LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Red Hat alert RHSA-2003:368-01 (kernel)



From:
    	      bugzilla@redhat.com


To:
    	      enterprise-watch-list@redhat.com


Subject:
    	      [RHSA-2003:368-01] Updated IA64 kernel packages address security vulnerabilities, bugfixes


Date:
    	      Fri, 19 Dec 2003 15:37 -0500



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated IA64 kernel packages address security vulnerabilities, bugfixes
Advisory ID:       RHSA-2003:368-01
Issue date:        2003-12-19
Updated on:        2003-12-19
Product:           Red Hat Enterprise Linux
Keywords:          
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0476 CAN-2003-0961
- ---------------------------------------------------------------------

1. Topic:

Updated kernel packages that address several security vulnerabilites, fix a
number of bugs, and update various drivers are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64
Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

A flaw in bounds checking in the do_brk() function in the Linux kernel
versions 2.4.22 and previous can allow a local attacker to gain root
privileges. This issue is known to be exploitable; an exploit (for x86
architectures) has been seen in the wild that takes advantage of this
vulnerability. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0961 to this issue.

The execve system call in Linux 2.4.x records the file descriptor of the
executable process in the file table of the calling process, which allows
local users to gain read access to restricted file descriptors.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0476 to this issue.

A hangcheck timer (which is used to detect system hangs or pauses) has been
added.

In addition, a number of drivers have been updated:

- - e1000 5.2.20-k1
- - cmpci 5.64
- - aic7xxx 6.2.36
- - aic79xx 1.3.10
- - ips 6.10.52
- - cciss 2.4.50
- - fusion 2.05.05+

All users of IA64 systems should upgrade to these errata packages, which
contain patches to the 2.4.18 kernel addressing these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

107718 - lstat() claim files owned by users with uid>64k are owned by nfsnobody
106872 - RHEL 2.1 U3:  Exposure of the EFI System Table pointers in a flat file (IPF)
101616 - RHELAS 2.1 Q3U IPF: Lazy FPH handling bug on IPF
96962 - ENSURE THAT HANGCHECK TIMER IS THERE IN THE IA64 TREE
87047 - raidstop --all option failing
106450 - Requesting updated acenic.o driver
106692 - RHEL 2.1 U3: Increase tx_queue_len parameter to 1000
90321 - fix /proc/$PID/cmdline issue
97690 - QU3 - IPF - export kernel symbol brw_kvec_async
71514 - Infinite recursion in SCSI mid layer

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.18-e.40.src.rpm

ia64:
Available from Red Hat Network: kernel-2.4.18-e.40.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.18-e.40.ia64.rpm
Available from Red Hat Network: kernel-doc-2.4.18-e.40.ia64.rpm
Available from Red Hat Network: kernel-smp-2.4.18-e.40.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.18-e.40.src.rpm

ia64:
Available from Red Hat Network: kernel-2.4.18-e.40.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.18-e.40.ia64.rpm
Available from Red Hat Network: kernel-doc-2.4.18-e.40.ia64.rpm
Available from Red Hat Network: kernel-smp-2.4.18-e.40.ia64.rpm



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
5f182b5ee8bb4dea7c164792d60b18d6 2.1AS/en/os/SRPMS/kernel-2.4.18-e.40.src.rpm
5f1e9ada466e179f15c80f2d4787e3ce 2.1AS/en/os/ia64/kernel-2.4.18-e.40.ia64.rpm
92121880b8845b2f6ecb77784fb678f0 2.1AS/en/os/ia64/kernel-doc-2.4.18-e.40.ia64.rpm
9d630592bb08275ea0740b05c9d9335f 2.1AS/en/os/ia64/kernel-smp-2.4.18-e.40.ia64.rpm
d6291014595cf191e8aa11390ac33fe8 2.1AS/en/os/ia64/kernel-source-2.4.18-e.40.ia64.rpm
5f182b5ee8bb4dea7c164792d60b18d6 2.1AW/en/os/SRPMS/kernel-2.4.18-e.40.src.rpm
5f1e9ada466e179f15c80f2d4787e3ce 2.1AW/en/os/ia64/kernel-2.4.18-e.40.ia64.rpm
92121880b8845b2f6ecb77784fb678f0 2.1AW/en/os/ia64/kernel-doc-2.4.18-e.40.ia64.rpm
9d630592bb08275ea0740b05c9d9335f 2.1AW/en/os/ia64/kernel-smp-2.4.18-e.40.ia64.rpm
d6291014595cf191e8aa11390ac33fe8 2.1AW/en/os/ia64/kernel-source-2.4.18-e.40.ia64.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961

9. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/42GHXlSAg2UNWIIRApoaAJ4uku7CCtvw9gLs/YNFLjIHyvsT/ACgq64A
13mjqnKPnCqYZubhJWTz3DU=
=Vb/J
-----END PGP SIGNATURE-----

-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds