Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Slackware: kernel Security Issues Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Slackware New kernel packages are available for Slackware 9.1 and -current tofix security issues

[slackware-security]  kernel security updates (SSA:2004-119-01)

New kernel packages are available for Slackware 9.1 and -current to
fix security issues.  Also available are new kernel modules packages
(including alsa-driver), and a new version of the hotplug package
for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x)
kernel modules.

The most serious of the fixed issues is an overflow in ip_setsockopt(),
which could allow a local attacker to gain root access, or to crash or
reboot the machine.  This bug affects 2.4 kernels from 2.4.22 - 2.4.25.
Any sites running one of those kernel versions should upgrade right
away.  After installing the new kernel, be sure to run 'lilo'.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

Here are the details from the Slackware 9.1 ChangeLog:
Wed Apr 28 10:19:51 PDT 2004
patches/packages/kernel-ide-2.4.26-i486-2.tgz:  The first version of this
  package included one of the old 2.4.22 kernels by mistake.  Thanks to the
  many people who pointed out this error.  Sorry!
  (* Security fix *)
Tue Apr 27 15:25:29 PDT 2004
patches/packages/alsa-driver-0.9.8-i486-3.tgz:  Recompiled for Linux 2.4.26.
patches/packages/hotplug-2004_01_05-noarch-1.tgz:  This adds bugfixes for using
  a 2.6.x kernel, and adds the broken via-ircc module to the hotplug blacklist.
  Note that upgrading the package will not replace an existing blacklist, but
  as far as I can tell there are no ill effects from trying to load via-ircc
  other than the ugly mess on the screen at boot time.
patches/packages/kernel-ide-2.4.26-i486-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernel-headers-2.4.26-i386-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernel-modules-2.4.26-i486-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernel-source-2.4.26-noarch-1.tgz:  Upgraded to Linux 2.4.26.
patches/packages/kernels/*:  Upgraded to Linux 2.4.26.
  These 2.4.26 kernel upgrades fix:
    an overflow in ip_setsockopt() [CAN-2004-0424]
    a flaw in do_fork() that could lead to a DoS
    an (unexploitable) overflow in panic() [CAN-2004-0394]
  For more details, see:
  (* Security fix *)


Updated packages for Slackware 9.1:
New precompiled kernels:

Updated packages for Slackware -current:
New precompiled kernels:


Slackware 9.1 packages:
e628350bb01c18d7a6ad4706961601d8  alsa-driver-0.9.8-i486-3.tgz
be986b3ebfd3a398990b249422707b84  hotplug-2004_01_05-noarch-1.tgz
b45ba64a70f256ff33b35fb1ca409063  kernel-headers-2.4.26-i386-1.tgz
a834060c508607169e98db7ede93409d  kernel-ide-2.4.26-i486-2.tgz
b34e78fa2b9f451007fa3a0849faedfe  kernel-modules-2.4.26-i486-1.tgz
ac3437a4ade365dce9b94afb3cb85d75  kernel-source-2.4.26-noarch-1.tgz

Slackware -current packages:
aa05198221027c6ce9055595ee76c409  kernel-ide-2.4.26-i486-1.tgz
1d2f8a04342dbf8482f67d9787a693c4  kernel-modules-2.4.26-i486-1.tgz
9e726b8766e807147cf4859a6bb33f48  kernel-headers-2.4.26-i386-1.tgz
ac3437a4ade365dce9b94afb3cb85d75  kernel-source-2.4.26-noarch-1.tgz
3922b3ebba1029e0f1041dc6a1926bd2  alsa-driver-1.0.4-i486-2.tgz


Use upgradepkg to install the new packages.
After installing the kernel-ide package you will need to run lilo ('lilo' at
a command prompt) or create a new system boot disk ('makebootdisk'), and

If desired, a kernel from the kernels/ directory may be used instead.  For
example, to use the kernel in kernels/scsi.s/, you would copy it to the
boot directory like this:

cd kernels/scsi.s
cp bzImage /boot/vmlinuz-scsi.s-2.4.26

Create a symbolic link:
ln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz

Then, run 'lilo' or create a new system boot disk and reboot.


Slackware Linux Security Team

| Send an email to with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.