DESCRIPTION

All versions of the Linux kernel have a vulnerability in the ptrace code, normally used for debugging purposes. A malicious local user could use ptrace facilities to obtain root privileges.

SOLUTION

This upgrade is recommended for dm-3.9-28 systems only. The OfficeServer and other images derived from the earlier dm-3.1-15 image use a 2.2 kernel rather than the 2.4 kernel. The uprade from 2.2 to 2.4, while possible, requires several other components to be updated as well.

The default configuration of OfficeServer does not allow for local users on the system, so the risk from this bug is low.

Download the following RPM packages to the NetWinder into a temporary directory, then install them with the command "rpm -Uvh *.rpm". Be sure there are no other files ending in ".rpm" in the temporary directory. See http://www.netwinder.org/security/install.html for more help.

Required packages

ftp://ftp.netwinder.org/users/r/ralphs/kernel/beta/kernel-2.4.19-7.armv4l.rpm

Optional packages

ftp://ftp.netwinder.org/users/r/ralphs/kernel/beta/kernel-headers-2.4.19-7.armv4l.rpm

REFERENCES