|
|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: Kernel 2.2.16 and /usr/bin/Mail
Date: Sat, 10 Jun 2000 00:58:02 -0700 (PDT) |
|
====================================
Kernel Version 2.2.16 Security Fixes
====================================
The 2.2.16 release of the Linux kernel is available and includes a number of
security fixes. The following list of fixes comes from the kernel release
notes:
----------------------------------------------------------------------------
Capabilities -
Fixes for serious setuid handling flaws when using restricted capability
sets
ELF loader -
The ELF loader could be tricked by erroneous headers
Procfs -
Several /proc drivers failed to do correct sanity checking
Readv/writev -
Potential overflow bug fixed
Signal Stacks -
Exec failed to clear an existing alternate sigstack
System 5 Shared Memory -
If a user managed to attach a segment 65536 times bad things happened.
TCP multiconnect hang -
The TCP code had a bug that could cause the machine to hang. This was user
exploitable.
-----------------------------------------------------------------------------
We recommend that you read the above as a list of reasons to upgrade to 2.2.16,
if you're running a 2.2.x kernel. The capabilities hole is especially nasty,
as it allows a local user to gain root access from a program that normally
drops root privileges.
The standard pre-built Slackware kernels have been built from 2.2.16 source
and are now available in Slackware-current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/
You will probably also need a new set of modules, available from:
ftp://ftp.slackware.com/pub/slackware/slackware-current/modules/
They are also available in packaged form in the slackware-current ftp tree
(ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/). The
files, within that directory, are:
a1/modules.tgz, a1/scsimods.tgz, a1/sndmods.tgz, a1/fsmods.tgz,
and n1/netmods.tgz
The kernel release notes are available here:
http://www.linux.org.uk/VERSION/relnotes.2216.html
=========================
/usr/bin/Mail chmoded 755
=========================
The Mail program shipped with Slackware has been shown to be subject to a
buffer overflow that, if the program is sgid (as shipped with Slackware), can
provide a malicious user with gid "mail". Having gid "mail" does not allow a
user any special priveleges, as the mail group hasn't been used in Slackware
for years. There is a security advisory being passed around, but we assure
you there's no threat from the Mail flaw. Nonetheless, holes are no fun, and
we've closed this one by removing the sgid bit from /bin/Mail. A new
mailx.tgz package is available in Slackware-current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/mailx.tgz
==============================================================================
As always, more information is available in the Slackware-current ChangeLog:
ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt
-- Your Friendly Neighborhood Slackware Security Team
security@slackware.com
|
|
|
