From LinuxFocus: “This article describes the solution of a problem that I had for a long time. How to get a ATEN UC-232A adapter to work? After much research I figured out how easy it is. The ATEN UC-232A is a RS232 serial line to USB adapter. It provides an additional RS232 serial line without the need of spending an extra interrupt (IRQ). It is a simple cable that you just plug into a USB port.”

Chuck Heffner writes “Hi. I’m writing to let you know that I’ve created a tracking list for the corrupt CDs that the labels are putting out to prevent copying or ripping (even though this completely legal). It’s at http://www.fatchucks.com/corruptcds and the list is growing a little bit each week as people become aware of it.”

Posted at Linux Weekly News: “The first prerelease of OpenGFS 0.1, codenamed “covenant” is now available.

This is mostly a bugfix release relative to GFS 4.1.1. It fixes major
security problems and race conditions.” OpenGFS is a continuation of the GPL version of the Global File System as originally started by Sistina but that later switched to a non-free license.

From Rubber Turnip: “Yesterday, about 15 minutes before I was due to finish work for the day, I had something of an epiphany as I realised that Galeon 0.12.6, the first release candidate of the Mozilla based browser for GNOME, is as close to my perfect browser as I’ve ever seen. Some explanation for this bizarre statement would seem to be in order.”

Devil-Linux has announced the second beta of its 0.5 release. This distribution is intended for use in firewalls and routers. Check out the Devil-Linux Web site for further information, changelog, and download links.

Syncookies are used to protect a system against certain Denial Of Service
(DOS) attacks. A flaw in this mechanism has been found which can be used to
circumvent certain types of firewall configurations.

Note: syncookies are not enabled in the default installation of Red Hat
Linux but many server administrators do enable syncookies.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          kernel 2.2 and 2.4: syncookie vulnerability
Advisory ID:       RHSA-2001:142-15
Issue date:        2001-10-26
Updated on:        2001-11-02
Product:           Red Hat Linux
Keywords:          syncookie security kernel
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Syncookies are used to protect a system against certain Denial Of Service
(DOS) attacks. A flaw in this mechanism has been found which can be used to
circumvent certain types of firewall configurations.

Note: syncookies are not enabled in the default installation of Red Hat
Linux but many server administrators do enable syncookies.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64

Red Hat Linux 7.0 - alpha, i386, i586, i686

Red Hat Linux 7.1 - alpha, i386, i586, i686, ia64

Red Hat Linux 7.2 - athlon, i386, i586, i686

3. Problem description:

Syncookies, while not enabled in default installations of Red Hat Linux,
are used to protect an Internet server against a certain type of DoS
attack--the so called "synflood"--by using a cryptographic challenge
protocol which ensures legitimate users can keep using the server. Under an
attack, the TCP/IP layer will, instead of just accepting new connections,
send back the challenge and only accept the connections in the
second phase ("syn ack") of the TCP/IP handshake (where the other party
returns the challenge value). The DoS attack, which consists of sending as
many first phase ("syn") packets as possible will be neutralized because
system resources are only used as part of the second phase.

Certain firewall configurations only filter the first phase ("syn") packets
to prevent connections to specific services. These systems are vulnerable
when an attacker can both force a system into flood protection state (by
starting a synflood attack on a non-firewalled port) and guess the
cryptographic challenge of a firewalled port. 

While the cryptographic hash used is strong, the number of bits available
is restricted by the TCP protocol header design. With a high speed link and
a lot of time, an attacker can eventually succeed in faking a valid cookie
and making a connection that a syn only firewall rule might have
prohibited.

The updated kernels have a modified synflood protection algorithm that now
uses a per port "under attack" state so that ports with only a first-phase
firewall rule will not use the "under attack" regime even when other,
non-firewalled, ports are under attack.


In addition, these packages fix a remote denial of service attack against
the TUX web server.  This attack can only succeed if the TUX web server
has been explicitly enabled; it is disabled by default.  Thanks to
Aidan O'Rawe for finding this bug.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied. 

The procedure for upgrading the kernel is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network.  Many
people find this to be an easier way to apply updates.  To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

55067 - Installer kernel won't boot on P60: machine check exception
55097 - bad: xconfig fails, good: config & menuconfig works
54829 - new linux-2.4.9-6 kernel fails to xconfig
54851 - Incorrect change to parameters for kallsyms_address_to_symbol()
54868 - NFS sever file lock is broken in 2.4.9-6
55082 - acenic driver on Kernel 2.4.9-6enterprise not loading on Netfinity 5500

6. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.19-6.2.12.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-smp-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-utils-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-doc-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-headers-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-source-2.2.19-6.2.12.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/kernel-jensen-2.2.19-6.2.12.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.19-6.2.12.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.19-6.2.12.i386.rpm

i586:
ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.19-6.2.12.i586.rpmftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.19-6.2.12.i586.rpm

i686:
ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.12.i686.rpmftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.19-6.2.12.i686.rpmftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.19-6.2.12.i686.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-smp-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-utils-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-doc-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-headers-2.2.19-6.2.12.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/kernel-source-2.2.19-6.2.12.sparc.rpm

sparc64:
ftp://updates.redhat.com/6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.12.sparc64.rpmftp://updates.redhat.com/6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.12.sparc64.rpmftp://updates.redhat.com/6.2/en/os/sparc64/kernel-2.2.19-6.2.12.sparc64.rpmftp://updates.redhat.com/6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.12.sparc64.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.19-7.0.12.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-smp-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-utils-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-doc-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-source-2.2.19-7.0.12.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/kernel-jensen-2.2.19-7.0.12.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.19-7.0.12.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.19-7.0.12.i386.rpm

i586:
ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.19-7.0.12.i586.rpmftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.19-7.0.12.i586.rpm

i686:
ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.12.i686.rpmftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.19-7.0.12.i686.rpmftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.19-7.0.12.i686.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.9-12.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-2.4.9-12.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/kernel-source-2.4.9-12.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/kernel-headers-2.4.9-12.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/kernel-doc-2.4.9-12.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/kernel-smp-2.4.9-12.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/kernel-BOOT-2.4.9-12.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.9-12.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.9-12.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-headers-2.4.9-12.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.9-12.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.9-12.i386.rpm

i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.9-12.i586.rpmftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.9-12.i586.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.9-12.i686.rpmftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.9-12.i686.rpmftp://updates.redhat.com/7.1/en/os/i686/kernel-enterprise-2.4.9-12.i686.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/kernel-2.4.9-12.ia64.rpmftp://updates.redhat.com/7.1/en/os/ia64/kernel-source-2.4.9-12.ia64.rpmftp://updates.redhat.com/7.1/en/os/ia64/kernel-headers-2.4.9-12.ia64.rpmftp://updates.redhat.com/7.1/en/os/ia64/kernel-doc-2.4.9-12.ia64.rpmftp://updates.redhat.com/7.1/en/os/ia64/kernel-smp-2.4.9-12.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.9-13.src.rpm

athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.9-13.athlon.rpmftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.9-13.athlon.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.9-13.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.9-13.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-headers-2.4.9-13.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.9-13.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.9-13.i386.rpm

i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.9-13.i586.rpmftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.9-13.i586.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.9-13.i686.rpmftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.9-13.i686.rpmftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.9-13.i686.rpmftp://updates.redhat.com/7.2/en/os/i686/kernel-enterprise-2.4.9-13.i686.rpm



7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
336b94fecfb1d8743fb8902aabd8f405 6.2/en/os/SRPMS/kernel-2.2.19-6.2.12.src.rpm
c0e980e0c7f37c25f75075d82c3674b2 6.2/en/os/alpha/kernel-2.2.19-6.2.12.alpha.rpm
b260e315fcb69fa6b79e324d354e71ed 6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.12.alpha.rpm
e35b617712c1ce4c40814d967c93d7c1 6.2/en/os/alpha/kernel-doc-2.2.19-6.2.12.alpha.rpm
4be86c30547a8970176c0aa8dfb05f0e 6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.12.alpha.rpm
5a8f6c029fb342b71b72d0bd23411db0 6.2/en/os/alpha/kernel-headers-2.2.19-6.2.12.alpha.rpm
caf0190338a4afdf6d561e52cbd31226 6.2/en/os/alpha/kernel-jensen-2.2.19-6.2.12.alpha.rpm
be7d0438c8adccd0e3f22ce5c2d7d9b9 6.2/en/os/alpha/kernel-smp-2.2.19-6.2.12.alpha.rpm
40cf8a3f621ed079cdea63dbb53dc0fe 6.2/en/os/alpha/kernel-source-2.2.19-6.2.12.alpha.rpm
b5852172767c173aae77596a5566345a 6.2/en/os/alpha/kernel-utils-2.2.19-6.2.12.alpha.rpm
383a93775aa5403b878e3e94f759a0c9 6.2/en/os/i386/kernel-2.2.19-6.2.12.i386.rpm
012c67e0d39b114cd27d333af6c979cd 6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.12.i386.rpm
f02db047a97df18b419656d740be9d87 6.2/en/os/i386/kernel-doc-2.2.19-6.2.12.i386.rpm
2d662967b7aa5d33abef8708e22cfcbc 6.2/en/os/i386/kernel-headers-2.2.19-6.2.12.i386.rpm
6a94d332832e44ef9e3ab8bc6e1e91a8 6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.12.i386.rpm
58b9fe2f012ff261b5c6fca00f6a6c05 6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.12.i386.rpm
d79b9ac16f0d7b9b522a0196fc025a2e 6.2/en/os/i386/kernel-smp-2.2.19-6.2.12.i386.rpm
12ae3d6af2df1139417daa75e1c63fa4 6.2/en/os/i386/kernel-source-2.2.19-6.2.12.i386.rpm
1c68d1fd6fe55b1941b08c1853da9eef 6.2/en/os/i386/kernel-utils-2.2.19-6.2.12.i386.rpm
3f211cda6505a310b242ada7027dc9b4 6.2/en/os/i586/kernel-2.2.19-6.2.12.i586.rpm
3e407af75a556f2ce612e833938d8cd5 6.2/en/os/i586/kernel-smp-2.2.19-6.2.12.i586.rpm
27fae43d1b9e04c1151a3a164d889bcc 6.2/en/os/i686/kernel-2.2.19-6.2.12.i686.rpm
e03ec095d621c895d71c9d1af2307d16 6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.12.i686.rpm
43491809de3902d31dfcced1fd44ee6e 6.2/en/os/i686/kernel-smp-2.2.19-6.2.12.i686.rpm
74f893ae177202357b6939e6a6397040 6.2/en/os/sparc/kernel-2.2.19-6.2.12.sparc.rpm
2f1f0934d8e50accc56e373116f530c1 6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.12.sparc.rpm
99521c034bc1da83db872a8dacf01a17 6.2/en/os/sparc/kernel-doc-2.2.19-6.2.12.sparc.rpm
cc8eddb94e0b738eb5cb88c457c98c5a 6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.12.sparc.rpm
e71f79f363d05a0c5984d056f94e625c 6.2/en/os/sparc/kernel-headers-2.2.19-6.2.12.sparc.rpm
76f045b1db4c1c4a55f3ac3469b1aa5d 6.2/en/os/sparc/kernel-smp-2.2.19-6.2.12.sparc.rpm
1c0fd18816732994aa27ed66b3849a07 6.2/en/os/sparc/kernel-source-2.2.19-6.2.12.sparc.rpm
bc948575895e457bfab2b76232e0ab02 6.2/en/os/sparc/kernel-utils-2.2.19-6.2.12.sparc.rpm
59ae3629df5fff111a391f4059d2a2e0 6.2/en/os/sparc64/kernel-2.2.19-6.2.12.sparc64.rpm
649ed74d4fb44dc07092fb8fa355eb00 6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.12.sparc64.rpm
8605f9f4e9426057e1fb9527892c4efe 6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.12.sparc64.rpm
42a0a7f05d2ffcaffc613bf0aaf20cdc 6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.12.sparc64.rpm
b3257f305e0e1a4a6241f5a56cb90ea6 7.0/en/os/SRPMS/kernel-2.2.19-7.0.12.src.rpm
60af98ffd100f6f2343e5c3f6202260a 7.0/en/os/alpha/kernel-2.2.19-7.0.12.alpha.rpm
ef9dbafbbb181645a766179f8d7b021a 7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.12.alpha.rpm
bd7b487a990644fe8e240149faadbd78 7.0/en/os/alpha/kernel-doc-2.2.19-7.0.12.alpha.rpm
cfbe56baab4def543cff73a9d6018c5f 7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.12.alpha.rpm
741880c2a27aff4359e155e3620a4702 7.0/en/os/alpha/kernel-jensen-2.2.19-7.0.12.alpha.rpm
512f8f58420952c905ce26167cb631cc 7.0/en/os/alpha/kernel-smp-2.2.19-7.0.12.alpha.rpm
3dc97d8591136be3383da02adb5052fc 7.0/en/os/alpha/kernel-source-2.2.19-7.0.12.alpha.rpm
6ff20a89aec3b5726254664faa92026a 7.0/en/os/alpha/kernel-utils-2.2.19-7.0.12.alpha.rpm
5ef8fbb28e1eb8bee232020c7e0e11ba 7.0/en/os/i386/kernel-2.2.19-7.0.12.i386.rpm
a57b7ac9873e3a072688333daa25910a 7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.12.i386.rpm
1c61150fdbfe5926ce10b6e3708321d8 7.0/en/os/i386/kernel-doc-2.2.19-7.0.12.i386.rpm
ef5ecb3401a6ec8adb3f0d9f192a96de 7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.12.i386.rpm
2443b3e1812195b7f3d15dd4e1c42693 7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.12.i386.rpm
7e7d5d5132e025810c5e3056b5611142 7.0/en/os/i386/kernel-smp-2.2.19-7.0.12.i386.rpm
777fc255bfe49b27c471077774ffc09a 7.0/en/os/i386/kernel-source-2.2.19-7.0.12.i386.rpm
0b7e54c77d268a85ee248403f009bab2 7.0/en/os/i386/kernel-utils-2.2.19-7.0.12.i386.rpm
4f7be1253b62b8cc010537528f68120e 7.0/en/os/i586/kernel-2.2.19-7.0.12.i586.rpm
6ce10ee753a30a1d86542670cac6f6a5 7.0/en/os/i586/kernel-smp-2.2.19-7.0.12.i586.rpm
9efeccc6f69f8816fab5bbcd041224a1 7.0/en/os/i686/kernel-2.2.19-7.0.12.i686.rpm
f3cbc795777dd18a186e9fb9bbf15808 7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.12.i686.rpm
05d175e6ff7f8687d3ef1091c8b67e7f 7.0/en/os/i686/kernel-smp-2.2.19-7.0.12.i686.rpm
bda764eb797d34d0c5ad251a4d95bf58 7.1/en/os/SRPMS/kernel-2.4.9-12.src.rpm
747b17fb92f8bcf5749842533652a80e 7.1/en/os/alpha/kernel-2.4.9-12.alpha.rpm
2f18e5f8e504bfcbbaac7a900465f1f7 7.1/en/os/alpha/kernel-BOOT-2.4.9-12.alpha.rpm
dc284b572198a939711ab5472479ff1d 7.1/en/os/alpha/kernel-doc-2.4.9-12.alpha.rpm
8f82b85b9eabd04ca705b87ea748d022 7.1/en/os/alpha/kernel-headers-2.4.9-12.alpha.rpm
1328a1c08c2ffa968407b9cbcd92ee6a 7.1/en/os/alpha/kernel-smp-2.4.9-12.alpha.rpm
b34bed11c436d563af83fa890eda9ec8 7.1/en/os/alpha/kernel-source-2.4.9-12.alpha.rpm
3aacd852f52a8b4dfd8cd91b17303375 7.1/en/os/i386/kernel-2.4.9-12.i386.rpm
c047388577512f0e04340dd7256bc720 7.1/en/os/i386/kernel-BOOT-2.4.9-12.i386.rpm
9f05e1cd67aaff2bbb58179bf7e4c7fd 7.1/en/os/i386/kernel-doc-2.4.9-12.i386.rpm
cc47a2568943ba7d3a8619297b46a420 7.1/en/os/i386/kernel-headers-2.4.9-12.i386.rpm
0fd276dbe3688fecf7b1d1ae685375f8 7.1/en/os/i386/kernel-source-2.4.9-12.i386.rpm
a2b9faa10219c22ace1fccf1d7fcb955 7.1/en/os/i586/kernel-2.4.9-12.i586.rpm
fa5cfcc16f4ea4ba9abab0361e45a6bb 7.1/en/os/i586/kernel-smp-2.4.9-12.i586.rpm
942efbd3eb389167579a435b1e6e5ec9 7.1/en/os/i686/kernel-2.4.9-12.i686.rpm
dddbf9b73335a8bd2193243ccaa42d53 7.1/en/os/i686/kernel-enterprise-2.4.9-12.i686.rpm
63543d58ec2cb3beb3fa75ab7f01efb5 7.1/en/os/i686/kernel-smp-2.4.9-12.i686.rpm
f0ce8588ae1983d291ea41e8bce682f5 7.1/en/os/ia64/kernel-2.4.9-12.ia64.rpm
b1f2f5eb150558579ecaa68d241d40d5 7.1/en/os/ia64/kernel-doc-2.4.9-12.ia64.rpm
01ddc6910d0a7ed5350c7e0e971e05fa 7.1/en/os/ia64/kernel-headers-2.4.9-12.ia64.rpm
17e769def69090ff7b6d17a596049eb5 7.1/en/os/ia64/kernel-smp-2.4.9-12.ia64.rpm
e80751d12cb444f84b49c22de3edf6d7 7.1/en/os/ia64/kernel-source-2.4.9-12.ia64.rpm
910e9b11dac35236f94c413b63728b8b 7.2/en/os/SRPMS/kernel-2.4.9-13.src.rpm
eee399a250faeaa6a6127ae685c8dceb 7.2/en/os/athlon/kernel-2.4.9-13.athlon.rpm
c44229a144bf37caf062bd55a4444f3d 7.2/en/os/athlon/kernel-smp-2.4.9-13.athlon.rpm
47b590b479c4e3b63171fc3ba4c4457f 7.2/en/os/i386/kernel-2.4.9-13.i386.rpm
f2827ea8c551c81a7e1fb02a2786fc2f 7.2/en/os/i386/kernel-BOOT-2.4.9-13.i386.rpm
9af0476874b6ec7e3e521a70fe7a5a6d 7.2/en/os/i386/kernel-doc-2.4.9-13.i386.rpm
b937212e08ac5d8fddcf6c9ea350f658 7.2/en/os/i386/kernel-headers-2.4.9-13.i386.rpm
866b59aab640cfa58b2aa9c9be90f624 7.2/en/os/i386/kernel-source-2.4.9-13.i386.rpm
de2da25e720aced27a1e7508d0f24b4b 7.2/en/os/i586/kernel-2.4.9-13.i586.rpm
de92c000f9a94d566abc05c1bfd5c81a 7.2/en/os/i586/kernel-smp-2.4.9-13.i586.rpm
44fcbb6aa0d54b74ad30c219692f0e63 7.2/en/os/i686/kernel-2.4.9-13.i686.rpm
c86f496432efc1bef1939b992ca6d3f4 7.2/en/os/i686/kernel-debug-2.4.9-13.i686.rpm
d898d5125d1067b822b647119613c3c3 7.2/en/os/i686/kernel-enterprise-2.4.9-13.i686.rpm
6f8cfc7fc6383ec7c7d7586c8f6b02f7 7.2/en/os/i686/kernel-smp-2.4.9-13.i686.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

http://cr.yp.to/syncookies.html


Copyright(c) 2000, 2001 Red Hat, Inc.

This announcement addresses several vulnerabilities in the linux
kernel:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : kernel
SUMMARY   : Several kernel vulnerabilities
DATE      : 2001-11-02 17:42:00
ID        : CLA-2001:432
RELEVANT
RELEASES  : 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0

- -------------------------------------------------------------------------

DESCRIPTION
 This announcement addresses several vulnerabilities in the linux
 kernel:
 
 1) Rafal Wojtczuk reported[1] two vulnerabilities[2][3] in the 2.2
 and 2.4 series of the linux kernel. The first vulnerability allows a
 local attacker to obtain root privileges. Working exploits have
 already been published.
 
 2) The second vulnerability reported by Rafal Wojtczuk allows a local
 user to execute a DoS attack by creating several deep symlinks. This
 will cause the kernel to spend almost an arbitrary amount of time on
 dereferencing a single symlink and prevent processes from running.
 
 3) Another vulnerability was discovered by Manfred Spraul and
 reported to Andi Kleen from SuSe. If syncookies are enabled and being
 sent by the kernel (during a synflood attack, for example), a remote
 attacker could initiate connections to ports protected by simple
 firewall rules such as the ones only filtering SYN packets. Because
 of the syncookies, the remote attacker doesn't have to send SYN
 packets to initiate the connection, only ACK ones, *but* with the
 correct magic cookie. In order to find the correct cookie, an
 attacker has to explore about 16 million values (2^24), which can be
 done in a few hours on a fast link.
 Use the following command to check if syncookies are enabled on your
 system:
 
 sysctl net.ipv4.tcp_syncookies
 
 A return value of "1" indicates that syncookies are enabled. To
 disable syncookies, execute the following as root:
 
 sysctl -w net.ipv4.tcp_syncookies=0
 
 On versions of the distribution that do not have the sysctl command,
 the following can be used to deactivate syncookies:
 
 echo 0 > /proc/sys/net/ipv4/tcp_syncookies
 
 And, to read the present value:
 
 cat /proc/sys/net/ipv4/tcp_syncookies
 
 The default for Conectiva Linux is to have the syncookies protection
 enabled at boot time. To change this behaviour, please edit the
 /etc/sysctl.conf file.
 
 The fix for the this vulnerability was provided by Andi Kleen with
 contributions from Dave Miller and Solar Designer. We would also like
 to thank Marcus Meissner for a good insight on the problem.
 The announcement of this vulnerability was coordinated with several
 other GNU/Linux distributions.
 
 4) Chris Wilson reported[4] a vulnerability[5] in the MAC filtering
 code of netfilter (kernel-2.4). An attacker could bypass MAC
 filtering rules by using fragmented packets.
 This vulnerability was also independently verified by Erick C.
 Jones[6] and Miklos Szeredi[7].
 
 This update also fixes a problem with the "aacraid" module, which can
 now be used with the Dell PowerEdge Expandable RAID Controller 3/Di.


SOLUTION
 All users should upgrade the kernel immediately.
 
 IMPORTANT: it is not possible to use apt to apply kernel updates.
 These packages have to be updated manually. Generic kernel update
 instructions can be found at
 http://distro.conectiva.com.br/atualizacoes/?idioma=en
 
 Kernel-2.2. users with Conectiva Linux 5.1, 6.0 or 7.0 should also
 upgrade the drbd package if it is being used. This upgrade can be
 made with apt as usual.
 
 
 REFERENCES
 1. http://www.securityfocus.com/archive/1/221337
 2. http://www.securityfocus.com/bid/3447 (ptrace)
 3. http://www.securityfocus.com/bid/3444 (symlink DoS)
 4.
 http://lists.samba.org/pipermail/netfilter-devel/2001-August/002050.html
 5. http://www.securityfocus.com/bid/3418 (MAC netfilter)
 6.
 http://lists.samba.org/pipermail/netfilter-devel/2001-August/002050.html
 7.
 http://lists.samba.org/pipermail/netfilter-devel/2001-September/002278.html


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/kernel-2.2.19-25U50_2cl.src.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-headers-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-smp-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-BOOT-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-ibcs-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-doc-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-source-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i586/kernel-smp-2.2.19-25U50_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.0/i586/kernel-2.2.19-25U50_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.0/i686/kernel-2.2.19-25U50_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.0/i686/kernel-smp-2.2.19-25U50_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.0/i686/kernel-enterprise-2.2.19-25U50_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/SRPMS/kernel-2.2.19-25U51_2cl.src.rpmftp://atualizacoes.conectiva.com.br/5.1/SRPMS/drbd-utils-0.5.8-1U51_1cl.src.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-smp-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-headers-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-source-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-ibcs-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-BOOT-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-doc-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i586/kernel-smp-2.2.19-25U51_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.1/i586/kernel-2.2.19-25U51_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.1/i686/kernel-smp-2.2.19-25U51_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/i686/kernel-enterprise-2.2.19-25U51_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/i686/kernel-2.2.19-25U51_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/drbd-utils-0.5.8-1U51_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/drbd-utils-heartbeat-0.5.8-1U51_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/SRPMS/kernel-2.2.19-25U60_2cl.src.rpmftp://atualizacoes.conectiva.com.br/6.0/SRPMS/drbd-utils-0.5.8-1U60_2cl.src.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-enterprise-2.2.19-25U60_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-smp-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-2.2.19-25U60_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-headers-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-smp-2.2.19-25U60_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-2.2.19-25U60_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-ibcs-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-BOOT-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-doc-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-smp-2.2.19-25U60_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-source-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/drbd-utils-0.5.8-1U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/drbd-utils-heartbeat-0.5.8-1U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/SRPMS/kernel-2.2.19-25U70_2cl.src.rpmftp://atualizacoes.conectiva.com.br/7.0/SRPMS/drbd-utils-0.5.8-1U70_2cl.src.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/drbd-utils-0.5.8-1U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/drbd-utils-heartbeat-0.5.8-1U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-ibcs-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-enterprise-2.2.19-25U70_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.2.19-25U70_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.2.19-25U70_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.2.19-25U70_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-source-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.2.19-25U70_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-headers-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-doc-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-BOOT-2.2.19-25U70_2cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE74vdI42jd0JmAcZARAmvlAKDBVNT/923NVIbVjv530aNW9dfcXwCgm+hi
vgrRrVHF42p0mkR/zDFGF8M=
=UMhb
-----END PGP SIGNATURE-----

ZDNet News (via Yahoo) reports that Aerie Networks has purchased Metricom’s $1 billion high-speed Ricochet wireless network. Aerie says it plans to restore some portions of Ricochet, likely in California and its home state of Colorado.

Posted at Linux Weekly News: “There are a number of new developments in the world of Midgard and they are
all pretty interesting. Nemein Solutions is moving to diversify its approach
to making a business based on Open Source technologies. The strength of
Nemein’s approach is important for all of us who need to justify using Open
Source in our work, especially for those who might want to look for
successful business models. On the software development front there is a new
FAQ system, the start of a new administrative system for Midgard and the
discussion of a new scripting interface for Midgard.”

BSD Today: “Most senior engineers understand the technical details about what it will take to move Linux or FreeBSD or NetBSD or OpenBSD to support enterprise computing environments. What we don’t often understand is what the actual competitive advantages of open source systems are, and what the open source communities need to do to help maintain these advantages.”