Home page logo

bugtraq logo Bugtraq mailing list archives

TSLSA-2006-0042 - multi
From: Trustix Security Advisor <tsl () trustix org>
Date: Fri, 21 Jul 2006 15:17:38 +0200

Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0042

Package names:     gnupg, kernel, samba
Summary:           Multiple vulnerabilities
Date:              2006-07-21
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
  GnuPG is a complete and free replacement for PGP. Because it does not
  use IDEA it can be used without any restrictions. GnuPG is in compliance
  with the OpenPGP specification (RFC2440).

  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process 
  allocation, device input and output, etc.

  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines. Samba
  uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI
  (Microsoft Raw NetBIOS frame) protocol.

Problem description:
  gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - SECURITY Fix: A vulnerability has been reported in GnuPG, cause due
    to an input validation error within "parse-packet.c" when handling
    the length of a message packet. This can be exploited to cause gpg
    to consume large amount of memory or crash via an overly large packet
    length in a message packet. This can be further exploited to cause an
    integer overflow which leads to a possible memory corruption that
    crashes gpg.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2006-3082 to this issue.

  kernel < TSL 3.0 >
  - New upstream.
  - Upgraded 3ware 9xxx RAID driver, Bug #1823.
  - SECURITY FIX: A vulnerability has been reported in the Linux kernel,
    which can be exploited by malicious, local users to gain escalated
    privileges. The vulnerability is caused due to a race condition in
    "/proc" when changing file status. Successful exploitation allows
    execution of arbitrary code with root privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2006-3626 to this issue.
  samba < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - SECURITY Fix: A vulnerability has been reported in Samba, caused due
    to an error when handling a lot of share connection requests. This
    can be exploited to cause smbd to exhaust memory resources via a
    large number of share connections.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2006-3403 to this issue. 

  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.

  All Trustix Secure Linux updates are available from

About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.

Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Check out our mailing lists:

  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  or directly at

MD5sums of the packages:
- --------------------------------------------------------------------------
f86810db08844c94b81fd105e664fe01  3.0/rpms/gnupg-1.4.4-1tr.i586.rpm
63bfe9bd1aec22b236da29ccbf8a4655  3.0/rpms/gnupg-utils-1.4.4-1tr.i586.rpm
166a291d8ada662af9ec23e022f10f45  3.0/rpms/kernel-
685242b444e0d1d778ec768a4a96f15f  3.0/rpms/kernel-doc-
d31937a2a5adf40196bc85370d441127  3.0/rpms/kernel-headers-
f07a32eeade28a2d0420df161e95fb58  3.0/rpms/kernel-smp-
a7e3cd4f1c9bcd6d4dca4aeb17ca0738  3.0/rpms/kernel-smp-headers-
66ff5b16345091c8870a202405cbeb3f  3.0/rpms/kernel-source-
5f1b3333e0e4ca35f47f753471da4602  3.0/rpms/kernel-utils-
d84b4f9c672459d3d8aa8d31ccb41831  3.0/rpms/samba-3.0.22-2tr.i586.rpm
13f99d5c950dfe7068937b3e9a26d84a  3.0/rpms/samba-client-3.0.22-2tr.i586.rpm
845519745dc778ae2e6420f5b6fbe130  3.0/rpms/samba-common-3.0.22-2tr.i586.rpm
e942e48ac256273d6dccb28b4ed5c3e4  3.0/rpms/samba-devel-3.0.22-2tr.i586.rpm
60c46bad4adc0d51b0c78852e47db908  3.0/rpms/samba-mysql-3.0.22-2tr.i586.rpm

870f8111fbe4cea1623678c977e97514  2.2/rpms/gnupg-1.2.6-3tr.i586.rpm
2276e7687268bf607d378ab05665e2c7  2.2/rpms/gnupg-utils-1.2.6-3tr.i586.rpm
bb3b9c56f4fd44ac10e7dda01a5c69df  2.2/rpms/samba-3.0.22-2tr.i586.rpm
ebf3d7854e10c8bb65b4a307bd9cf5ae  2.2/rpms/samba-client-3.0.22-2tr.i586.rpm
75db20c88bdf7e35077ab70c628a3f6d  2.2/rpms/samba-common-3.0.22-2tr.i586.rpm
f22d5e489fb365fa2d72aac15ab5cb32  2.2/rpms/samba-devel-3.0.22-2tr.i586.rpm
5ba89867dd0ef342d480e61c9a53b124  2.2/rpms/samba-mysql-3.0.22-2tr.i586.rpm
- --------------------------------------------------------------------------

Trustix Security Team

Version: GnuPG v1.4.4 (GNU/Linux)


  By Date           By Thread  

Current thread:
  • TSLSA-2006-0042 - multi Trustix Security Advisor (Jul 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]