Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Red Hat Linux 9: RHSA-2003:135-00 Critical: Ptrace Privilege Escalation

red hat
Calendar Grey April 9, 2003
Dist Redhat Esm H88
Patch fixes ptrace exploit in Red Hat Linux kernel 2.4.20-6, enhancing system security and USB reliability.
The kernel package version 2.4.20-6 has a security hole in ptrace

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh " and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. RPMs required:

Red Hat Linux 9:

SRPMS:


athlon:



i386:




i586:


i686:






6. Verification:

MD5 sum Package Name 907a4a6ccd687be8cdb4c38b66d10e67 9/en/os/SRPMS/kernel-2.4.20-9.src.rpm 3cf6f66ef44bd670cacf4768b20f503c 9/en/os/athlon/kernel-2.4.20-9.athlon.rpm 984d637b03b999ec8d09d778acc06c04 9/en/os/athlon/kernel-smp-2.4.20-9.athlon.rpm 18d0088eae5b5f2daf2f3a955f0812e3 9/en/os/i386/kernel-BOOT-2.4.20-9.i386.rpm b987cbd4bbec07a65ca882e8276f7d96 9/en/os/i386/kernel-doc-2.4.20-9.i386.rpm 153b636ac64f7f52e62f1fba47b0ccf7 9/en/os/i386/kernel-source-2.4.20-9.i386.rpm 7aed26e3c4393f433255e3aa4d0bb409 9/en/os/i586/kernel-2.4.20-9.i586.rpm c78a4bb56e6acf96375ebb4a646f6826 9/en/os/i686/kernel-2.4.20-9.i686.rpm 0b9ce410c8a3e7639b8a2e82a53abf0e 9/en/os/i686/kernel-bigmem-2.4.20-9.i686.rpm 3ad01acbf3504ef601518e0489d5ce3f 9/en/os/i686/kernel-smp-2.4.20-9.i686.rpm


These packages are GPG signed by Red Hat for security. Our key is available at All Red Hat products

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum


Summary

References

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2003:135-00
Issue date: 2003-04-08
Updated on: 2003-04-08
Product: Red Hat Linux
Keywords: ptrace usb storage cdrom bind netdump
Cross references: RHSA-2003-098
Obsoletes:

Topic

Relevant Releases Architectures

Red Hat Linux 9 - athlon, i386, i586, i686

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.