Linux 2.4 Kernel execve() System Call Race Condition Vulnerability
Debian has released an advisory (DSA 423-1) that addresses the issue that is described in this BID for the IA-64 architecture. Further details regarding obtaining and applying fixes can be found in the referenced advisory.
Debian has released an advisory (DSA 358-1) that addresses these issues. Details on obtaining and applying fixes can be found in the referenced advisory.
Debian has also released an updated advisory DSA 358-4. Details concerning obtaining and applying fixes can be found in the referenced advisory.
Mandrake Linux have released a security advisory (MDKSA-2003:074) to address this issue. Further details regarding downloading and applying these fixes can be found in the referenced advisory. Fixes are linked below.
Red Hat has released an advisory (RHSA-2003:238-01) that addresses this and a number of other vulnerabilities. Please see the attached advisory for details on obtaining and applying fixes.
Guardian Digital has released advisory ESA-20032407-018 to address this issue. See referenced advisory for additional information.
Conectiva has released an advisory (CLSA-2003:712) that provides kernel updates for CLEE. Please see the attached advisory for details for obtaining and applying updates.
SuSE has released advisory SuSE-SA:2003:034 to address this issue. Specific update information has been made available. Refer to the referenced advisory for additional details.
Gentoo has released advisory 200308-01 to address this issue. Affected users are advised to execute the following commands:
Red Hat has released an advisory (RHSA-2003:198-16) containing updated IA64 fixes for Red Hat Enterprise Linux AS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. These fixes are only available through the Red Hat Network which can be found at http://rhn.redhat.com/.
Red Hat has also released an advisory (RHSA-2003-239) containing kernel fixes for Red Hat Enterprise Linux AS, ES, and WS(v. 2.1). These fixes are also only available through the Red Hat Network which can be found at http://rhn.redhat.com/.
Turbolinux has released an advisory with fixes in order to address this and other issues.
RHBA-2003:263-05 (for non-Enterprise Red Hat distributions) has been released to address unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities.
Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8.
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1
Linux kernel 2.4.18
Linux kernel 2.4.19
Linux kernel 2.4.20
Mandriva Linux Mandrake 8.2
Mandriva Linux Mandrake 8.2 ppc