
CORE 2:

Fedora Update Notification
FEDORA-2004-205
2004-07-02
---------------------------------------------------------------------
 
Product     : Fedora Core 2
Name        : kernel
Version     : 2.6.6
Release     : 1.435.2.3
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

During an audit of the Linux kernel, SUSE discovered a flaw in the
Linux kernel that inappropriately allows an unprivileged user to
change the group ID of a file to his/her own group ID.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0497 to this issue.

All Fedora Core 2 users are advised to upgrade their kernels to the
packages associated with their machine architectures and configurations
as listed in this erratum. 

---------------------------------------------------------------------
 
* Thu Jul 01 2004 Dave Jones <davej@redhat.com>
- add patch to fix missing checks in fchown() (CAN-2004-0497)
 
 
---------------------------------------------------------------------
This update can be downloaded from:
    
 
ddb4b34b166112b6e18278b99f3dec39  SRPMS/kernel-2.6.6-1.435.2.3.src.rpm
933427443d19a7d9a06020f500b00443  x86_64/kernel-2.6.6-1.435.2.3.x86_64.rpm
fc63711e46f8494a52a77feabe3e9a8e  x86_64/kernel-smp-2.6.6-1.435.2.3.x86_64.rpm
416741877a35c576231262c00bb38b50  x86_64/debug/kernel-debuginfo-2.6.6-1.435.2.3.x86_64.rpm
7d37a1595ea57de4d61291b0a9081c2a  x86_64/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm
2e3849f67606f46eab33997ddbb6bbc2  x86_64/kernel-doc-2.6.6-1.435.2.3.noarch.rpm
4a9951a38513fc1eff4c05265d8e3f2f  i386/kernel-2.6.6-1.435.2.3.i586.rpm
0dbf523ec3892249f85e81084745325e  i386/kernel-smp-2.6.6-1.435.2.3.i586.rpm
4e7a159a18c17b1beef9147b5ced1732  i386/debug/kernel-debuginfo-2.6.6-1.435.2.3.i586.rpm
afa75cdde85075350eff4c4abbb528fd  i386/kernel-2.6.6-1.435.2.3.i686.rpm
8d85acd78585ae949db729e9df4de6d2  i386/kernel-smp-2.6.6-1.435.2.3.i686.rpm
85d35e6e392dd34ca0af5fe695c43278  i386/debug/kernel-debuginfo-2.6.6-1.435.2.3.i686.rpm
7d37a1595ea57de4d61291b0a9081c2a  i386/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm
2e3849f67606f46eab33997ddbb6bbc2  i386/kernel-doc-2.6.6-1.435.2.3.noarch.rpm
 
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
CORE 1:

Fedora Update Notification
FEDORA-2004-206
2004-07-02
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : kernel
Version     : 2.4.22                      
Release     : 1.2197.nptl                  
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

During an audit of the Linux kernel, SUSE discovered a flaw that allowed
a user to make unauthorized changes to the group ID of files in certain
circumstances. In the 2.4 kernel, as shipped with Fedora Core 1,
the only way this could happen is through the kernel nfs server.
A user on a system that mounted a remote file system from a vulnerable
machine may be able to make unauthorized changes to the group ID of
exported files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0497 to this issue.
Only Fedora Core 1 systems that are configured to share
file systems via NFS are affected by this issue.

Additionally, a number of issues were discovered with the
Broadcom 5820 driver.  Until such time that these get fixed,
this driver has been disabled.

All Fedora Core 1 users are advised to upgrade their kernels
to the packages associated with their machine architectures
and configurations as listed in this erratum. 

---------------------------------------------------------------------

* Thu Jul 01 2004 Dave Jones <davej@redhat.com>
- add patch to fix missing checks in fchown() (CAN-2004-0497)
- Drop Broadcom 5820 driver due to code quality concerns.

---------------------------------------------------------------------
This update can be downloaded from:
    

9d303e5e6bda698672e3d9274630f86b  SRPMS/kernel-2.4.22-1.2197.nptl.src.rpm
aa17fd9d6bf88cb20355eb45855c7026  x86_64/kernel-2.4.22-1.2197.nptl.x86_64.rpm
6f42217560a8c5718c5040c95470c7a8  x86_64/kernel-source-2.4.22-1.2197.nptl.x86_64.rpm
e19d0db68e3e15de06fa4c252f72950d  x86_64/kernel-doc-2.4.22-1.2197.nptl.x86_64.rpm
98dc01524f331c576bbb436480e4a8d3  x86_64/kernel-smp-2.4.22-1.2197.nptl.x86_64.rpm
84b55d061f75b21e5b837e0d211c23a9  x86_64/debug/kernel-debuginfo-2.4.22-1.2197.nptl.x86_64.rpm
d8f4bdcd2a5aef5e60f7714bff05dcf8  i386/kernel-source-2.4.22-1.2197.nptl.i386.rpm
98a44c401959987426881aae30566dc2  i386/kernel-doc-2.4.22-1.2197.nptl.i386.rpm
da2e94a04b59edaa454947399cf889bf  i386/kernel-BOOT-2.4.22-1.2197.nptl.i386.rpm
c3c750518bf104dcb178e792e2927161  i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i386.rpm
48d8221d15eb2b2d09d13ecb3847bad5  i386/kernel-2.4.22-1.2197.nptl.i586.rpm
b857ebaa612ad48573ae9ee7c667f0fa  i386/kernel-smp-2.4.22-1.2197.nptl.i586.rpm
40499e136cdfbe4d58451daa39a81bab  i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i586.rpm
431d3550413295808eefeffcd793ad52  i386/kernel-2.4.22-1.2197.nptl.i686.rpm
99d9da265e66d15741afcd1f44f98c54  i386/kernel-smp-2.4.22-1.2197.nptl.i686.rpm
81f8631fbb8f822f129b3d14d53d8a38  i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i686.rpm
26cc9efb9f0ff9049e57c911488ec6ec  i386/kernel-2.4.22-1.2197.nptl.athlon.rpm
a6a63f1a26335dc6fa409b65f17dae0e  i386/kernel-smp-2.4.22-1.2197.nptl.athlon.rpm
841fe8ee4aac6a664512e558fca7f857  i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: 2,1: kernel Privilege change vulnerability

July 2, 2004

During an audit of the Linux kernel, SUSE discovered a flaw in the Linux kernel that inappropriately allows an unprivileged user to change the group ID of a file to his/her own gro...

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of any

Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

During an audit of the Linux kernel, SUSE discovered a flaw in the

Linux kernel that inappropriately allows an unprivileged user to

change the group ID of a file to his/her own group ID.

The Common Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name CAN-2004-0497 to this issue.

All Fedora Core 2 users are advised to upgrade their kernels to the

packages associated with their machine architectures and configurations

as listed in this erratum.

* Thu Jul 01 2004 Dave Jones <davej@redhat.com>

- add patch to fix missing checks in fchown() (CAN-2004-0497)

This update can be downloaded from:

ddb4b34b166112b6e18278b99f3dec39 SRPMS/kernel-2.6.6-1.435.2.3.src.rpm

933427443d19a7d9a06020f500b00443 x86_64/kernel-2.6.6-1.435.2.3.x86_64.rpm

fc63711e46f8494a52a77feabe3e9a8e x86_64/kernel-smp-2.6.6-1.435.2.3.x86_64.rpm

416741877a35c576231262c00bb38b50 x86_64/debug/kernel-debuginfo-2.6.6-1.435.2.3.x86_64.rpm

7d37a1595ea57de4d61291b0a9081c2a x86_64/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm

2e3849f67606f46eab33997ddbb6bbc2 x86_64/kernel-doc-2.6.6-1.435.2.3.noarch.rpm

4a9951a38513fc1eff4c05265d8e3f2f i386/kernel-2.6.6-1.435.2.3.i586.rpm

0dbf523ec3892249f85e81084745325e i386/kernel-smp-2.6.6-1.435.2.3.i586.rpm

4e7a159a18c17b1beef9147b5ced1732 i386/debug/kernel-debuginfo-2.6.6-1.435.2.3.i586.rpm

afa75cdde85075350eff4c4abbb528fd i386/kernel-2.6.6-1.435.2.3.i686.rpm

8d85acd78585ae949db729e9df4de6d2 i386/kernel-smp-2.6.6-1.435.2.3.i686.rpm

85d35e6e392dd34ca0af5fe695c43278 i386/debug/kernel-debuginfo-2.6.6-1.435.2.3.i686.rpm

7d37a1595ea57de4d61291b0a9081c2a i386/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm

2e3849f67606f46eab33997ddbb6bbc2 i386/kernel-doc-2.6.6-1.435.2.3.noarch.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

CORE 1:

Fedora Update Notification

FEDORA-2004-206

2004-07-02

The kernel package contains the Linux kernel (vmlinuz), the core of your

Fedora Core Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

During an audit of the Linux kernel, SUSE discovered a flaw that allowed

a user to make unauthorized changes to the group ID of files in certain

circumstances. In the 2.4 kernel, as shipped with Fedora Core 1,

the only way this could happen is through the kernel nfs server.

A user on a system that mounted a remote file system from a vulnerable

machine may be able to make unauthorized changes to the group ID of

exported files. The Common Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name CAN-2004-0497 to this issue.

Only Fedora Core 1 systems that are configured to share

file systems via NFS are affected by this issue.

Additionally, a number of issues were discovered with the

Broadcom 5820 driver. Until such time that these get fixed,

this driver has been disabled.

All Fedora Core 1 users are advised to upgrade their kernels

to the packages associated with their machine architectures

and configurations as listed in this erratum.

* Thu Jul 01 2004 Dave Jones <davej@redhat.com>

- add patch to fix missing checks in fchown() (CAN-2004-0497)

- Drop Broadcom 5820 driver due to code quality concerns.

This update can be downloaded from:

9d303e5e6bda698672e3d9274630f86b SRPMS/kernel-2.4.22-1.2197.nptl.src.rpm

aa17fd9d6bf88cb20355eb45855c7026 x86_64/kernel-2.4.22-1.2197.nptl.x86_64.rpm

6f42217560a8c5718c5040c95470c7a8 x86_64/kernel-source-2.4.22-1.2197.nptl.x86_64.rpm

e19d0db68e3e15de06fa4c252f72950d x86_64/kernel-doc-2.4.22-1.2197.nptl.x86_64.rpm

98dc01524f331c576bbb436480e4a8d3 x86_64/kernel-smp-2.4.22-1.2197.nptl.x86_64.rpm

84b55d061f75b21e5b837e0d211c23a9 x86_64/debug/kernel-debuginfo-2.4.22-1.2197.nptl.x86_64.rpm

d8f4bdcd2a5aef5e60f7714bff05dcf8 i386/kernel-source-2.4.22-1.2197.nptl.i386.rpm

98a44c401959987426881aae30566dc2 i386/kernel-doc-2.4.22-1.2197.nptl.i386.rpm

da2e94a04b59edaa454947399cf889bf i386/kernel-BOOT-2.4.22-1.2197.nptl.i386.rpm

c3c750518bf104dcb178e792e2927161 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i386.rpm

48d8221d15eb2b2d09d13ecb3847bad5 i386/kernel-2.4.22-1.2197.nptl.i586.rpm

b857ebaa612ad48573ae9ee7c667f0fa i386/kernel-smp-2.4.22-1.2197.nptl.i586.rpm

40499e136cdfbe4d58451daa39a81bab i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i586.rpm

431d3550413295808eefeffcd793ad52 i386/kernel-2.4.22-1.2197.nptl.i686.rpm

99d9da265e66d15741afcd1f44f98c54 i386/kernel-smp-2.4.22-1.2197.nptl.i686.rpm

81f8631fbb8f822f129b3d14d53d8a38 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i686.rpm

26cc9efb9f0ff9049e57c911488ec6ec i386/kernel-2.4.22-1.2197.nptl.athlon.rpm

a6a63f1a26335dc6fa409b65f17dae0e i386/kernel-smp-2.4.22-1.2197.nptl.athlon.rpm

841fe8ee4aac6a664512e558fca7f857 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

CORE 2: Fedora Update Notification FEDORA-2004-205 2004-07-02 Product : Fedora Core 2 Name : kernel Version : 2.6.6 Release : 1.435.2.3 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. During an audit of the Linux kernel, SUSE discovered a flaw in the Linux kernel that inappropriately allows an unprivileged user to change the group ID of a file to his/her own group ID. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0497 to this issue. All Fedora Core 2 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. * Thu Jul 01 2004 Dave Jones <davej@redhat.com> - add patch to fix missing checks in fchown() (CAN-2004-0497) This update can be downloaded from: ddb4b34b166112b6e18278b99f3dec39 SRPMS/kernel-2.6.6-1.435.2.3.src.rpm 933427443d19a7d9a06020f500b00443 x86_64/kernel-2.6.6-1.435.2.3.x86_64.rpm fc63711e46f8494a52a77feabe3e9a8e x86_64/kernel-smp-2.6.6-1.435.2.3.x86_64.rpm 416741877a35c576231262c00bb38b50 x86_64/debug/kernel-debuginfo-2.6.6-1.435.2.3.x86_64.rpm 7d37a1595ea57de4d61291b0a9081c2a x86_64/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm 2e3849f67606f46eab33997ddbb6bbc2 x86_64/kernel-doc-2.6.6-1.435.2.3.noarch.rpm 4a9951a38513fc1eff4c05265d8e3f2f i386/kernel-2.6.6-1.435.2.3.i586.rpm 0dbf523ec3892249f85e81084745325e i386/kernel-smp-2.6.6-1.435.2.3.i586.rpm 4e7a159a18c17b1beef9147b5ced1732 i386/debug/kernel-debuginfo-2.6.6-1.435.2.3.i586.rpm afa75cdde85075350eff4c4abbb528fd i386/kernel-2.6.6-1.435.2.3.i686.rpm 8d85acd78585ae949db729e9df4de6d2 i386/kernel-smp-2.6.6-1.435.2.3.i686.rpm 85d35e6e392dd34ca0af5fe695c43278 i386/debug/kernel-debuginfo-2.6.6-1.435.2.3.i686.rpm 7d37a1595ea57de4d61291b0a9081c2a i386/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm 2e3849f67606f46eab33997ddbb6bbc2 i386/kernel-doc-2.6.6-1.435.2.3.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- CORE 1: Fedora Update Notification FEDORA-2004-206 2004-07-02 Product : Fedora Core 1 Name : kernel Version : 2.4.22 Release : 1.2197.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances. In the 2.4 kernel, as shipped with Fedora Core 1, the only way this could happen is through the kernel nfs server. A user on a system that mounted a remote file system from a vulnerable machine may be able to make unauthorized changes to the group ID of exported files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0497 to this issue. Only Fedora Core 1 systems that are configured to share file systems via NFS are affected by this issue. Additionally, a number of issues were discovered with the Broadcom 5820 driver. Until such time that these get fixed, this driver has been disabled. All Fedora Core 1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. * Thu Jul 01 2004 Dave Jones <davej@redhat.com> - add patch to fix missing checks in fchown() (CAN-2004-0497) - Drop Broadcom 5820 driver due to code quality concerns. This update can be downloaded from: 9d303e5e6bda698672e3d9274630f86b SRPMS/kernel-2.4.22-1.2197.nptl.src.rpm aa17fd9d6bf88cb20355eb45855c7026 x86_64/kernel-2.4.22-1.2197.nptl.x86_64.rpm 6f42217560a8c5718c5040c95470c7a8 x86_64/kernel-source-2.4.22-1.2197.nptl.x86_64.rpm e19d0db68e3e15de06fa4c252f72950d x86_64/kernel-doc-2.4.22-1.2197.nptl.x86_64.rpm 98dc01524f331c576bbb436480e4a8d3 x86_64/kernel-smp-2.4.22-1.2197.nptl.x86_64.rpm 84b55d061f75b21e5b837e0d211c23a9 x86_64/debug/kernel-debuginfo-2.4.22-1.2197.nptl.x86_64.rpm d8f4bdcd2a5aef5e60f7714bff05dcf8 i386/kernel-source-2.4.22-1.2197.nptl.i386.rpm 98a44c401959987426881aae30566dc2 i386/kernel-doc-2.4.22-1.2197.nptl.i386.rpm da2e94a04b59edaa454947399cf889bf i386/kernel-BOOT-2.4.22-1.2197.nptl.i386.rpm c3c750518bf104dcb178e792e2927161 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i386.rpm 48d8221d15eb2b2d09d13ecb3847bad5 i386/kernel-2.4.22-1.2197.nptl.i586.rpm b857ebaa612ad48573ae9ee7c667f0fa i386/kernel-smp-2.4.22-1.2197.nptl.i586.rpm 40499e136cdfbe4d58451daa39a81bab i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i586.rpm 431d3550413295808eefeffcd793ad52 i386/kernel-2.4.22-1.2197.nptl.i686.rpm 99d9da265e66d15741afcd1f44f98c54 i386/kernel-smp-2.4.22-1.2197.nptl.i686.rpm 81f8631fbb8f822f129b3d14d53d8a38 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i686.rpm 26cc9efb9f0ff9049e57c911488ec6ec i386/kernel-2.4.22-1.2197.nptl.athlon.rpm a6a63f1a26335dc6fa409b65f17dae0e i386/kernel-smp-2.4.22-1.2197.nptl.athlon.rpm 841fe8ee4aac6a664512e558fca7f857 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.athlon.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.