` 

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated 2.4 kernel fixes USB storage
Advisory ID:       RHSA-2003:135-00
Issue date:        2003-04-08
Updated on:        2003-04-08
Product:           Red Hat Linux
Keywords:          ptrace usb storage cdrom bind netdump
Cross references:  RHSA-2003-098
Obsoletes:         
CVE Names:         CAN-2003-0127
---------------------------------------------------------------------

1. Topic:

Updated kernel packages for Red Hat Linux 9 are now available. 
The kernel package version 2.4.20-6 has a security hole in ptrace.
Using USB CD-ROMs on some ServerWorks systems can hang older versions
of the kernel.

2. Relevant releases/architectures:

Red Hat Linux 9 - athlon, i386, i586, i686

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

A vulnerability in ptrace handling has been found in version 2.4.20-6
of the kernel. This vulnerability makes it possible for local users to
gain elevated (root) privileges without authorization. This vulnerability
is fixed in kernel-2.4.20-8 and kernel-2.4.20-9.

Please note this vulnerability only affects Red Hat Linux 9 boxed sets
manufactured for distribution within the United States. The part numbers,
which can be found on the bottom flap of the box, are RHF0120US and
RHF0121US. Copies of Red Hat Linux 9 obtained through other means (such as
from Red Hat Network, FTP, or international boxed sets) already contain
kernel-2.4.20-8 and are therefore not vulnerable to this issue. 

An NPTL support defect in the kernel causes bind not to restart on
uniprocessor systems; this bug has been fixed in kernel-2.4.20-9.

USB mass storage devices (in particular, USB CD-ROMs) and the ohci driver
sometimes causes system hangs; this defect has been fixed.

Additionally, support for the tg3, e100, and e1000 drivers has been added.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.  Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh " and
modify system settings to boot the kernel you have installed.  To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader,
edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system.  You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. RPMs required:

Red Hat Linux 9:

SRPMS: 
 

athlon: 
  
 

i386: 
  
  
 

i586: 
 

i686: 
  
  
 



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
907a4a6ccd687be8cdb4c38b66d10e67 9/en/os/SRPMS/kernel-2.4.20-9.src.rpm
3cf6f66ef44bd670cacf4768b20f503c 9/en/os/athlon/kernel-2.4.20-9.athlon.rpm
984d637b03b999ec8d09d778acc06c04 9/en/os/athlon/kernel-smp-2.4.20-9.athlon.rpm
18d0088eae5b5f2daf2f3a955f0812e3 9/en/os/i386/kernel-BOOT-2.4.20-9.i386.rpm
b987cbd4bbec07a65ca882e8276f7d96 9/en/os/i386/kernel-doc-2.4.20-9.i386.rpm
153b636ac64f7f52e62f1fba47b0ccf7 9/en/os/i386/kernel-source-2.4.20-9.i386.rpm
7aed26e3c4393f433255e3aa4d0bb409 9/en/os/i586/kernel-2.4.20-9.i586.rpm
c78a4bb56e6acf96375ebb4a646f6826 9/en/os/i686/kernel-2.4.20-9.i686.rpm
0b9ce410c8a3e7639b8a2e82a53abf0e 9/en/os/i686/kernel-bigmem-2.4.20-9.i686.rpm
3ad01acbf3504ef601518e0489d5ce3f 9/en/os/i686/kernel-smp-2.4.20-9.i686.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available at  All Red Hat products

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:
 
CVE -CVE-2003-0127

8. Contact:

The Red Hat security contact is <security@RedHat.com>.  More contact
details at  All Red Hat products

Copyright 2003 Red Hat, Inc.



_______________________________________________
Red Hat-watch-list mailing list
To unsubscribe, visit: https://listman.RedHat.com/mailman/listinfo/RedHat-watch-list
`

RedHat: kernel 2.4 ptrace vulnerability

The kernel package version 2.4.20-6 has a security hole in ptrace

Summary



Summary

The Linux kernel handles the basic functions of the operating system.A vulnerability in ptrace handling has been found in version 2.4.20-6of the kernel. This vulnerability makes it possible for local users togain elevated (root) privileges without authorization. This vulnerabilityis fixed in kernel-2.4.20-8 and kernel-2.4.20-9.Please note this vulnerability only affects Red Hat Linux 9 boxed setsmanufactured for distribution within the United States. The part numbers,which can be found on the bottom flap of the box, are RHF0120US andRHF0121US. Copies of Red Hat Linux 9 obtained through other means (such asfrom Red Hat Network, FTP, or international boxed sets) already containkernel-2.4.20-8 and are therefore not vulnerable to this issue. An NPTL support defect in the kernel causes bind not to restart onuniprocessor systems; this bug has been fixed in kernel-2.4.20-9.USB mass storage devices (in particular, USB CD-ROMs) and the ohci driversometimes causes system hangs; this defect has been fixed.Additionally, support for the tg3, e100, and e1000 drivers has been added.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
To use Red Hat Network to upgrade the kernel, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly if you are using the default configuration of up2date.
To install kernel packages manually, use "rpm -ivh " and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)
Do not use "rpm -Uvh" as that will remove your running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.
5. RPMs required:
Red Hat Linux 9:
SRPMS:

athlon:


i386:



i586:

i686:





6. Verification:
MD5 sum Package Name 907a4a6ccd687be8cdb4c38b66d10e67 9/en/os/SRPMS/kernel-2.4.20-9.src.rpm 3cf6f66ef44bd670cacf4768b20f503c 9/en/os/athlon/kernel-2.4.20-9.athlon.rpm 984d637b03b999ec8d09d778acc06c04 9/en/os/athlon/kernel-smp-2.4.20-9.athlon.rpm 18d0088eae5b5f2daf2f3a955f0812e3 9/en/os/i386/kernel-BOOT-2.4.20-9.i386.rpm b987cbd4bbec07a65ca882e8276f7d96 9/en/os/i386/kernel-doc-2.4.20-9.i386.rpm 153b636ac64f7f52e62f1fba47b0ccf7 9/en/os/i386/kernel-source-2.4.20-9.i386.rpm 7aed26e3c4393f433255e3aa4d0bb409 9/en/os/i586/kernel-2.4.20-9.i586.rpm c78a4bb56e6acf96375ebb4a646f6826 9/en/os/i686/kernel-2.4.20-9.i686.rpm 0b9ce410c8a3e7639b8a2e82a53abf0e 9/en/os/i686/kernel-bigmem-2.4.20-9.i686.rpm 3ad01acbf3504ef601518e0489d5ce3f 9/en/os/i686/kernel-smp-2.4.20-9.i686.rpm

These packages are GPG signed by Red Hat for security. Our key is available at All Red Hat products
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
md5sum

References

CVE -CVE-2003-0127

Package List


Severity
Advisory ID: RHSA-2003:135-00
Issued Date: : 2003-04-08
Updated on: 2003-04-08
Product: Red Hat Linux
Keywords: ptrace usb storage cdrom bind netdump
Cross references: RHSA-2003-098
Obsoletes:
CVE Names: CAN-2003-0127

Topic


Topic

Updated kernel packages for Red Hat Linux 9 are now available.

The kernel package version 2.4.20-6 has a security hole in ptrace.

Using USB CD-ROMs on some ServerWorks systems can hang older versions

of the kernel.


 

Relevant Releases Architectures

Red Hat Linux 9 - athlon, i386, i586, i686


Bugs Fixed


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved