Adsons

    Fedora: Kernel crash vulnerability

    Date03 Dec 2003
    CategoryFedora
    4221
    Posted ByLinuxSecurity Advisories
    The kernel shipped with Fedora Core 1 was vulnerable to a bug in theerror return on a concurrent fork() with threaded exit() which could beexploited by a user level program to crash the kernel.
    
    ---------------------------------------------------------------------
    Fedora Security Update Notification
    FEDORA-2003-026
    2003-12-02
    ---------------------------------------------------------------------
    
    Name        : kernel
    Version     : 2.4.22                      
    Release     : 1.2129.nptl                  
    Summary     : The Linux kernel (the core of the Linux operating system)
    Description :
    The kernel package contains the Linux kernel (vmlinuz), the core of your
    Red Hat Linux operating system.  The kernel handles the basic functions
    of the operating system:  memory allocation, process allocation, device
    input and output, etc.
    
    ---------------------------------------------------------------------
    
    The kernel shipped with Fedora Core 1 was vulnerable to a bug in the
    error return on a concurrent fork() with threaded exit() which could be
    exploited by a user level program to crash the kernel.
    
    In addition to this bug fix, the changelog below details various
    other non security fixes that have been added.
    
    
    * Mon Dec 01 2003 Dave Jones <davej@Red Hat.com>
    
    - sys_tgkill wasn't enabled on IA32.
    
    * Sun Nov 30 2003 Dave Jones <davej@Red Hat.com>
    
    - Process scheduler fix.
      When doing sync wakeups we must not skip the notification of other cpus if
      the task is not on this runqueue.
    
    * Wed Nov 26 2003 Justin M. Forbes <64bit_This email address is being protected from spambots. You need JavaScript enabled to view it.>
    
    - Merge required ia32 syscalls for AMD64
    - [f]truncate64 for 32bit code fix
    
    * Mon Nov 24 2003 Dave Jones <davej@Red Hat.com>
    
    - Fix power-off on shutdown with ACPI.
    - Add missing part of recent cmpci fix
    - Drop CONFIG_NR_CPUS patch which was problematic.
    - Fold futex-fix into main futex patch.
    - Fix TG3 tqueue initialisation.
    - Various NPTL fixes.
    
    * Fri Nov 14 2003 Dave Jones <davej@Red Hat.com>
    
    - Drop netfilter change which proved to be bad upstream.
    
    * Thu Nov 13 2003 Justin M. Forbes <64bit_This email address is being protected from spambots. You need JavaScript enabled to view it.>
    
    - Fix NForce3 DMA and ATA133 on AMD64
    
    * Wed Nov 12 2003 Dave Jones <davej@Red Hat.com>
    
    - Fix syscall definitions on AMD64
    
    * Tue Nov 11 2003 Dave Jones <davej@Red Hat.com>
    
    - Fix Intel 440GX Interrupt routing.
    - Fix waitqueue leak in cmpci driver.
    
    * Mon Nov 10 2003 Dave Jones <davej@Red Hat.com>
    
    - Kill noisy warnings in the DRM modules.
    - Merge munged upstream x86-64.org patch for various AMD64 fixes.
    
    * Mon Nov 03 2003 Dave Jones <davej@Red Hat.com>
    
    - Further cleanups related to AMD64 build.
    
    * Fri Oct 31 2003 Dave Jones <davej@Red Hat.com>
    
    - Make AMD64 build.
    
    
    ---------------------------------------------------------------------
    This update can be downloaded from:
       http://download.fedora.Red Hat.com/pub/fedora/linux/core/updates/1/
    
    b2ca2e65c14ba3a32bbae6b11e368033  SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm
    30c673e9bd3470d2323fad69ba064a59  i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm
    ea3ca9fce1003aa1c03396501fe8e8e4  i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm
    90bbab66acb77dbfe6e2ae91fca5f4c8  i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm
    a9ebdfdfd8d19a72decf1b8d5549996b  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm
    d088887cfc2894539051ec7708ef7c9e  i386/kernel-2.4.22-1.2129.nptl.i586.rpm
    43edf191d8dd0713964ee922e85179a4  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm
    ee7850054d3f2b3f72a7d262a398ad87  i386/kernel-2.4.22-1.2129.nptl.i686.rpm
    a023b71cda6252a168c69a05e894e988  i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm
    7c23798f7d4d3852cf395a23169e99df  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm
    a81da54e2c360f336e35135b5b3fedb9  i386/kernel-2.4.22-1.2129.nptl.athlon.rpm
    230fedc801524652681a23cfd6aad8a4  i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm
    7f461087fa103bef89c14057413e0c1d  i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm
    
    This update can also be installed with the Update Agent; you can
    launch the Update Agent with the 'up2date' command.
    ---------------------------------------------------------------------
    
    
    --
    fedora-announce-list mailing list
    fedora-announce-list@Red Hat.com 
    http://www.Red Hat.com/mailman/listinfo/fedora-announce-list
    
    

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories