-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2004-1 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date : 06 Jan 2004 Last revised : 06 Jan 2004 Package : kernel Summary : kernel mremap vulnerability More information : The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system. The kernel handles the basic functions of the operating system. The Linux memory management subsystem (mremap) isssue have been discovered in Kernel2.4. Impact : The local users may be able to gain root privileges. Affected Products : - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kernel-2.6.0-1.src.rpm 45544647 dad02a4d70dc3ed4350fa82991a47aa2 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-2.6.0-1.i586.rpm 12769543 f03e5cf6edc499795ac5140802522357 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-doc-2.6.0-1.i586.rpm 1656736 94aab1e5179f9a6d218ed7dce1578ea6 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-extramodules-2.6.0-1.i586.rpm 1826391 639035070b268b94d865a4fa635602f5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-headers-2.6.0-1.i586.rpm 1745045 38f7c8ef9bbb7cf6dd5e3da38179fe42 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-pcmcia-cs-2.6.0-1.i586.rpm 284360 ba5d8bf9cb868fd2d2a3f075422ed72f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-smp-2.6.0-1.i586.rpm 13272763 dbc360351a49934f654a89e11f1ad75f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kernel-source-2.6.0-1.i586.rpm 27828780 3f92c2f6457539ba014740f4f8c214c6 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-16.src.rpm 41913762 bb068af1293917a5830bc39939c7ed60 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-16.i586.rpm 14072693 1e2dfa0a3a6f90daaa15d48a34082c31 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm 7100767 f2ab93bca6266a0484828d697af11d79 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm 1457894 ab50b07561aefd7ad8953ed599867163 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm 1815780 77d5fa6d227e8124bc9746f0f3e8da76 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm 329042 d2672266844a19e9b8aeb290d817e4e3 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm 14551108 9c0260f2032f0a9411b48030e37ecc6e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm 14540333 e4bc5e66c81abf489645ebbd593ba558 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-16.i586.rpm 26537903 6d29fd4d02d927970fc18e4f9b4bde3d Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-16.src.rpm 41913762 bb068af1293917a5830bc39939c7ed60 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-16.i586.rpm 14072693 1e2dfa0a3a6f90daaa15d48a34082c31 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm 7100767 f2ab93bca6266a0484828d697af11d79 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm 1457894 ab50b07561aefd7ad8953ed599867163 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm 1815780 77d5fa6d227e8124bc9746f0f3e8da76 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm 329042 d2672266844a19e9b8aeb290d817e4e3 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm 14551108 9c0260f2032f0a9411b48030e37ecc6e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm 14540333 e4bc5e66c81abf489645ebbd593ba558 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-16.i586.rpm 26537903 6d29fd4d02d927970fc18e4f9b4bde3d Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-16.src.rpm 41913762 bb068af1293917a5830bc39939c7ed60 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-16.i586.rpm 14072693 1e2dfa0a3a6f90daaa15d48a34082c31 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm 7100767 f2ab93bca6266a0484828d697af11d79 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm 1457894 ab50b07561aefd7ad8953ed599867163 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm 1815780 77d5fa6d227e8124bc9746f0f3e8da76 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm 329042 d2672266844a19e9b8aeb290d817e4e3 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm 14551108 9c0260f2032f0a9411b48030e37ecc6e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm 14540333 e4bc5e66c81abf489645ebbd593ba558 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-16.i586.rpm 26537903 6d29fd4d02d927970fc18e4f9b4bde3d Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-16.src.rpm 41913762 bb068af1293917a5830bc39939c7ed60 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-16.i586.rpm 14072693 1e2dfa0a3a6f90daaa15d48a34082c31 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-16.i586.rpm 7100767 f2ab93bca6266a0484828d697af11d79 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-16.i586.rpm 1457894 ab50b07561aefd7ad8953ed599867163 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-16.i586.rpm 1815780 77d5fa6d227e8124bc9746f0f3e8da76 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-16.i586.rpm 329042 d2672266844a19e9b8aeb290d817e4e3 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-16.i586.rpm 14551108 9c0260f2032f0a9411b48030e37ecc6e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-16.i586.rpm 14540333 e4bc5e66c81abf489645ebbd593ba558 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-16.i586.rpm 26537903 6d29fd4d02d927970fc18e4f9b4bde3d References : CVE [CAN-2003-0985] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 -------------------------------------------------------------------------- Revision History 06 Jan 2004 Initial release 06 Jan 2004 added Affected Products (Turbolinux 10 Desktop) -------------------------------------------------------------------------- Copyright(C) 2004 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/+qBIK0LzjOqIJMwRAm43AKCOD3wBSH00FtbQBKpsNa1Q0l5rXgCgpQCm p7/5HmI04H2bM6355huxMPM= =Uc8d -----END PGP SIGNATURE-----