-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  kernel (SSA:2009-230-01)

New Linux kernel packages are available for Slackware 12.2 and -current
to address a security issue.  A kernel bug discovered by Tavis Ormandy
and Julien Tinnes of the Google Security Team could allow a local user 
to fill memory page zero with arbitrary code and then use the kernel
sendpage operation to trigger a NULL pointer dereference, executing the
code in the context of the kernel.  If successfully exploited, this bug
can be used to gain root access.

At this time we have prepared fixed kernels for the stable version of
Slackware (12.2), as well as for both 32-bit x86 and x86_64 -current
versions.  Additionally, we have added a package to the /patches
directory for Slackware 12.1 and 12.2 that will set the minimum memory
page that can be mmap()ed from userspace without additional privileges
to 4096.  The package will work with any kernel supporting the
vm.mmap_min_addr tunable, and should significantly reduce the potential
harm from this bug, as well as future similar bugs that might be found
in the kernel.  More updated kernels may follow.

For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692


Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/linux-2.6.27.31/:
  Added new kernels and kernel packages for Linux 2.6.27.31 to address
  a bug in proto_ops structures which could allow a user to use the
  kernel sendpage operation to execute arbitrary code in page zero.
  This could allow local users to gain escalated privileges.
  This flaw was discovered by Tavis Ormandy and Julien Tinnes of the
  Google Security Team.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
  In addition, these kernels change CONFIG_DEFAULT_MMAP_MIN_ADDR kernel
  config option value to 4096, which should prevent the execution of
  arbitrary code by future NULL dereference bugs that might be found in
  the kernel.  If you are compiling your own kernel, please check this
  option in your .config.  If it is set to =0, you may wish to edit it
  to 4096 (or some other value > 0) and then reconfigure, or the kernel
  will not have default protection against zero page attacks from
  userspace.
  (* Security fix *)
patches/packages/kernel-mmap_min_addr-4096-noarch-1.tgz:
  This package adds an init script to edit /etc/sysctl.conf, adding
  this config option:
    vm.mmap_min_addr = 4096
  This will configure the kernel to disallow mmap() to userspace of any
  page lower than 4096, preventing privilege escalation by CVE-2009-2692.
  This is a hot fix package and will take effect immediately upon
  installation on any system running a kernel that supports configurable
  /proc/sys/vm/mmap_min_addr (kernel 2.6.23 or newer).
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated kernel packages for Slackware 12.2 may be found here:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-firmware-2.6.27.31-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-generic-2.6.27.31-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-headers-2.6.27.31_smp-x86-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-huge-2.6.27.31-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-huge-smp-2.6.27.31_smp-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-modules-2.6.27.31-i486-1.tgz

Updated kernel packages for Slackware -current may be found here:

Updated kernel packages for Slackware64 -current may be found here:

Hotfix/init script packages to increase mmap_min_addr to 4096:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/kernel-mmap_min_addr-4096-noarch-1.tgz

These packages are the same, and will work with any 2.6.23 or newer kernel.


Signatures:
+---------+

All packages are signed with the Slackware Security Team GPG signature for
verification of authenticity.  File may also be checked with the CHECKSUMS.md5
file provided in each Slackware directory tree, which is also signed with the
Slackware GPG key.


Kernel patches for Linux 2.4.x and Linux 2.6.x:
+---------------------------------------------+

Kernel patches for CVE-2009-2692 that should apply cleanly to most 2.4
and 2.6 kernel source may be found here:



Installation instructions:
+------------------------+

Upgrade the kernel packages as root, rebuild the initrd with
mkinitrd, and reinstall LILO.  For details on the process of
updating the Slackware 12.2 kernels, see the README file in
/patches/packages/linux-2.6.27.31/.

To activate the mmap_min_addr protection in your /etc/sysctl.conf
for 2.6.23 or newer kernels, simply install the package:

installpkg kernel-mmap_min_addr-4096-noarch-1.tgz

If you are building your own kernel from unfixed vanilla sources,
the patch appropriate for your kernel may be applied to the source
like this:

cd /usr/src/linux
zcat linux-2.6.x-CVE-2009-2692.diff.gz | patch -p1 --verbose


+-----+

Slackware: 2009-230-01: kernel Security Update

August 19, 2009
New Linux kernel packages are available for Slackware 12.2 and -current to address a security issue

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/linux-2.6.27.31/: Added new kernels and kernel packages for Linux 2.6.27.31 to address a bug in proto_ops structures which could allow a user to use the kernel sendpage operation to execute arbitrary code in page zero. This could allow local users to gain escalated privileges. This flaw was discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 In addition, these kernels change CONFIG_DEFAULT_MMAP_MIN_ADDR kernel config option value to 4096, which should prevent the execution of arbitrary code by future NULL dereference bugs that might be found in the kernel. If you are compiling your own kernel, please check this option in your .config. If it is set to =0, you may wish to edit it to 4096 (or some other value > 0) and then reconfigure, or the kernel will not have default protection against zero page attacks from userspace. (* Security fix *) patches/packages/kernel-mmap_min_addr-4096-noarch-1.tgz: This package adds an init script to edit /etc/sysctl.conf, adding this config option: vm.mmap_min_addr = 4096 This will configure the kernel to disallow mmap() to userspace of any page lower than 4096, preventing privilege escalation by CVE-2009-2692. This is a hot fix package and will take effect immediately upon installation on any system running a kernel that supports configurable /proc/sys/vm/mmap_min_addr (kernel 2.6.23 or newer). (* Security fix *)

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated kernel packages for Slackware 12.2 may be found here: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-firmware-2.6.27.31-noarch-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-generic-2.6.27.31-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-headers-2.6.27.31_smp-x86-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-huge-2.6.27.31-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-huge-smp-2.6.27.31_smp-i686-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-modules-2.6.27.31-i486-1.tgz
Updated kernel packages for Slackware -current may be found here:
Updated kernel packages for Slackware64 -current may be found here:
Hotfix/init script packages to increase mmap_min_addr to 4096: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/kernel-mmap_min_addr-4096-noarch-1.tgz
These packages are the same, and will work with any 2.6.23 or newer kernel.

Signatures:
All packages are signed with the Slackware Security Team GPG signature for verification of authenticity. File may also be checked with the CHECKSUMS.md5 file provided in each Slackware directory tree, which is also signed with the Slackware GPG key.

Kernel patches for Linux 2.4.x and Linux 2.6.x:
Kernel patches for CVE-2009-2692 that should apply cleanly to most 2.4 and 2.6 kernel source may be found here:


MD5 Signatures

Severity
[slackware-security] kernel (SSA:2009-230-01)
New Linux kernel packages are available for Slackware 12.2 and -current to address a security issue. A kernel bug discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team could allow a local user to fill memory page zero with arbitrary code and then use the kernel sendpage operation to trigger a NULL pointer dereference, executing the code in the context of the kernel. If successfully exploited, this bug can be used to gain root access.
At this time we have prepared fixed kernels for the stable version of Slackware (12.2), as well as for both 32-bit x86 and x86_64 -current versions. Additionally, we have added a package to the /patches directory for Slackware 12.1 and 12.2 that will set the minimum memory page that can be mmap()ed from userspace without additional privileges to 4096. The package will work with any kernel supporting the vm.mmap_min_addr tunable, and should significantly reduce the potential harm from this bug, as well as future similar bugs that might be found in the kernel. More updated kernels may follow.
For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692

Installation Instructions

Installation instructions: Upgrade the kernel packages as root, rebuild the initrd with mkinitrd, and reinstall LILO. For details on the process of updating the Slackware 12.2 kernels, see the README file in /patches/packages/linux-2.6.27.31/. To activate the mmap_min_addr protection in your /etc/sysctl.conf for 2.6.23 or newer kernels, simply install the package: installpkg kernel-mmap_min_addr-4096-noarch-1.tgz If you are building your own kernel from unfixed vanilla sources, the patch appropriate for your kernel may be applied to the source like this: cd /usr/src/linux zcat linux-2.6.x-CVE-2009-2692.diff.gz | patch -p1 --verbose

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved