---------------------------------------------------------------------Fedora Security Update Notification
FEDORA-2003-026
2003-12-02
---------------------------------------------------------------------Name        : kernel
Version     : 2.4.22                      
Release     : 1.2129.nptl                  
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Red Hat Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

---------------------------------------------------------------------The kernel shipped with Fedora Core 1 was vulnerable to a bug in the
error return on a concurrent fork() with threaded exit() which could be
exploited by a user level program to crash the kernel.

In addition to this bug fix, the changelog below details various
other non security fixes that have been added.


* Mon Dec 01 2003 Dave Jones <davej@RedHat.com>

- sys_tgkill wasn't enabled on IA32.

* Sun Nov 30 2003 Dave Jones <davej@RedHat.com>

- Process scheduler fix.
  When doing sync wakeups we must not skip the notification of other cpus if
  the task is not on this runqueue.

* Wed Nov 26 2003 Justin M. Forbes <64bit_fedora@comcast.net>

- Merge required ia32 syscalls for AMD64
- [f]truncate64 for 32bit code fix

* Mon Nov 24 2003 Dave Jones <davej@RedHat.com>

- Fix power-off on shutdown with ACPI.
- Add missing part of recent cmpci fix
- Drop CONFIG_NR_CPUS patch which was problematic.
- Fold futex-fix into main futex patch.
- Fix TG3 tqueue initialisation.
- Various NPTL fixes.

* Fri Nov 14 2003 Dave Jones <davej@RedHat.com>

- Drop netfilter change which proved to be bad upstream.

* Thu Nov 13 2003 Justin M. Forbes <64bit_fedora@comcast.net>

- Fix NForce3 DMA and ATA133 on AMD64

* Wed Nov 12 2003 Dave Jones <davej@RedHat.com>

- Fix syscall definitions on AMD64

* Tue Nov 11 2003 Dave Jones <davej@RedHat.com>

- Fix Intel 440GX Interrupt routing.
- Fix waitqueue leak in cmpci driver.

* Mon Nov 10 2003 Dave Jones <davej@RedHat.com>

- Kill noisy warnings in the DRM modules.
- Merge munged upstream x86-64.org patch for various AMD64 fixes.

* Mon Nov 03 2003 Dave Jones <davej@RedHat.com>

- Further cleanups related to AMD64 build.

* Fri Oct 31 2003 Dave Jones <davej@RedHat.com>

- Make AMD64 build.


---------------------------------------------------------------------This update can be downloaded from:
    

b2ca2e65c14ba3a32bbae6b11e368033  SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm
30c673e9bd3470d2323fad69ba064a59  i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm
ea3ca9fce1003aa1c03396501fe8e8e4  i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm
90bbab66acb77dbfe6e2ae91fca5f4c8  i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm
a9ebdfdfd8d19a72decf1b8d5549996b  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm
d088887cfc2894539051ec7708ef7c9e  i386/kernel-2.4.22-1.2129.nptl.i586.rpm
43edf191d8dd0713964ee922e85179a4  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm
ee7850054d3f2b3f72a7d262a398ad87  i386/kernel-2.4.22-1.2129.nptl.i686.rpm
a023b71cda6252a168c69a05e894e988  i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm
7c23798f7d4d3852cf395a23169e99df  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm
a81da54e2c360f336e35135b5b3fedb9  i386/kernel-2.4.22-1.2129.nptl.athlon.rpm
230fedc801524652681a23cfd6aad8a4  i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm
7f461087fa103bef89c14057413e0c1d  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--fedora-announce-list mailing list
fedora-announce-list@RedHat.com 
fedora-announce-list Info Page

Fedora: Kernel crash vulnerability

December 3, 2003
The kernel shipped with Fedora Core 1 was vulnerable to a bug in theerror return on a concurrent fork() with threaded exit() which could beexploited by a user level program to cras...

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of your

Red Hat Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

error return on a concurrent fork() with threaded exit() which could be

exploited by a user level program to crash the kernel.

In addition to this bug fix, the changelog below details various

other non security fixes that have been added.

* Mon Dec 01 2003 Dave Jones <davej@RedHat.com>

- sys_tgkill wasn't enabled on IA32.

* Sun Nov 30 2003 Dave Jones <davej@RedHat.com>

- Process scheduler fix.

When doing sync wakeups we must not skip the notification of other cpus if

the task is not on this runqueue.

* Wed Nov 26 2003 Justin M. Forbes <64bit_fedora@comcast.net>

- Merge required ia32 syscalls for AMD64

- [f]truncate64 for 32bit code fix

* Mon Nov 24 2003 Dave Jones <davej@RedHat.com>

- Fix power-off on shutdown with ACPI.

- Add missing part of recent cmpci fix

- Drop CONFIG_NR_CPUS patch which was problematic.

- Fold futex-fix into main futex patch.

- Fix TG3 tqueue initialisation.

- Various NPTL fixes.

* Fri Nov 14 2003 Dave Jones <davej@RedHat.com>

- Drop netfilter change which proved to be bad upstream.

* Thu Nov 13 2003 Justin M. Forbes <64bit_fedora@comcast.net>

- Fix NForce3 DMA and ATA133 on AMD64

* Wed Nov 12 2003 Dave Jones <davej@RedHat.com>

- Fix syscall definitions on AMD64

* Tue Nov 11 2003 Dave Jones <davej@RedHat.com>

- Fix Intel 440GX Interrupt routing.

- Fix waitqueue leak in cmpci driver.

* Mon Nov 10 2003 Dave Jones <davej@RedHat.com>

- Kill noisy warnings in the DRM modules.

- Merge munged upstream x86-64.org patch for various AMD64 fixes.

* Mon Nov 03 2003 Dave Jones <davej@RedHat.com>

- Further cleanups related to AMD64 build.

* Fri Oct 31 2003 Dave Jones <davej@RedHat.com>

- Make AMD64 build.

b2ca2e65c14ba3a32bbae6b11e368033 SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm

30c673e9bd3470d2323fad69ba064a59 i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm

ea3ca9fce1003aa1c03396501fe8e8e4 i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm

90bbab66acb77dbfe6e2ae91fca5f4c8 i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm

a9ebdfdfd8d19a72decf1b8d5549996b i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm

d088887cfc2894539051ec7708ef7c9e i386/kernel-2.4.22-1.2129.nptl.i586.rpm

43edf191d8dd0713964ee922e85179a4 i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm

ee7850054d3f2b3f72a7d262a398ad87 i386/kernel-2.4.22-1.2129.nptl.i686.rpm

a023b71cda6252a168c69a05e894e988 i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm

7c23798f7d4d3852cf395a23169e99df i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm

a81da54e2c360f336e35135b5b3fedb9 i386/kernel-2.4.22-1.2129.nptl.athlon.rpm

230fedc801524652681a23cfd6aad8a4 i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm

7f461087fa103bef89c14057413e0c1d i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--fedora-announce-list mailing list

fedora-announce-list@RedHat.com

fedora-announce-list Info Page

FEDORA-2003-026 2003-12-02 Version : 2.4.22 Release : 1.2129.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. error return on a concurrent fork() with threaded exit() which could be exploited by a user level program to crash the kernel. In addition to this bug fix, the changelog below details various other non security fixes that have been added. * Mon Dec 01 2003 Dave Jones <davej@RedHat.com> - sys_tgkill wasn't enabled on IA32. * Sun Nov 30 2003 Dave Jones <davej@RedHat.com> - Process scheduler fix. When doing sync wakeups we must not skip the notification of other cpus if the task is not on this runqueue. * Wed Nov 26 2003 Justin M. Forbes <64bit_fedora@comcast.net> - Merge required ia32 syscalls for AMD64 - [f]truncate64 for 32bit code fix * Mon Nov 24 2003 Dave Jones <davej@RedHat.com> - Fix power-off on shutdown with ACPI. - Add missing part of recent cmpci fix - Drop CONFIG_NR_CPUS patch which was problematic. - Fold futex-fix into main futex patch. - Fix TG3 tqueue initialisation. - Various NPTL fixes. * Fri Nov 14 2003 Dave Jones <davej@RedHat.com> - Drop netfilter change which proved to be bad upstream. * Thu Nov 13 2003 Justin M. Forbes <64bit_fedora@comcast.net> - Fix NForce3 DMA and ATA133 on AMD64 * Wed Nov 12 2003 Dave Jones <davej@RedHat.com> - Fix syscall definitions on AMD64 * Tue Nov 11 2003 Dave Jones <davej@RedHat.com> - Fix Intel 440GX Interrupt routing. - Fix waitqueue leak in cmpci driver. * Mon Nov 10 2003 Dave Jones <davej@RedHat.com> - Kill noisy warnings in the DRM modules. - Merge munged upstream x86-64.org patch for various AMD64 fixes. * Mon Nov 03 2003 Dave Jones <davej@RedHat.com> - Further cleanups related to AMD64 build. * Fri Oct 31 2003 Dave Jones <davej@RedHat.com> - Make AMD64 build. b2ca2e65c14ba3a32bbae6b11e368033 SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm 30c673e9bd3470d2323fad69ba064a59 i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm ea3ca9fce1003aa1c03396501fe8e8e4 i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm 90bbab66acb77dbfe6e2ae91fca5f4c8 i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm a9ebdfdfd8d19a72decf1b8d5549996b i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm d088887cfc2894539051ec7708ef7c9e i386/kernel-2.4.22-1.2129.nptl.i586.rpm 43edf191d8dd0713964ee922e85179a4 i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm ee7850054d3f2b3f72a7d262a398ad87 i386/kernel-2.4.22-1.2129.nptl.i686.rpm a023b71cda6252a168c69a05e894e988 i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm 7c23798f7d4d3852cf395a23169e99df i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm a81da54e2c360f336e35135b5b3fedb9 i386/kernel-2.4.22-1.2129.nptl.athlon.rpm 230fedc801524652681a23cfd6aad8a4 i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm 7f461087fa103bef89c14057413e0c1d i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --fedora-announce-list mailing list fedora-announce-list@RedHat.com fedora-announce-list Info Page

Change Log

References

Update Instructions

Severity
Version : 2.4.22
Release : 1.2129.nptl
Summary : The Linux kernel (the core of the Linux operating system)

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved