SmoothWall Project Security Advisory SWP-2004:003

» About the GPL Project » User Quotes » FAQs » History » Team » Commercial » Screenshots » Legal » Feedback

» Web Forums » IRC

» my.SmoothWall » Downloads » VMWare™ Images » Releases » Build Notes » Updates » Developers » Sources

home > get > security >

-------------------------------------------------------------
SmoothWall Project Security Advisory SWP-2004:003
-------------------------------------------------------------

    Summary: Updates for SmoothWall Express to correct
             local vulnerabilities in Linux kernel.
 Importance: Intermediate
      Issue: Possible local vulnerabilities
  CVE Names: CAN-2003-0020, CAN-2003-0993, CAN-2003-0987,
             CAN-2004-0079, CAN-2004-0112, CAN-2004-0174,
             CAN-2004-0394, CAN-2004-0424
   Released: 2004-05-25
SW-specific: no

Affected Products:

  SmoothWall Express 2.0 (fixes2)

The products shown must be updated to the fix level as 
shown above before applying any updates mentioned in this
advisory.

-------------------------------------------------------------
Description
-------------------------------------------------------------

Security vulnerabilities have been found in the Linux kernel,
Apache and OpenSSL packages.

These vulnerabilities can result in privilege escalation or
unwanted availability of sensitive information if exploited
locally.

-------------------------------------------------------------
Corrective Actions
-------------------------------------------------------------

You should download and install the required update for
your product(s).  The updates can be downloaded from the
web links below, along with installation instructions and
any further caveats or updates.

SmoothWall Express 2.0 fixes 3
- http://updates.smoothwall.org/p/x/2.0/fixes3.html

-------------------------------------------------------------
Further Information
-------------------------------------------------------------

CVE Candidate CAN-2003-0020
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
CVE Candidate CAN-2003-0993
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
CVE Candidate CAN-2003-0987
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
CVE Candidate CAN-2004-0079
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
CVE Candidate CAN-2004-0112
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
CVE Candidate CAN-2004-0174
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174
CVE Candidate CAN-2004-0394
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
CVE Candidate CAN-2004-0424
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424
OpenSSL Advisory
- http://www.openssl.org/news/secadv_20040317.txt
Apache 1.3.31 Changelog
- http://www.apache.org/dist/httpd/CHANGES_1.3
Linux Kernel 2.4.26 Changelog
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.26

____ smoothwall - delivering versatile, affordable security _