-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Kernel security update  (SSA:2003-336-01)

New kernels are available for Slackware 9.1 and -current.  These
have been upgraded to Linux kernel version 2.4.23, which fixes a
bug in the kernel's do_brk() function that could be exploited to
gain root privileges.  These updated kernels and modules should be
installed by any sites running a 2.4 kernel earlier than 2.4.23.
Linux 2.0 and 2.2 kernels are not vulnerable.

More details about the Apache issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Mon Dec  1 21:36:30 PST 2003
patches/kernels/:  Upgraded to Linux 2.4.23.  This fixes a bug in the
  kernel's do_brk() function which a local user could exploit to gain
  root privileges.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
  Sites should upgrade to the 2.4.23 kernel and kernel modules.  After
  installing the new kernel, be sure to run 'lilo'.
  (* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-1.tgz:  Upgraded to
  alsa-driver-0.9.8, compiled against linux-2.4.23.
patches/packages/alsa-lib-0.9.8-i486-1.tgz:  Upgraded to alsa-lib-0.9.8.
patches/packages/alsa-oss-0.9.8-i486-1.tgz:  Upgraded to alsa-oss-0.9.8.
patches/packages/alsa-utils-0.9.8-i486-1.tgz:  Upgraded to
  alsa-utils-0.9.8.
patches/packages/kernel-ide-2.4.23-i486-1.tgz:  Upgraded bare.i kernel
  package to Linux 2.4.23.
patches/packages/kernel-modules-2.4.23-i486-1.tgz:  Upgraded to Linux
  2.4.23 kernel modules.
patches/packages/kernel-source-2.4.23-noarch-2.tgz:  Upgraded to Linux
  2.4.23 kernel source, with XFS and Speakup patches included (but not
  pre-applied).
patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz:
  Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs.
patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz:
  Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched)
  kernel.
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 9.1:

An alternate kernel may be installed.  Those are found in this directory:

ALSA has also been updated to 0.9.8 and compiled for 2.4.23.  These
packages will also be required to use the ALSA sound system:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-oss-0.9.8-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-utils-0.9.8-i486-1.tgz

The XFS patched kernel requires different kernel modules.  If you use
the XFS filesystem and XFS patched kernel (xfs.s), these packages
contain kernel modules compiled against 2.4.23-xfs:


Updated packages for Slackware -current:


MD5 SIGNATURES:
+-------------+

MD5 signatures may be downloaded from our FTP server:

Slackware 9.1 packages:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5

To verify authenticity, this file has been signed with the Slackware
GPG key (use 'gpg --verify'):



Slackware -current packages:
ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5
ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc


INSTALLATION INSTRUCTIONS:
+------------------------+

Use upgradepkg to install the new kernel, kernel-modules, and alsa packages.
After installing the kernel-ide package you will need to run lilo ('lilo' at
a command prompt) or create a new system boot disk ('makebootdisk'), and
reboot.

If desired, a kernel from the kernels/ directory may be used instead.  For
example, to use the kernel in kernels/scsi.s/, you would copy it to the
boot directory like this:

cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.23

Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.23 /boot/vmlinuz

Then, run 'lilo' or create a new system boot disk and reboot.


+-----+

Slackware: 2003-336-01: Kernel Security Update

December 2, 2003
New kernels are available for Slackware 9.1 and -current

Summary

Here are the details from the Slackware 9.1 ChangeLog: Mon Dec 1 21:36:30 PST 2003 patches/kernels/: Upgraded to Linux 2.4.23. This fixes a bug in the kernel's do_brk() function which a local user could exploit to gain root privileges. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961 Sites should upgrade to the 2.4.23 kernel and kernel modules. After installing the new kernel, be sure to run 'lilo'. (* Security fix *) patches/packages/alsa-driver-0.9.8-i486-1.tgz: Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23. patches/packages/alsa-lib-0.9.8-i486-1.tgz: Upgraded to alsa-lib-0.9.8. patches/packages/alsa-oss-0.9.8-i486-1.tgz: Upgraded to alsa-oss-0.9.8. patches/packages/alsa-utils-0.9.8-i486-1.tgz: Upgraded to alsa-utils-0.9.8. patches/packages/kernel-ide-2.4.23-i486-1.tgz: Upgraded bare.i kernel package to Linux 2.4.23. patches/packages/kernel-modules-2.4.23-i486-1.tgz: Upgraded to Linux 2.4.23 kernel modules. patches/packages/kernel-source-2.4.23-noarch-2.tgz: Upgraded to Linux 2.4.23 kernel source, with XFS and Speakup patches included (but not pre-applied). patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz: Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs. patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz: Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched) kernel. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 9.1: An alternate kernel may be installed. Those are found in this directory: ALSA has also been updated to 0.9.8 and compiled for 2.4.23. These packages will also be required to use the ALSA sound system: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-oss-0.9.8-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/alsa-utils-0.9.8-i486-1.tgz The XFS patched kernel requires different kernel modules. If you use the XFS filesystem and XFS patched kernel (xfs.s), these packages contain kernel modules compiled against 2.4.23-xfs: Updated packages for Slackware -current: MD5 SIGNATURES: MD5 signatures may be downloaded from our FTP server: Slackware 9.1 packages: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5 To verify authenticity, this file has been signed with the Slackware GPG key (use 'gpg --verify'): Slackware -current packages: ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5 ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc INSTALLATION INSTRUCTIONS: Use upgradepkg to install the new kernel, kernel-modules, and alsa packages. After installing the kernel-ide package you will need to run lilo ('lilo' at a command prompt) or create a new system boot disk ('makebootdisk'), and reboot. If desired, a kernel from the kernels/ directory may be used instead. For example, to use the kernel in kernels/scsi.s/, you would copy it to the boot directory like this: cd kernels/scsi.s cp bzImage /boot/vmlinuz-scsi.s-2.4.23 Create a symbolic link: ln -sf /boot/vmlinuz-scsi.s-2.4.23 /boot/vmlinuz Then, run 'lilo' or create a new system boot disk and reboot.

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] Kernel security update (SSA:2003-336-01)
New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's do_brk() function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4 kernel earlier than 2.4.23. Linux 2.0 and 2.2 kernels are not vulnerable.
More details about the Apache issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961

Installation Instructions

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved