-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0018

Package names:	   kernel, samba
Summary:           Multiple vulnerabilities
Date:              2006-04-04
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

  samba
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines. Samba
  uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI
  (Microsoft Raw NetBIOS frame) protocol.

Problem description:
  kernel < TSL 3.0 >
  - New Upstream.
  - SECURITY Fix: Marco Ivaldi has reported a weakness caused due
    to an error within the "ip_push_pending_frames()" function when
    creating a packet in reply to a received SYN/ACK packet. This
    causes RST packets to be sent with a IP ID value that is 
    incremented per packet. This can potentially be exploited to
    conduct idle scan attacks.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) 
    has assigned the name CVE-2006-1242 to this issue.

  samba < TSL 3.0 > < TSL 2.2 > < TSEL 2 > 
  - New Upstream
  - SECURITY Fix: The winbindd daemon included in previous Samba
    version writes the clear text of server's machine credentials
    to its log file at level 5. The winbindd log files are world
    readable by default and often log files are requested on open
    mailing lists as tools used to debug server misconfigurations.
    This affects servers configured to use domain or ads security
    and possibly Samba domain controllers as well (if configured
    to use winbindd).

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2006-1059 to this issue.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2006/0018/>


MD5sums of the packages:
- --------------------------------------------------------------------------
752ec1ae9e8119c6997d2d54dd3fee68  3.0/rpms/kernel-2.6.16.1-1tr.i586.rpm
b8414417caca1f21c62593b7455aff1b  3.0/rpms/kernel-doc-2.6.16.1-1tr.i586.rpm
c4486f1de26b18545ba7b7527a3cd996  3.0/rpms/kernel-headers-2.6.16.1-1tr.i586.rpm
88cbd45e06c528a21f19664abade9c03  3.0/rpms/kernel-smp-2.6.16.1-1tr.i586.rpm
acc7696781f984cdffed3ce86f29528f  3.0/rpms/kernel-smp-headers-2.6.16.1-1tr.i586.rpm
3eda5587148ba31f4efbd852993b5554  3.0/rpms/kernel-source-2.6.16.1-1tr.i586.rpm
5ca493aa78ba34575a95cb5258442e78  3.0/rpms/kernel-utils-2.6.16.1-1tr.i586.rpm
bc0f57c310c863b167d78d9c642132dd  3.0/rpms/samba-3.0.22-1tr.i586.rpm
67bc6324359cab44964a40f7299b94d1  3.0/rpms/samba-client-3.0.22-1tr.i586.rpm
4753cc2cdb544b93860ba25a8b99ebe9  3.0/rpms/samba-common-3.0.22-1tr.i586.rpm
ea202d9df679814e120586cb459def63  3.0/rpms/samba-devel-3.0.22-1tr.i586.rpm
a2d8900623e940ea2e536abd7b2828cf  3.0/rpms/samba-mysql-3.0.22-1tr.i586.rpm

aa1bb05ebff5c7a7c487612a6890d241  2.2/rpms/samba-3.0.22-1tr.i586.rpm
f2e7c4dae97c7885a14b8cba0955ab8f  2.2/rpms/samba-client-3.0.22-1tr.i586.rpm
677ac911124f3934d21a1df25ef55a2e  2.2/rpms/samba-common-3.0.22-1tr.i586.rpm
e725b7720fdeb8a3883c7a65e2f4f529  2.2/rpms/samba-devel-3.0.22-1tr.i586.rpm
22a29c309bc3c328bcbfd08665d1dc2c  2.2/rpms/samba-mysql-3.0.22-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMm3Zi8CEzsK9IksRAu8jAKCFexYuvdy5i0pY7zbh+58kEd5TkACfSo6s
V+NNybSqFCzdiVEuN3MPby0=
=PO/P
-----END PGP SIGNATURE-----