OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
From: Sergio Bruder (bruderCONECTIVA.COM.BR)
Date: Thu Jun 08 2000 - 18:15:04 CDT


----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE: kernel-2.2.14

SUMMARY : Security problems with capabilities
DATE : 2000-06-08
AFFECTED CONECTIVA VERSIONS : 4.0, 4.1, 4.2 and 5.0

DESCRIPTION

The 2.2.x series of the linux kernel implement capabilities.
Capabilites can be used to restrict what the root user can do.
Many privileged programs, such as SUID programs, drop root
privileges before taking certain action, such as executing an
user supplied program.
By constructing an environment where a certain capability is
set, the loss of root privileges doesn't work and the privileged
program keeps on taking its action, but as root, not as a normal
user as it was intended to do. This can lead to root compromise.

SOLUTION
All users MUST upgrade the kernel immediately by downloading
the appropriate package below. This release incorporates the
fix used in the 2.2.16 version.
This kernel vulnerability can be exploited in many ways. Some
vendors have provided updated packages for their SUID programs,
such as sendmail. By upgrading the kernel, these specific vendor
updates are not necessary for this problem, unless they fix
something else too that the user needs.

Updates for versions 4.0, 4.1 and 4.2 will follow shortly.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/alsasound-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-BOOT-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-doc-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-headers-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-ibcs-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-install-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-pcmcia-cs-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-smp-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/kernel-source-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-2.2.14-19cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/sensors-devel-2.2.14-19cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGE
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/kernel-2.2.14-19cl.src.rpm

----------------------------------------------------------------------

All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br