OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: tslTRUSTIX.COM
Date: Thu Apr 05 2001 - 10:59:44 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Trustix Secure Linux Security Advisory #2001-0003

    Package name: kernel
    Severity: Local root exploit
    Date: 2001-04-05
    Affected versions: TSL 1.01, 1.1, 1.2

    - --------------------------------------------------------------------------

    Problem description:
            Some time ago, a vulnerability was discovered that allowed for root
            access through ptrace call in the linux kernel. This was
            originally considered fixed in a previous patch, but as it turns
            out, it wasn't. This is fixed in kernel version 2.2.19.

    Action:
      We recommend all systems which has this package installed to be upgraded.
      Please see the Kernel Upgrade Howto, available from
      <URL:http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html>
      for more information on how to upgrade your TSL kernel.

    Location:
      All TSL updates are available from
      <URL:http://www.trustix.net/pub/Trustix/updates/>
      <URL:ftp://ftp.trustix.net/pub/Trustix/updates/>

    Users of the SWUP tool, can enjoy having the security updates
    automatically installed using 'swup --upgrade'.

    Get SWUP from:
    ftp://ftp.trustix.net/pub/Trustix/software/swup/

    Note that you may not want to use SWUP to do unattended kernel upgrades,
    and it does not do so by default.

    Questions?
    Check out our mailinglists:
    http://www.trustix.net/support/

    Verification:
    This advisory is signed with the TSL sign key. It is available from:
    http://www.trustix.net/TSL-GPG-KEY

    Trustix Security Team

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE6zI25wRTcg4BxxS0RAnTXAJ9e/T9ysKpK9TQnXhP7V2aXsCiArgCdF12s
    K17kWuT59qtzxW64YMduZFQ=
    =m9sm
    -----END PGP SIGNATURE----- 

    --
Trustix Secure Linux Advisor
Homepage:           http://www.trustix.net/
Errata:             http://www.trustix.net/errata/
Automatic updates:  http://www.trustix.net/pub/Trustix/software/swup/