- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2004-006 http://www.skolelinux.org/security/ Finn-Arne Johansen June 18-06-2004 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- Package : kernel-image-2.4.26-1-i386 Vulnerability : vulnerability in the clear_fpu() macro Problem-Type : local Need reboot : yes Debian-Edu-specific : no CVE ID : CAN-2004-0554 DSA ID : - A critical security vulnerability has been found in the Linux kernel in the clear_fpu() macro code. For more details, take a look at: http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html The new kernel packages built using the debian kernel source package, and patched with the code from http://linux.bkbits.net:8080/linux-2.4/gnupatch@40cdf6f8V7sOe5n96HA5Q7r9uDRvJQ The patch has been done by Finn-Arne Johansen We recommend that you upgrade your kernel packages to the new 2.4.26 version built for skolelinux. Note that there is not built special kernels for (amd Opteron) Upgrade Instructions - -------------------- Make sure 'deb ftp://ftp.skolelinux.no/skolelinux/ woody local' is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Find which flavour of the kernel you are running with the command 'uname -r' (examples: 386, 586tsc, 686, 686-smp, k6, k7, k7-smp). To upgrade, run this command replacing with yours: apt-get install kernel-image-2.4.26-1- If you are unfamiliar with kernel upgrades, please visit our mini-HOWTO on this subject: http://www.skolelinux.org/security/kernel-upgrade - -------------------------------------------------------------------------- For apt-get: deb ftp://ftp.skolelinux.no/skolelinux/ woody local Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de Package info: `apt-cache show '