RedHat: Updated kernel packages fix security

    Date18 Jan 2005
    CategoryRed Hat
    7450
    Posted ByJoe Shakespeare
    Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Updated kernel packages fix security vulnerabilities
    Advisory ID:       RHSA-2005:043-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-043.html
    Issue date:        2005-01-18
    Updated on:        2005-01-18
    Product:           Red Hat Enterprise Linux
    Keywords:          taroon kernel security errata
    Obsoletes:         RHSA-2004:689
    CVE Names:         CAN-2004-1235 CAN-2004-1237 CAN-2005-0003
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated kernel packages that fix several security issues in Red Hat
    Enterprise Linux 3 are now available.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
    Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
    Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64
    
    3. Problem description:
    
    The Linux kernel handles the basic functions of the operating system.
    
    This advisory includes fixes for several security issues:
    
    iSEC Security Research discovered a VMA handling flaw in the uselib(2)
    system call of the Linux kernel.  A local user could make use of this
    flaw to gain elevated (root) privileges.  The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CAN-2004-1235 to
    this issue.
    
    A flaw was discovered where an executable could cause a VMA overlap leading
    to a crash.  A local user could trigger this flaw by creating a carefully
    crafted a.out binary on 32-bit systems or a carefully crafted ELF binary
    on Itanium systems.  The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2005-0003 to this issue.
    
    iSEC Security Research discovered a flaw in the page fault handler code
    that could lead to local users gaining elevated (root) privileges on
    multiprocessor machines.  The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2005-0001 to this issue. A patch
    that coincidentally fixed this issue was committed to the Update 4 kernel
    release in December 2004.  Therefore Red Hat Enterprise Linux 3 kernels
    provided by RHBA-2004:550 and subsequent updates are not vulnerable to
    this issue.
    
    A flaw in the system call filtering code in the audit subsystem included
    in Red Hat Enterprise Linux 3 allowed a local user to cause a crash when
    auditing was enabled.  The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2004-1237 to this issue.
    
    Olaf Kirch discovered that the recent security fixes for cmsg_len handling
    (CAN-2004-1016) broke 32-bit compatibility on 64-bit platforms such as
    AMD64 and Intel EM64T. A patch to correct this issue is included.
    
    A recent Internet Draft by Fernando Gont recommended that ICMP Source
    Quench messages be ignored by hosts.  A patch to ignore these messages is
    included.
    
    Note: The kernel-unsupported package contains various drivers and modules
    that are unsupported and therefore might contain security problems that
    have not been addressed.
    
    All Red Hat Enterprise Linux 3 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    132245 - CAN-2004-1237 Kernel panic when stopping Lotus Domino 6.52
    141996 - CAN-2004-1237 instant kernel panic from one line perl program - BAD
    142091 - CAN-2004-1237 kernel oops captured, system hangs
    142442 - CAN-2004-1237 kernel panic ( __audit_get_target)
    143866 - CAN-2004-1237 kernel panic caused by auditd
    144029 - LTC13264-Kernel errata from Dec 23 results in a DB2 shutdown.
    144048 - CAN-2004-1237 kernel panic when Oracle agentctl is run
    144134 - CAN-2004-1235 isec.pl uselib() privilege escalation
    144784 - CAN-2005-0003 huge vma-in-executable bug
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
    09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm
    
    athlon:
    8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
    ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
    fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    
    i386:
    f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
    12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
    3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm
    
    i686:
    79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
    b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
    1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
    0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
    9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
    95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm
    
    ia32e:
    edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
    90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm
    
    ia64:
    e221a4ac3760081e44613498be953467  kernel-2.4.21-27.0.2.EL.ia64.rpm
    5d11a56a9e01f16c1280e91f38783387  kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
    852eae888c00bae5ef615841966ab3e8  kernel-source-2.4.21-27.0.2.EL.ia64.rpm
    63ff55a139e19648bd9e2d8b6dd48e4a  kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm
    
    ppc64:
    ba9f26ba2b62b45c3b095ad27e788b36  kernel-doc-2.4.21-27.0.2.EL.ppc64.rpm
    4adf67ea243913ece424045c696fe88d  kernel-source-2.4.21-27.0.2.EL.ppc64.rpm
    
    ppc64iseries:
    32860054d812bd958f7dd7067fd8d062  kernel-2.4.21-27.0.2.EL.ppc64iseries.rpm
    b806c052dfdec4fd298b041ea6ae1ddd  kernel-unsupported-2.4.21-27.0.2.EL.ppc64iseries.rpm
    
    ppc64pseries:
    78e15c97f0bd6775837a5d17667a0b0d  kernel-2.4.21-27.0.2.EL.ppc64pseries.rpm
    a1d9e58411aa72bac10782701579d9f4  kernel-unsupported-2.4.21-27.0.2.EL.ppc64pseries.rpm
    
    s390:
    965050540cc98a2d020bf96fec166a9b  kernel-2.4.21-27.0.2.EL.s390.rpm
    dc258fbe8dfcdbe9991d83d5b9a2eaa6  kernel-doc-2.4.21-27.0.2.EL.s390.rpm
    879eea09a534959b7566d826b7f6178f  kernel-source-2.4.21-27.0.2.EL.s390.rpm
    867a209a3c7d0321ac7a730bb76f66b7  kernel-unsupported-2.4.21-27.0.2.EL.s390.rpm
    
    s390x:
    2f4704180201df5c9f4601d6388a2f1d  kernel-2.4.21-27.0.2.EL.s390x.rpm
    e94480cab994b4578f36d5b52cbe8a18  kernel-doc-2.4.21-27.0.2.EL.s390x.rpm
    82702da6b0a1f02ee75e35530d8cfa41  kernel-source-2.4.21-27.0.2.EL.s390x.rpm
    b7d12fcf166bdc9918d14be2b9d7edae  kernel-unsupported-2.4.21-27.0.2.EL.s390x.rpm
    
    x86_64:
    dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
    da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
    6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
    08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
    0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
    09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm
    
    athlon:
    8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
    ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
    fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    
    i386:
    f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
    12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
    3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm
    
    i686:
    79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
    b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
    1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
    0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
    9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
    95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm
    
    ia32e:
    edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
    90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm
    
    x86_64:
    dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
    da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
    6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
    08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
    0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
    09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm
    
    athlon:
    8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
    ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
    fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    
    i386:
    f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
    12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
    3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm
    
    i686:
    79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
    b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
    1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
    0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
    9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
    95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm
    
    ia32e:
    edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
    90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm
    
    ia64:
    e221a4ac3760081e44613498be953467  kernel-2.4.21-27.0.2.EL.ia64.rpm
    5d11a56a9e01f16c1280e91f38783387  kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
    852eae888c00bae5ef615841966ab3e8  kernel-source-2.4.21-27.0.2.EL.ia64.rpm
    63ff55a139e19648bd9e2d8b6dd48e4a  kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm
    
    x86_64:
    dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
    da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
    6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
    08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
    0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
    09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm
    
    athlon:
    8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
    ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
    fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm
    
    i386:
    f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
    12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
    3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm
    
    i686:
    79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
    b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
    1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
    0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
    9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
    95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm
    
    ia32e:
    edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
    90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm
    
    ia64:
    e221a4ac3760081e44613498be953467  kernel-2.4.21-27.0.2.EL.ia64.rpm
    5d11a56a9e01f16c1280e91f38783387  kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
    852eae888c00bae5ef615841966ab3e8  kernel-source-2.4.21-27.0.2.EL.ia64.rpm
    63ff55a139e19648bd9e2d8b6dd48e4a  kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm
    
    x86_64:
    dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
    da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
    6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
    08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
    0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://marc.theaimsgroup.com/?m=109503896031720
    http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
    http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1237
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.