LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: kernel security vulnerabilities update Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
RedHat Linux Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerabilities
Advisory ID:       RHSA-2004:689-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-689.html
Issue date:        2004-12-23
Updated on:        2004-12-23
Product:           Red Hat Enterprise Linux
Keywords:          taroon kernel security errata
Obsoletes:         RHBA-2004:550
CVE Names:         CAN-2004-0565 CAN-2004-1016 CAN-2004-1017 CAN-2004-1137 CAN-2004-1144 CAN-2004-1234
---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x,
x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the
Linux 2.4 kernel on the AMD64 architecture.  A local attacker could use
this flaw to gain privileges. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1144 to this issue.

ISEC security research discovered multiple vulnerabilities in the IGMP
functionality which was backported in the Red Hat Enterprise Linux 3
kernels.  These flaws could allow a local user to cause a denial of
service (crash) or potentially gain privileges.  Where multicast
applications are being used on a system, these flaws may also allow remote
users to cause a denial of service.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to
this issue.

ISEC security research and Georgi Guninski independantly discovered a flaw
in the scm_send function in the auxiliary message layer.  A local user
could create a carefully crafted auxiliary message which could cause a
denial of service (system hang).  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1016 to this issue.

A floating point information leak was discovered in the ia64 architecture
context switch code.  A local user could use this flaw to read register
values of other processes by setting the MFH bit. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0565 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to
2.4.26.  A local user could create a carefully crafted binary in such a
way that it would cause a denial of service (system crash).  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1234 to this issue.

These packages also fix issues in the io_edgeport driver, and a memory leak
in ip_options_get.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

124734 - CAN-2004-0565 Information leak on Linux/ia64
126126 - CAN-2004-0565 Information leak on Linux/ia64
142593 - CAN-2004-1017 io_edgeport driver overflows
142729 - CAN-2004-1016 CMSG validation checks
142733 - 20041208 ip_options_get memory leak
142748 - CAN-2004-1137 IGMP flaws
142964 - CAN-2004-1144 x86-64 privilege escalation
142965 - CAN-2004-1234 kernel denial of service vulnerability and exploit

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

ia64:
5d8f8152c6c9786cda4b12e75fe66221  kernel-2.4.21-27.0.1.EL.ia64.rpm
e3b551b4df18eadc40fe6ae7d0d0d013  kernel-doc-2.4.21-27.0.1.EL.ia64.rpm
f0ede4dc792c5cbbe3d80af6dd4bab07  kernel-source-2.4.21-27.0.1.EL.ia64.rpm
51fdf74adca231adebace8f019d8d920  kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm

ppc64:
9fad7bb5b55495ddee280d62de15b1dc  kernel-doc-2.4.21-27.0.1.EL.ppc64.rpm
c083c0b8df5ff034f269d8380e6dbad0  kernel-source-2.4.21-27.0.1.EL.ppc64.rpm

ppc64iseries:
bc4093dfba89bafa591eaa78ec5f6916  kernel-2.4.21-27.0.1.EL.ppc64iseries.rpm
abb1744cd91a84d40e7f5a016ead294c  kernel-unsupported-2.4.21-27.0.1.EL.ppc64iseries.rpm

ppc64pseries:
fc6f34a93f682a1273e0ec4375eb0998  kernel-2.4.21-27.0.1.EL.ppc64pseries.rpm
a39c1a6fa61b0295e0f5e3065b0812f6  kernel-unsupported-2.4.21-27.0.1.EL.ppc64pseries.rpm

s390:
30e5097e6dd66d5c21a99901882f7e9f  kernel-2.4.21-27.0.1.EL.s390.rpm
d481b85ea42c24a00736ea720ae48c39  kernel-doc-2.4.21-27.0.1.EL.s390.rpm
81c880f52af50c26f8a525e114b8b223  kernel-source-2.4.21-27.0.1.EL.s390.rpm
79fd1f5f22ad407138185018ee029750  kernel-unsupported-2.4.21-27.0.1.EL.s390.rpm

s390x:
dfcdfd9650c5a5012ade9ea3afb1c186  kernel-2.4.21-27.0.1.EL.s390x.rpm
66d37169facb8256fdf5f4658d11ac80  kernel-doc-2.4.21-27.0.1.EL.s390x.rpm
d3f921de093961d3badf8f1da21f4a82  kernel-source-2.4.21-27.0.1.EL.s390x.rpm
e7d85997309e95e1f778fd34a069d999  kernel-unsupported-2.4.21-27.0.1.EL.s390x.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

ia64:
5d8f8152c6c9786cda4b12e75fe66221  kernel-2.4.21-27.0.1.EL.ia64.rpm
e3b551b4df18eadc40fe6ae7d0d0d013  kernel-doc-2.4.21-27.0.1.EL.ia64.rpm
f0ede4dc792c5cbbe3d80af6dd4bab07  kernel-source-2.4.21-27.0.1.EL.ia64.rpm
51fdf74adca231adebace8f019d8d920  kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

ia64:
5d8f8152c6c9786cda4b12e75fe66221  kernel-2.4.21-27.0.1.EL.ia64.rpm
e3b551b4df18eadc40fe6ae7d0d0d013  kernel-doc-2.4.21-27.0.1.EL.ia64.rpm
f0ede4dc792c5cbbe3d80af6dd4bab07  kernel-source-2.4.21-27.0.1.EL.ia64.rpm
51fdf74adca231adebace8f019d8d920  kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.