Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

CentOS: 2021-045 Critical: User Space Buffer Overflow Issues

fedora
Calendar Grey August 11, 2004
Dist Fedora Esm H88
Regional non-privileged accounts may leverage severe kernel vulnerabilities for unauthorized memory retrieval; updates for Red Hat 9 are now accessible.
A local unprivileged user could make use of these flaws to access large portions of kernel memory.

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of your

Fedora Core Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

Paul Starzetz discovered flaws in the Linux kernel when handling file offset

pointers. These consist of invalid conversions of 64 to 32-bit file offset

pointers and possible race conditions. A local unprivileged user could make

use of these flaws to access large portions of kernel memory. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name

CAN-2004-0415 to this issue.

These packages contain a patch written by Al Viro to correct these flaws.

Red Hat would like to thank iSEC Security Research for disclosing this issue

and a number of vendor-sec participants for reviewing and working on the

patch to this issue.

Additionally, a number of issues were fixed in the USB serial code.

References:

isec

* Wed Aug 04 2004 Dave Jones <davej@redhat.com>

- Fix various fpos races. (CAN-2004-0415)

* Wed Jul 07 2004 Dave Jones <davej@redhat.com>

- Updates to usbserial post_helper (Pete Zaitcev)

This update can be downloaded from:

990abbc3a23ceb0dad35dcf86a9f22bd SRPMS/kernel-2.4.22-1.2199.nptl.src.rpm

09a7dc7a6acc6dd91b5c5870fc0c2215 x86_64/kernel-2.4.22-1.2199.nptl.x86_64.rpm

3ddc71af11ce37ef2e45a24e82e2b3e9 x86_64/kernel-source-2.4.22-1.2199.nptl.x86_64.rpm

4c25c4633ea124cb13c983c4426aeb2c x86_64/kernel-doc-2.4.22-1.2199.nptl.x86_64.rpm

e60c0a0d1974f55a1c6d391f277ac811 x86_64/kernel-smp-2.4.22-1.2199.nptl.x86_64.rpm

b5e8570da6b93c2778c007b5252a2cab x86_64/debug/kernel-debuginfo-2.4.22-1.2199.nptl.x86_64.rpm

0235c05043346ac36fe34e7aa6d7981e i386/kernel-source-2.4.22-1.2199.nptl.i386.rpm

4761cf2c7322ec44fa6fa177ac17a075 i386/kernel-doc-2.4.22-1.2199.nptl.i386.rpm

51784ae484de03f848ae9036100f3c3b i386/kernel-BOOT-2.4.22-1.2199.nptl.i386.rpm

fd796c7a0a4b8d95c4b4970b66ff24ab i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i386.rpm

ae0865018027dd9805e1c6ed31d2ad5c i386/kernel-2.4.22-1.2199.nptl.i586.rpm

5b87410e6d21d49ffd9007b7c495e094 i386/kernel-smp-2.4.22-1.2199.nptl.i586.rpm

75cf98521b45187a13fce4fa2246181e i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i586.rpm

37382d2ff7beb3873032270e290c8bd0 i386/kernel-2.4.22-1.2199.nptl.i686.rpm

e1d1d064c83af617d57018f820e52e92 i386/kernel-smp-2.4.22-1.2199.nptl.i686.rpm

e87f2192c4ccb72a82ae6042b203fcf0 i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i686.rpm

3ab11ad24807b682f375a640c9040688 i386/kernel-2.4.22-1.2199.nptl.athlon.rpm

d1d18eab4c48cd0e5857dd8775344d49 i386/kernel-smp-2.4.22-1.2199.nptl.athlon.rpm

5068d9d87ab03dff7a9a1b14ce35cfaf i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

Topics%20covered

Topics Covered

security advisory critical Fedora memory access kernel flaw

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora Core 1
Name: kernel
Version: 2.4.22
Release: 1.2199.nptl
Summary: The Linux kernel (the core of the Linux operating system)

Topics%20covered

Topics Covered

security advisory critical Fedora memory access kernel flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here