---------------------------------------------------------------------
Fedora Legacy Update AdvisorySynopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:2336
Issue date: 2005-02-24
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2336
CVE Names: CAN-2004-0177 CAN-2004-0685 CAN-2004-0814
CAN-2004-0883 CAN-2004-0949 CAN-2004-1016
CAN-2004-1017 CAN-2004-1056 CAN-2004-1068
CAN-2004-1070 CAN-2004-1071 CAN-2004-1072
CAN-2004-1073 CAN-2004-1074 CAN-2004-1137
CAN-2004-1234 CAN-2004-1235 CAN-2005-0001
---------------------------------------------------------------------
--------------------------------------------------------------------- 1. Topic:
Updated kernel packages that fix several security issues are now available.
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386
The ext3 code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue.
Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685)
Multiple race conditions in the terminal layer could allow local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread. This could also allow remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. (CAN-2004-0814)
Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949)
ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). (CAN-2004-1016)
Multiple overflows were discovered and corrected in the io_edgeport driver. (CAN-2004-1017)
The Direct Rendering Manager (DRM) driver does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. (CAN-2004-1056)
A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CAN-2004-1068)
Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, CAN-2004-1074)
ISEC security research discovered multiple vulnerabilities in the IGMP functionality of the kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. (CAN-2004-1137)
Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). (CAN-2004-1234)
iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. (CAN-2004-1235)
iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. (CAN-2005-0001)
All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above.
SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm
i586: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm
i686: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm
athlon: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm
i586: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm
i686: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm
athlon: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm
i586: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm
i686: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm
athlon: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
SHA1 sum Package Name ---------------------------------------------------------------------
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001
The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org
Attachment:
signature.asc
Description: OpenPGP digital signature