[vox] [Fwd: [RHSA-2003:172-00] Updated 2.4 kernel fixes security
vulnerabilities and various bugs]
ME
vox@lists.lugod.org
Wed, 14 May 2003 13:11:01 -0700 (PDT)
---------------------------- Original Message ----------------------------
Subject: [RHSA-2003:172-00] Updated 2.4 kernel fixes security
vulnerabilities and various bugs From: bugzilla@redhat.com
Date: Wed, May 14, 2003 11:51
To: redhat-watch-list@redhat.com
redhat-announce-list@redhat.com
--------------------------------------------------------------------------
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated 2.4 kernel fixes security vulnerabilities and
various bugs Advisory ID: RHSA-2003:172-00
Issue date: 2003-05-14
Updated on: 2003-05-14
Product: Red Hat Linux
Keywords: dos
Cross references: RHSA-2003-098 RHBA-2003-135
Obsoletes: RHSA-2003-098 RHBA-2003-135
CVE Names: CAN-2003-0244 CAN-2003-0246
---------------------------------------------------------------------
1. Topic:
Updated kernel packages that fix a remote denial of service vulnerability
in the TCP/IP stack, and a local privilege vulnerability, are now
available.
2. Relevant releases/architectures:
Red Hat Linux 7.1 - athlon, i386, i586, i686
Red Hat Linux 7.2 - athlon, i386, i586, i686
Red Hat Linux 7.3 - athlon, i386, i586, i686
Red Hat Linux 8.0 - athlon, i386, i586, i686
Red Hat Linux 9 - athlon, i386, i586, i686
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
A flaw has been found in several hash table implementations in the kernel
networking code. A remote attacker could send packets with carefully
chosen, forged source addresses in such a way as to make every routing
cache entry get hashed into the same hash chain. The result would be that
the kernel would use a disproportionate amount of processor time to deal
with new packets, resulting in a remote denial of service attack. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0244 to this issue.
A flaw has been found in the "ioperm" system call, which fails to properly
restrict privileges. This flaw can allow an unprivileged local user to
gain read and write access to I/O ports on the system. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0246 to this issue.
All users should upgrade to these updated packages, which are not
vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.
To install kernel packages manually, use "rpm -ivh <package>" and
modify system settings to boot the kernel you have installed. To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader, edit
/etc/lilo.conf and run lilo)
Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
89743 - usb-uhci Kernel freeze with one-shot interrupt transfers
81282 - No pcmcia devices found (HP OmniBook XT6050) after upgrade. 89686
- V.110 doesn't work with HFC_PCI cards.
89049 - ALi M5451 doesn't work
89732 - Installer hangs when loading aic7xxx module
89554 - Kernel needs dell inspiron 8500 support
88847 - Sound card AZT1008 not initialized by ad1848.o
86180 - orinoco_cs periodically drops connection with linksys wpc11v3
88550 - Acer 351tev fails loading trident.o module
88047 - /proc/<pid>/cmdline is empty
90276 - Some drivers are missing a copy_from_user() function call
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm
athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-13.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-13.8.athlon.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-13.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/oprofile-0.4-44.8.1.i386.rpm
i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-13.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-13.8.i586.rpm
i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-13.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-13.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-13.8.i686.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-13.9.src.rpm
athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-13.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-13.9.athlon.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-13.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-13.9.i386.rpm
i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-13.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-13.9.i586.rpm
i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-13.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-13.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-13.9.i686.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
d1799a2701cd94e64dd7217fd4d1e666
7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
1ed2234cddcf1a5eb18f8dd9abd2585b
7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
4ec891edbd9340da904fd6a8d1d98043
7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
02347832231e93183581c3dbb8e46c4a
7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm
49c156feaa21c6b847813f3a087b5ae3
7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
702f8a04e66fdfd8f41a4319fe604e0a
7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
36437fe4edf013dc89aa9d226f20fd01
7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
b5533475a0fd9b383f56945d64dea185
7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm
592733320530871511e9c5d636563533
7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
77316b8f05f6fd1e352679f56b9992f6
7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm
408d19fa437c5e452167f2c8c1f362ce
7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
24168061d6bffb12a1fc150eaea6b1b9
7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
d1799a2701cd94e64dd7217fd4d1e666
7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
1ed2234cddcf1a5eb18f8dd9abd2585b
7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
4ec891edbd9340da904fd6a8d1d98043
7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
02347832231e93183581c3dbb8e46c4a
7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm
49c156feaa21c6b847813f3a087b5ae3
7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
702f8a04e66fdfd8f41a4319fe604e0a
7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
36437fe4edf013dc89aa9d226f20fd01
7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
b5533475a0fd9b383f56945d64dea185
7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm
592733320530871511e9c5d636563533
7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
77316b8f05f6fd1e352679f56b9992f6
7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm
408d19fa437c5e452167f2c8c1f362ce
7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
24168061d6bffb12a1fc150eaea6b1b9
7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
d1799a2701cd94e64dd7217fd4d1e666
7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm
1ed2234cddcf1a5eb18f8dd9abd2585b
7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm
4ec891edbd9340da904fd6a8d1d98043
7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm
02347832231e93183581c3dbb8e46c4a
7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm
49c156feaa21c6b847813f3a087b5ae3
7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm
702f8a04e66fdfd8f41a4319fe604e0a
7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm
36437fe4edf013dc89aa9d226f20fd01
7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm
b5533475a0fd9b383f56945d64dea185
7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm
592733320530871511e9c5d636563533
7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm
77316b8f05f6fd1e352679f56b9992f6
7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm
408d19fa437c5e452167f2c8c1f362ce
7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm
24168061d6bffb12a1fc150eaea6b1b9
7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm
1eac6e546a88e479821b0c64fafd076c
8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm
5cdd690b2c0b8b275a4d048a95d8bf8b
8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm
20f2ec3996100d5c4b5a5cf609cbf96c
8.0/en/os/athlon/kernel-2.4.20-13.8.athlon.rpm
bcdbbbe42fee19a74d993c9eb0b5c2e0
8.0/en/os/athlon/kernel-smp-2.4.20-13.8.athlon.rpm
04a3edfdf82d73de6e58fcf2254b7fd4
8.0/en/os/i386/kernel-2.4.20-13.8.i386.rpm
cbc978d4e686f0e2f8d4bb91a527ee59
8.0/en/os/i386/kernel-BOOT-2.4.20-13.8.i386.rpm
7061fe2b7d9a9e04d7d799590871d2fc
8.0/en/os/i386/kernel-doc-2.4.20-13.8.i386.rpm
96429c0d8185bb1672ed3530877e9e9c
8.0/en/os/i386/kernel-source-2.4.20-13.8.i386.rpm
88440b86e921dce49f05b0c1a0344cc9
8.0/en/os/i386/oprofile-0.4-44.8.1.i386.rpm
be7d58a03d9a28db072b99c57fe80f0b
8.0/en/os/i586/kernel-2.4.20-13.8.i586.rpm
23fb8e7b7c895205314be4abd10b0474
8.0/en/os/i586/kernel-smp-2.4.20-13.8.i586.rpm
08584687dae702a02c9603fb95f5275c
8.0/en/os/i686/kernel-2.4.20-13.8.i686.rpm
d336ee0403d4d8ffccdbed5fd460693f
8.0/en/os/i686/kernel-bigmem-2.4.20-13.8.i686.rpm
f4f693c588d9519b26ec912e1e58419b
8.0/en/os/i686/kernel-smp-2.4.20-13.8.i686.rpm
5a39e35dfea5b4b79c8be444bf49dcc5 9/en/os/SRPMS/kernel-2.4.20-13.9.src.rpm
6b3e0a56fb8977818b0802f64a91dbb3
9/en/os/athlon/kernel-2.4.20-13.9.athlon.rpm
0460a0cc4bf91467fc3b26a979a8d658
9/en/os/athlon/kernel-smp-2.4.20-13.9.athlon.rpm
b46c026c49d52da7b9f971f4a8a13908 9/en/os/i386/kernel-2.4.20-13.9.i386.rpm
794415512835127e0a7c7a99e56aa986
9/en/os/i386/kernel-BOOT-2.4.20-13.9.i386.rpm
5a1e0fd284dc69896c25f8c31bea6513
9/en/os/i386/kernel-doc-2.4.20-13.9.i386.rpm
9367405b84ff5bb55cef17c879cf9ce0
9/en/os/i386/kernel-source-2.4.20-13.9.i386.rpm
c0957a0fe3c04594c9b5489877a7c570 9/en/os/i586/kernel-2.4.20-13.9.i586.rpm
6d9a641dadcc0abce2584f9f92f20552
9/en/os/i586/kernel-smp-2.4.20-13.9.i586.rpm
ac8410ce50e12268cc07e6dfb80a08f0 9/en/os/i686/kernel-2.4.20-13.9.i686.rpm
21ca6ca4b4d4aada6ce90dbb700145b3
9/en/os/i686/kernel-bigmem-2.4.20-13.9.i686.rpm
bac56b09e64cbe6befa0f134f9c7ab53
9/en/os/i686/kernel-smp-2.4.20-13.9.i686.rpm
These packages are GPG signed by Red Hat for security. Our key is
available at http://www.redhat.com/solutions/security/news/publickey/
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
8. References:
http://marc.theaimsgroup.com/?l=bk-commits-24&m=105217616607144&w=2
http://bugzilla.kernel.org/show_bug.cgi?id=703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246
9. Contact:
The Red Hat security contact is <security@redhat.com>. More contact
details at http://www.redhat.com/solutions/security/news/contact/
Copyright 2003 Red Hat, Inc.