Linux Kernel Privileged Process Hijacking Vulnerability

Solution:
Debian has released an advisory (DSA 423-1) that addresses the issue that is described in this BID for the IA-64 architecture. Further details regarding obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory (SuSE-SA:2003:049) to address this issue. Users are advised to apply appropriate fixes as soon as possible. Please see referenced advisory for further details regarding obtaining and applying fixes.

Red Hat has released revised advisory RHSA-2003:098-03, which addresses this issue. Please see the attached advisory for instructions on obtaining and applying fixes.

Gentoo Linux has released an advisory (200303-17) which addresses this issue. Please see the attached advisory for instructions on obtaining and applying fixes.

Red Hat has released advisory RHSA-2003:098-00, and also advisory RHSA-2003:135-00 which addresses this issue. Please see the attached advisory for instructions on obtaining and applying fixes.

*** It should be noted that Red Hat 7.2 ia64 fixes have been made available in an updated RHSA-2003:098 advisory. However, reports indicate that the updated kernel does not apply the appropriate patch correctly, leaving updated kernels vulnerable to this issue.

*** RHSA-2003:098 has been updated to include newly released Red Hat 7.2 ia64 fixes to correctly address this issue.

EnGarde Secure Linux has released a security advisory (ESA-20030318-009) and fixes which address this issue. Users are advised to upgrade as soon as possible.

Trustix has released a security advisory (TSLSA-2003-0007) which contains fixes. Further information on how to obtain and apply fixes can be found in the attached advisory.

Sorcerer Linux has advised that users update using the following commands:

augur synch && augur update

SuSE has released a security advisory (SuSE-SA:2003:021) which contains fixes addressing this issue.

CRUX has released CRUX 1.1 which includes a 2.4.20 kernel that is patched against this issue. CRUX 1.0 users are advised to upgrade as soon as possible.

Alan Cox has released a patch for Linux 2.4.20 and 2.4.21pre1. Linux 2.2.25 has also been released which addresses this issue in the 2.2 tree.

Debian has released fixes for MIPS and PowerPC architectures. See the advisory in the References section for links to the fixes.

Sun has released an alert regarding this issue. Sun has released updates which address this issue on affected Cobalt systems.

Conectiva has released an advisory (CLA-2003:618) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Mandrake has revised its advisory (MDKSA-2003:038-1). Fixes for Mandrake Linux 8.2 and Multi-Network Firewall are available.

Red Hat has released an advisory (RHSA-2003-103) containing fixes for Red Hat Enterprise Linux on the x86 architecture. Patches are available through the Red Hat Network. Further information can be found in the attached web-based advisory.

SCO has released advisory CSSA-2003-020.0 with fixes to address this issue in Caldera Linux. See referenced advisory for additional fix information.

EnGarde has released an advisory. Information about obtaining fixes can be found in the referenced advisory (ESA-20030515-017).

Red Hat Linux has released a new advisory RHSA-2003:145-01. Users are advised to upgrade vulnerable systems with the fix information provided in the referenced advisory. Updates to packages are available through the Red Hat Network.

Red Hat Linux has released a new advisory RHSA-2003:187-01. Affected users are advised to upgrade to newer kernel packages. Further information is available in the referenced advisory.

Linux 2.4.21 has been released which addresses this and other security issues. Users of 2.4.x are advised to upgrade as soon as possible.

Debian has released a new advisory DSA 332-1. Information about obtaining and applying fixes are available in the referenced advisory.

A revised Debian advisory (DSA 336-2) has been released. New kernel 2.2.20 fixes are available. Further information is available in the referenced advisory. Users of the apt-get system are advised to issue the following commands to update affected systems:

apt-get update
apt-get upgrade

Debian has released an advisory (DSA 495-1) to address various issues in the Linux kernel. This advisory contains fixes for the ARM architecture. Please see the referenced advisory for more information.

Fixes available:


Linux kernel 2.2

Linux kernel 2.2.1

Linux kernel 2.2.10

Linux kernel 2.2.11

Linux kernel 2.2.12

Linux kernel 2.2.13

Linux kernel 2.2.14

Linux kernel 2.2.15

Linux kernel 2.2.16

Linux kernel 2.2.17

Linux kernel 2.2.18

Linux kernel 2.2.19

Linux kernel 2.2.2

Linux kernel 2.2.20

Linux kernel 2.2.21

Linux kernel 2.2.22

Linux kernel 2.2.23

Linux kernel 2.2.24

Linux kernel 2.2.3

Linux kernel 2.2.4

Linux kernel 2.2.5

Linux kernel 2.2.6

Linux kernel 2.2.7

Linux kernel 2.2.8

Linux kernel 2.2.9

Linux kernel 2.4

Linux kernel 2.4.1

Linux kernel 2.4.10

Linux kernel 2.4.11

Linux kernel 2.4.12

Linux kernel 2.4.13

Linux kernel 2.4.14

Linux kernel 2.4.15

Linux kernel 2.4.16

Linux kernel 2.4.17

Linux kernel 2.4.18

Linux kernel 2.4.19

Linux kernel 2.4.2

Linux kernel 2.4.20

Linux kernel 2.4.21 pre1

Linux kernel 2.4.3

Linux kernel 2.4.4

Linux kernel 2.4.5

Linux kernel 2.4.6

Linux kernel 2.4.7

Linux kernel 2.4.8

Linux kernel 2.4.9


 

Privacy Statement
Copyright 2010, SecurityFocus