| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
---------------------------------------------------------------------
Fedora Legacy Update AdvisorySynopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:2336
Issue date: 2005-02-24
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2336
CVE Names: CAN-2004-0177 CAN-2004-0685 CAN-2004-0814
CAN-2004-0883 CAN-2004-0949 CAN-2004-1016
CAN-2004-1017 CAN-2004-1056 CAN-2004-1068
CAN-2004-1070 CAN-2004-1071 CAN-2004-1072
CAN-2004-1073 CAN-2004-1074 CAN-2004-1137
CAN-2004-1234 CAN-2004-1235 CAN-2005-0001
---------------------------------------------------------------------
--------------------------------------------------------------------- 1. Topic:
Updated kernel packages that fix several security issues are now available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386
3. Problem description:
This update includes fixes for several security issues:
The ext3 code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue.
Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685)
Multiple race conditions in the terminal layer could allow local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread. This could also allow remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. (CAN-2004-0814)
Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949)
ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). (CAN-2004-1016)
Multiple overflows were discovered and corrected in the io_edgeport driver. (CAN-2004-1017)
The Direct Rendering Manager (DRM) driver does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. (CAN-2004-1056)
A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CAN-2004-1068)
Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, CAN-2004-1074)
ISEC security research discovered multiple vulnerabilities in the IGMP functionality of the kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. (CAN-2004-1137)
Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). (CAN-2004-1234)
iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. (CAN-2004-1235)
iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. (CAN-2005-0001)
All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above.
5. Bug IDs fixed:
http://bugzilla.fedora.us - bug #2336 - Kernel bugs
6. RPMs required:
Red Hat Linux 7.3:
SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm
i586: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm
i686: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm
athlon: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm
i586: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm
i686: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm
athlon: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm
i586: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm
i686: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm
athlon: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
7. Verification:
SHA1 sum Package Name ---------------------------------------------------------------------
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001
9. Contact:
The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- Fedora-legacy-announce mailing list Fedora-legacy-announce@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-announce
[Home] [Kernel] [Fedora Legacy] [PAM] [Fedora Desktop] [Red Hat Development] [Red Hat 9 Bible] [Red Hat 9 Mailing] [Big List of Linux Books] [Gimp] [Yosemite News]