Red Hat: kernel security vulnerabilities fix
Posted by Joe Shakespeare   
RedHat Linux Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerabilities
Advisory ID:       RHSA-2004:549-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-549.html
Issue date:        2004-12-02
Updated on:        2004-12-02
Product:           Red Hat Enterprise Linux
Keywords:          taroon kernel security errata AF_UNIX
Obsoletes:         RHBA-2004:433
CVE Names:         CAN-2004-0136 CAN-2004-0619 CAN-2004-0685 CAN-2004-0812 CAN-2004-0883 CAN-2004-0949 CAN-2004-1068
CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073
---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x,
x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues:

A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28.  A local user could potentially make
use of a race condition in order to gain privileges.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28.  A local user could use thse
flaws to gain read access to executable-only binaries or possibly gain
privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD AMD64
and Intel EM64T architecture kernels prior to 2.4.23.  A local user could
use this flaw to cause a denial of service (crash) or possibly gain
privileges.  (CAN-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function
in the Broadcom 5820 cryptonet driver.  On systems using this driver,
a local user could cause a denial of service (crash) or possibly gain
elevated privileges.  (CAN-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels prior to 2.4.28.  A local user may be
able to cause a denial of service (crash) or possibly gain privileges.
In order to exploit these flaws the user would require control of
a connected Samba server.  (CAN-2004-0883, CAN-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to
2.4.25 which could be triggered by a malformed binary.  On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash).  (CAN-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels
prior to 2.4.27 which used the copy_to_user function on uninitialized
structures.  These flaws could allow local users to read small amounts
of kernel memory.  (CAN-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

127258 - CAN-2004-0619 Broadcom 5820 integer overflow
127915 - CAN-2004-0136 Verify interpreter arch
127918 - CAN-2004-0685 usb sparse fixes in 2.4
133003 - CAN-2004-0812 User application with "out" instruction can crash the system
134720 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949)
134874 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)
134981 - CAN-2004-0136 Program crashes the kernel
140710 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517  kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9  kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a  kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5  kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

ppc64:
677ab689167f78686f91b88f36aa70a3  kernel-doc-2.4.21-20.0.1.EL.ppc64.rpm
2b0078cf957293819e11232b8d090b55  kernel-source-2.4.21-20.0.1.EL.ppc64.rpm

ppc64iseries:
b22a72441fa3b7ca93101e41f4bee003  kernel-2.4.21-20.0.1.EL.ppc64iseries.rpm
e8a2dd6770e48537a4606f5cb413a82e  kernel-unsupported-2.4.21-20.0.1.EL.ppc64iseries.rpm

ppc64pseries:
2f5724e8b26f64ac1a3b401a8ce4e55a  kernel-2.4.21-20.0.1.EL.ppc64pseries.rpm
ba54755ba36b7176270d807468232af7  kernel-unsupported-2.4.21-20.0.1.EL.ppc64pseries.rpm

s390:
2c69b4903f00b833dc6343fecb1cbc21  kernel-2.4.21-20.0.1.EL.s390.rpm
229cdd30ce01ff95e5c12660598631b3  kernel-doc-2.4.21-20.0.1.EL.s390.rpm
de76d738799e18613ff9d791e56453e9  kernel-source-2.4.21-20.0.1.EL.s390.rpm
4b75ed72fff3f4a4a6a0f05e23bdaeeb  kernel-unsupported-2.4.21-20.0.1.EL.s390.rpm

s390x:
e46dc77dc92833dea60ba5a03bf462f1  kernel-2.4.21-20.0.1.EL.s390x.rpm
d8ed930629a1292ac52eeb1a9bbd067f  kernel-doc-2.4.21-20.0.1.EL.s390x.rpm
585d443c6dd03e4ef290b637f5e7238c  kernel-source-2.4.21-20.0.1.EL.s390x.rpm
e1050dc296ba58c1b174fdf5ceb53be1  kernel-unsupported-2.4.21-20.0.1.EL.s390x.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517  kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9  kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a  kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5  kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517  kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9  kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a  kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5  kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.