libs-1.1.23-5tr.i586.rpm
99a4dd6ce9c0a663db4a89418be919de 2.2/rpms/openssl-0.9.7e-6tr.i586.rpm
8720b65174a2fe61433c9c8bb32ade65 2.2/rpms/openssl-devel-0.9.7e-6tr.i586.rpm
a2dff79f4a9b831acff6af14c50c0469 2.2/rpms/openssl-python-0.9.7e-6tr.i586.rpm
e16d089bba481621431beb04dfc0b55a 2.2/rpms/openssl-support-0.9.7e-6tr.i586.rpm
a4b179055d87886f5342eb00abcaa9fc 3.0/rpms/kernel-2.6.13.4-1tr.i586.rpm
305d521bd4542e2f71f3cf42af6ce275 3.0/rpms/kernel-doc-2.6.13.4-1tr.i586.rpm
4985bb2ae00f77f1058f660134d01254 3.0/rpms/kernel-headers-2.6.13.4-1tr.i586.rpm
f1d13780bcaa83608993b6f3787717f6 3.0/rpms/kernel-smp-2.6.13.4-1tr.i586.rpm
f038611dd528d987eb8eb0dece1a6830
3.0/rpms/kernel-smp-headers-2.6.13.4-1tr.i586.rpm
706f8ce8e8a3b7908034ca32612b7adc 3.0/rpms/kernel-source-2.6.13.4-1tr.i586.rpm
ca505dd1b3d1b8a5a0b019ae200a468e 3.0/rpms/kernel-utils-2.6.13.4-1tr.i586.rpm
4b499c65ece0377d4e5c402af1b23609 3.0/rpms/openssl-0.9.7i-1tr.i586.rpm
93dbd422a4c28733b6e90b158348c3c3 3.0/rpms/openssl-devel-0.9.7i-1tr.i586.rpm
99de13687137116ac13ce3a23c67b444 3.0/rpms/openssl-support-0.9.7i-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDXJQAi8CEzsK9IksRAuwbAJ4iZ8SrxChfS11hcqLSI1OoRW9wCgCdG4AN
xv5qN8oUn3eBN3p0r/jzaHI=
=Bb1m
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-announce
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
