LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 'kernel' Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux A security vunlerability in the Linux CIPE (VPN tunnel) implementation hasbeen fixed.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated 2.4 kernel available
Advisory ID:       RHSA-2002:007-16
Issue date:        2002-01-09
Updated on:        2002-01-22
Product:           Red Hat Linux
Keywords:          cipe icmp
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

A security vunlerability  in the Linux CIPE (VPN tunnel) implementation has
been fixed.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - alpha, alphaev6, athlon, i386, i586, i686, ia64

Red Hat Linux 7.2 - athlon, i386, i586, i686, ia64

3. Problem description:

Larry McVoy has discovered a problem in the CIPE (VPN tunnel)
implementation, where a malformed packet could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-0047 to this issue.

Andrew Griffiths has discovered a vulnerability that allows remote machines
to read random memory using a bug in the Linux ICMP implementation.
However, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after
version 2.2.18 have this bug fixed. All Red Hat Linux 2.4 kernels have this
fix are not vulnerable to this bug.

It is recommended that users running older 2.2 kernels on Red Hat Linux 6.2
or 7 upgrade to the latest available errata kernel, which includes a fix
for this problem.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0046 to this issue.

A patch for recent 2.4 kernels is circulating to fix the bug in the Linux
ICMP implementation. Red Hat, Inc. recommends not using this patch since it
actually breaks the kernel ICMP implementation and since Red Hat Linux 2.4
kernels are not vulnerable to the bug.

In addition to the CIPE security fix, several other bugs were fixed, and
some drivers were updated:

* For Red Hat Linux 7.1: DRM/DRI (3D support) for the XFree86 erratum
  RHEA-2002:010
* New aacraid driver rewritten by Alan Cox
* New DAC960 driver
* Additional Qlogic 2200 driver 
* LM_Sensors driver upgrade

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied. Red Hat Linux 7.1 users should
update the packages in the XFree86 Erratum (RHEA-2002:010).

The procedure for upgrading the kernel is documented at:
 
http://www.Red Hat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network.  Many
people find this to be an easier way to apply updates.  To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

55476 - Kernel 2.4.9-7 crashes Dell PE2500 with aacraid on startup
55605 - kernel 2.4.9-7 constantly outputs messages to syslog about clock timer
54855 - i810 audio problem after up2date4d kernel 2.4.9-6

6. RPMs required:

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/kernel-2.4.9-21.src.rpm 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/modutils-2.4.10-1.src.rpm 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/tux-2.2.0-1.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.1/en/os/alpha/kernel-2.4.9-21.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/kernel-smp-2.4.9-21.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/kernel-source-2.4.9-21.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/kernel-BOOT-2.4.9-21.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/kernel-headers-2.4.9-21.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/kernel-doc-2.4.9-21.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/modutils-2.4.10-1.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/tux-2.2.0-1.alpha.rpm

athlon: 
ftp://updates.Red Hat.com/7.1/en/os/athlon/kernel-2.4.9-21.athlon.rpm 
ftp://updates.Red Hat.com/7.1/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-source-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-headers-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-doc-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/modutils-2.4.10-1.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/tux-2.2.0-1.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.1/en/os/i586/kernel-2.4.9-21.i586.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i586/kernel-smp-2.4.9-21.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-2.4.9-21.i686.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-smp-2.4.9-21.i686.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-debug-2.4.9-21.i686.rpm

ia64: 
ftp://updates.Red Hat.com/7.1/en/os/ia64/kernel-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/modutils-2.4.10-1.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/tux-2.2.0-1.ia64.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/kernel-2.4.9-21.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/modutils-2.4.10-1.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/tux-2.2.0-1.src.rpm

athlon: 
ftp://updates.Red Hat.com/7.2/en/os/athlon/kernel-2.4.9-21.athlon.rpm 
ftp://updates.Red Hat.com/7.2/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-source-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-headers-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-doc-2.4.9-21.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/modutils-2.4.10-1.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/tux-2.2.0-1.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.2/en/os/i586/kernel-2.4.9-21.i586.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i586/kernel-smp-2.4.9-21.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-2.4.9-21.i686.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-smp-2.4.9-21.i686.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-debug-2.4.9-21.i686.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/kernel-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/tux-2.2.0-1.ia64.rpm


7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
c98c533651ad7ddf1953291c6b86e24d 7.1/en/os/SRPMS/kernel-2.4.9-21.src.rpm
bce506e9913f952f74ecb1cc4f5e0d14 7.1/en/os/SRPMS/modutils-2.4.10-1.src.rpm
0fc99d749b73ce672ce314097fa75680 7.1/en/os/SRPMS/tux-2.2.0-1.src.rpm
e968e639383c1c6ac5f81cac4ef23282 7.1/en/os/alpha/kernel-2.4.9-21.alpha.rpm
963d4f2f6b7aba6a872cddef8ea98a0a 7.1/en/os/alpha/kernel-BOOT-2.4.9-21.alpha.rpm
56cdcbcdfb7986b8925320e5c6147894 7.1/en/os/alpha/kernel-doc-2.4.9-21.alpha.rpm
76e4da4321e4fc73bf71cad185d7c74c 7.1/en/os/alpha/kernel-headers-2.4.9-21.alpha.rpm
23e236f018b86d66c7d6a0e703d8741b 7.1/en/os/alpha/kernel-smp-2.4.9-21.alpha.rpm
b0b96c30d406279778e17f2425564182 7.1/en/os/alpha/kernel-source-2.4.9-21.alpha.rpm
34b7a78b5a0f91f8b476448532c6ca01 7.1/en/os/alpha/modutils-2.4.10-1.alpha.rpm
be01c0f774210275c54158b30ce241a5 7.1/en/os/alpha/tux-2.2.0-1.alpha.rpm
3ca1396e73f1d5f105fdc70577c1ad5b 7.1/en/os/athlon/kernel-2.4.9-21.athlon.rpm
98c26aa144875e66ad7a24d715fffc3c 7.1/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm
071131740198219c636b8927f8f88457 7.1/en/os/i386/kernel-2.4.9-21.i386.rpm
36d81ca909ec13711442a7ced06c5954 7.1/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm
13389781e18047d555a0e65ae0e1e53b 7.1/en/os/i386/kernel-doc-2.4.9-21.i386.rpm
6e02167e35be2a1234419dc04d285c8d 7.1/en/os/i386/kernel-headers-2.4.9-21.i386.rpm
b1d7f572f45b208f1c9dc4983bf51cc7 7.1/en/os/i386/kernel-source-2.4.9-21.i386.rpm
62512921c8a9704642ace9972f2bcb32 7.1/en/os/i386/modutils-2.4.10-1.i386.rpm
b071d20ef0474a1e4ca5ec65b333796f 7.1/en/os/i386/tux-2.2.0-1.i386.rpm
243e4c5fa57a8002046bf24de2e1ffd2 7.1/en/os/i586/kernel-2.4.9-21.i586.rpm
2510b6f2059f2790d9528cdd63e92f95 7.1/en/os/i586/kernel-smp-2.4.9-21.i586.rpm
deb1513ff79d1d40dde059cf1e3142db 7.1/en/os/i686/kernel-2.4.9-21.i686.rpm
9b0033255956ed2be1c6878dfd84c472 7.1/en/os/i686/kernel-debug-2.4.9-21.i686.rpm
2881b02642d6244d36fe7baaa4954c45 7.1/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm
eaaac60d828e3954c6f2018cc7dfb2d6 7.1/en/os/i686/kernel-smp-2.4.9-21.i686.rpm
d4b7d97af57ead842eb82c2b81e8c395 7.1/en/os/ia64/kernel-2.4.9-21.ia64.rpm
be80ab57387b969df0b046893a991735 7.1/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm
55a98e22cb5ac68e1f35a971206ef30c 7.1/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm
4724141890684670cf7d636eedecda3f 7.1/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm
3931d07ace606c7772f0aa68f1a7026c 7.1/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm
747b4ec0ea09f49b2cd1f1bea75f2b26 7.1/en/os/ia64/modutils-2.4.10-1.ia64.rpm
0115dc46812b1aa8404b753815f18186 7.1/en/os/ia64/tux-2.2.0-1.ia64.rpm
c98c533651ad7ddf1953291c6b86e24d 7.2/en/os/SRPMS/kernel-2.4.9-21.src.rpm
bce506e9913f952f74ecb1cc4f5e0d14 7.2/en/os/SRPMS/modutils-2.4.10-1.src.rpm
0fc99d749b73ce672ce314097fa75680 7.2/en/os/SRPMS/tux-2.2.0-1.src.rpm
3ca1396e73f1d5f105fdc70577c1ad5b 7.2/en/os/athlon/kernel-2.4.9-21.athlon.rpm
98c26aa144875e66ad7a24d715fffc3c 7.2/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm
071131740198219c636b8927f8f88457 7.2/en/os/i386/kernel-2.4.9-21.i386.rpm
36d81ca909ec13711442a7ced06c5954 7.2/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm
13389781e18047d555a0e65ae0e1e53b 7.2/en/os/i386/kernel-doc-2.4.9-21.i386.rpm
6e02167e35be2a1234419dc04d285c8d 7.2/en/os/i386/kernel-headers-2.4.9-21.i386.rpm
b1d7f572f45b208f1c9dc4983bf51cc7 7.2/en/os/i386/kernel-source-2.4.9-21.i386.rpm
62512921c8a9704642ace9972f2bcb32 7.2/en/os/i386/modutils-2.4.10-1.i386.rpm
b071d20ef0474a1e4ca5ec65b333796f 7.2/en/os/i386/tux-2.2.0-1.i386.rpm
243e4c5fa57a8002046bf24de2e1ffd2 7.2/en/os/i586/kernel-2.4.9-21.i586.rpm
2510b6f2059f2790d9528cdd63e92f95 7.2/en/os/i586/kernel-smp-2.4.9-21.i586.rpm
deb1513ff79d1d40dde059cf1e3142db 7.2/en/os/i686/kernel-2.4.9-21.i686.rpm
9b0033255956ed2be1c6878dfd84c472 7.2/en/os/i686/kernel-debug-2.4.9-21.i686.rpm
2881b02642d6244d36fe7baaa4954c45 7.2/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm
eaaac60d828e3954c6f2018cc7dfb2d6 7.2/en/os/i686/kernel-smp-2.4.9-21.i686.rpm
d4b7d97af57ead842eb82c2b81e8c395 7.2/en/os/ia64/kernel-2.4.9-21.ia64.rpm
be80ab57387b969df0b046893a991735 7.2/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm
55a98e22cb5ac68e1f35a971206ef30c 7.2/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm
4724141890684670cf7d636eedecda3f 7.2/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm
3931d07ace606c7772f0aa68f1a7026c 7.2/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm
0115dc46812b1aa8404b753815f18186 7.2/en/os/ia64/tux-2.2.0-1.ia64.rpm 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://www.securityfocus.com/archive/1/251418   
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.





 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.