LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: kernel security update Print E-mail
User Rating:      How can I rate this item?
Posted by Pax Dickinson   
RedHat Linux Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2006:0140-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0140.html
Issue date:        2006-01-19
Updated on:        2006-01-19
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2005:663
CVE Names:         CVE-2002-2185 CVE-2004-1057 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973
CVE-2005-3044 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- - a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast reports)
if the system is running multicast applications (CVE-2002-2185, moderate)

- - a flaw in remap_page_range() with O_DIRECT writes that allowed a local
user to cause a denial of service (crash)  (CVE-2004-1057, important)

- - a flaw in exec() handling on some 64-bit architectures that allowed
a local user to cause a denial of service (crash)  (CVE-2005-2708, important)

- - a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges 
(CVE-2005-2709, moderate)

- - a flaw in IPv6 network UDP port hash table lookups that allowed a local
user to cause a denial of service (hang)  (CVE-2005-2973, important)

- - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash)  (CVE-2005-3044, important)

- - a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data  (CVE-2005-3180, important)

- - a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash)  (CVE-2005-3275, important)

- - a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash)  (CVE-2005-3806, important)

- - a flaw in network ICMP processing that allowed a local user to cause
a denial of service (memory exhaustion)  (CVE-2005-3848, important)

- - a flaw in file lease time-out handling that allowed a local user to cause
a denial of service (log file overflow)  (CVE-2005-3857, moderate)

- - a flaw in network IPv6 xfrm handling that allowed a local user to
cause a denial of service (memory exhaustion)  (CVE-2005-3858, important)

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

137820 - CVE-2004-1057 VM_IO refcount issue
161925 - CVE-2005-2708 user code panics kernel in exec.c
168661 - CVE-2005-3044 lost fput could lead to DoS
168925 - CVE-2005-2709 More sysctl flaws
170278 - CVE-2005-3180 orinoco driver information leakage
170774 - CVE-2005-2973 ipv6 infinite loop
171386 - CVE-2005-3275 NAT DoS
174082 - CVE-2005-3806 ipv6 DOS
174338 - CVE-2005-3857 lease printk DoS
174344 - CVE-2005-3858 ip6_input_finish DoS
174347 - CVE-2005-3848 dst_entry leak DoS
174808 - CVE-2002-2185 IGMP DoS


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kerne...
8ac573fd7da76bdbb692608fd112c17e  kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe  kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54  kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9  kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564  kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8  kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e  kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3  kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a  kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd  kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e  kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090  kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260  kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755  kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

ia64:
08e68cea214530406cac348d2f9263f7  kernel-2.4.21-37.0.1.EL.ia64.rpm
8e64a87ef70d5f7dec65dbd4c6ff82c4  kernel-doc-2.4.21-37.0.1.EL.ia64.rpm
5d93447ebf637cb3ce59ed6a860f3913  kernel-source-2.4.21-37.0.1.EL.ia64.rpm
df5ef4f8aed639e36b1c306aa1818eb2  kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm

ppc:
a0cf3be5ad486a13a925b0e06730e8cd  kernel-2.4.21-37.0.1.EL.ppc64iseries.rpm
0e64cd084da06531c4e9b1d1b3ced207  kernel-2.4.21-37.0.1.EL.ppc64pseries.rpm
d21d3acee3e6cbcde9c62454336f5f5f  kernel-doc-2.4.21-37.0.1.EL.ppc64.rpm
8044137f4adbe9d0c93919af49839e01  kernel-source-2.4.21-37.0.1.EL.ppc64.rpm
1d19870581d879f9d0d4c9978091c6c3  kernel-unsupported-2.4.21-37.0.1.EL.ppc64iseries.rpm
a0250e2b0f9ac93a7c568e7389f53457  kernel-unsupported-2.4.21-37.0.1.EL.ppc64pseries.rpm

s390:
ca591a86b393f36885041d4a3cd82a53  kernel-2.4.21-37.0.1.EL.s390.rpm
3788cd512b7fa6b577e500a2ee4d1fef  kernel-doc-2.4.21-37.0.1.EL.s390.rpm
44beedbe1d9e82aed2f73d6f814ec653  kernel-source-2.4.21-37.0.1.EL.s390.rpm
7ced947293d4682682b067b61c387e7c  kernel-unsupported-2.4.21-37.0.1.EL.s390.rpm

s390x:
bacb4aab55a2166d2c9ea53a3512a646  kernel-2.4.21-37.0.1.EL.s390x.rpm
9cadb9c025c5d1c43c4b52bd7c3cdd62  kernel-doc-2.4.21-37.0.1.EL.s390x.rpm
dea19dae65c362aa5f811f32ee00763e  kernel-source-2.4.21-37.0.1.EL.s390x.rpm
f16374ee1d14e8002225d84ae462dba1  kernel-unsupported-2.4.21-37.0.1.EL.s390x.rpm

x86_64:
fa476998934d46e5549f181fe29691ac  kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255  kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677  kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456  kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5  kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469  kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739  kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502  kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/...
8ac573fd7da76bdbb692608fd112c17e  kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe  kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54  kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9  kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564  kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8  kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e  kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3  kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a  kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd  kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e  kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090  kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260  kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755  kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

x86_64:
fa476998934d46e5549f181fe29691ac  kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255  kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677  kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456  kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5  kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469  kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739  kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502  kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kerne...
8ac573fd7da76bdbb692608fd112c17e  kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe  kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54  kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9  kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564  kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8  kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e  kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3  kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a  kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd  kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e  kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090  kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260  kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755  kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

ia64:
08e68cea214530406cac348d2f9263f7  kernel-2.4.21-37.0.1.EL.ia64.rpm
8e64a87ef70d5f7dec65dbd4c6ff82c4  kernel-doc-2.4.21-37.0.1.EL.ia64.rpm
5d93447ebf637cb3ce59ed6a860f3913  kernel-source-2.4.21-37.0.1.EL.ia64.rpm
df5ef4f8aed639e36b1c306aa1818eb2  kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm

x86_64:
fa476998934d46e5549f181fe29691ac  kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255  kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677  kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456  kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5  kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469  kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739  kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502  kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kerne...
8ac573fd7da76bdbb692608fd112c17e  kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe  kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54  kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9  kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564  kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8  kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e  kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3  kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a  kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd  kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e  kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090  kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260  kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755  kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

ia64:
08e68cea214530406cac348d2f9263f7  kernel-2.4.21-37.0.1.EL.ia64.rpm
8e64a87ef70d5f7dec65dbd4c6ff82c4  kernel-doc-2.4.21-37.0.1.EL.ia64.rpm
5d93447ebf637cb3ce59ed6a860f3913  kernel-source-2.4.21-37.0.1.EL.ia64.rpm
df5ef4f8aed639e36b1c306aa1818eb2  kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm

x86_64:
fa476998934d46e5549f181fe29691ac  kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255  kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677  kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456  kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5  kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469  kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739  kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502  kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDz7vBXlSAg2UNWIIRAr2zAJ9CBtvW3d8n7U5/Sc1f4s4twEHfTACcDN+w
q9igH2/tHH+WYLqhm5aamTw=
=A3fb
-----END PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Apache Warns of Tomcat Remote Code Execution Vulnerability
Cloud security: We're asking the wrong questions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.