INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | Updated kernel packages fix multiple vulnerabilities. |
| PLATFORM: | Red Hat Enterprise Linux AS, ES, and WS v.3 Red Hat Enterprise Linux AS, ES, and WS v.2.1 Red Hat Advanced Workstation 2.1 for the Itanium Processor Red Hat Desktop v.3 Debian GNU/Linux 3.0 alias woody |
| DAMAGE: | Various vulnerabilities include: - privilege escalation - buffer overflows - execution of arbitrary code - unauthorized modifications to memory - denial of service attacks |
| SOLUTION: | Update to the appropriate Red Hat package. |
| VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. At worst, a local user could gain root privileges. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/p-047.shtml |
| ORIGINAL BULLETIN: | https://rhn.redhat.com/errata/RHSA-2004-549.html https://rhn.redhat.com/errata/RHSA-2004-504.html https://rhn.redhat.com/errata/RHSA-2004-505.html |
| ADDITIONAL LINKS : | Red Hat Security Advisory RHSA-2005:275-09 |
| https://rhn.redhat.com/errata/RHSA-2005-275.html | |
| Debian Security Advisory DSA-1082-1 | |
| http://www.debian.org/security/2006/dsa-1082 | |
| CVE/CAN: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0136 CAN-2004-0619 CAN-2004-0685 CAN-2004-0812 CAN-2004-0883 CAN-2004-0949 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073 |
REVISION HISTORY:
12/21/2004 - added link information to Red Hat Advisories:
RHSA-2004:504-13 / Itanium packages
RHSA-2004:505-14 / kernel packages
05/18/2005 - added link to Red Hat Advisory RHSA-2005:275-09. This advisory deals
with ia32el.
05/30/2006 - added a link to Debian Security Advisory DSA-1082-1 for Debian GNU/Linux 3.0 alias woody.
[***** Start Red Hat Advisory RHSA-2004:549-10 *****]
Updated kernel packages fix security vulnerabilities
Advisory: RHSA-2004:549-10
Last updated on: 2004-12-02
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CAN-2004-0136
CAN-2004-0619
CAN-2004-0685
CAN-2004-0812
CAN-2004-0883
CAN-2004-0949
CAN-2004-1068
CAN-2004-1070
CAN-2004-1071
CAN-2004-1072
CAN-2004-1073
Security Advisory
Details:
Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.
The Linux kernel handles the basic functions of the operating system.
This update includes fixes for several security issues:
A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28. A local user could potentially make
use of a race condition in order to gain privileges. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1068 to this issue.
Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use thse
flaws to gain read access to executable-only binaries or possibly gain
privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)
A flaw when setting up TSS limits was discovered that affects AMD AMD64
and Intel EM64T architecture kernels prior to 2.4.23. A local user could
use this flaw to cause a denial of service (crash) or possibly gain
privileges. (CAN-2004-0812)
An integer overflow flaw was discovered in the ubsec_keysetup function
in the Broadcom 5820 cryptonet driver. On systems using this driver,
a local user could cause a denial of service (crash) or possibly gain
elevated privileges. (CAN-2004-0619)
Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels prior to 2.4.28. A local user may be
able to cause a denial of service (crash) or possibly gain privileges.
In order to exploit these flaws the user would require control of
a connected Samba server. (CAN-2004-0883, CAN-2004-0949)
SGI discovered a bug in the elf loader that affects kernels prior to
2.4.25 which could be triggered by a malformed binary. On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash). (CAN-2004-0136)
Conectiva discovered flaws in certain USB drivers affecting kernels
prior to 2.4.27 which used the copy_to_user function on uninitialized
structures. These flaws could allow local users to read small amounts
of kernel memory. (CAN-2004-0685)
All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
Updated packages:
Red Hat Desktop (v. 3)
----------------------------------------------------------------------------
SRPMS:
kernel-2.4.21-20.0.1.EL.src.rpm c9e3ddfa76b6337d22ee18de622288c1
IA-32:
kernel-2.4.21-20.0.1.EL.athlon.rpm f8c081ece832012d2336fdd79e4deb60
kernel-2.4.21-20.0.1.EL.i686.rpm 333a016b05fefae9c36edce0db8ce528
kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm 6783573b11708147b9eeebccfadc0d82
kernel-doc-2.4.21-20.0.1.EL.i386.rpm 6dd1727c460491c50d3baafa9f3eb48e
kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm 0880fd510254db4de758d7769c12aa22
kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671
kernel-smp-2.4.21-20.0.1.EL.athlon.rpm fdb4239f2bb030111db06b4d97db5caf
kernel-smp-2.4.21-20.0.1.EL.i686.rpm 8c78b2438e867fb71842d766d0e9124d
kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955
kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224
kernel-source-2.4.21-20.0.1.EL.i386.rpm 2a562d9602e88bf603315e8284be1b63
kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175
kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm 87f698bc20a97bdd8cc0d700449cb93f
x86_64:
kernel-2.4.21-20.0.1.EL.ia32e.rpm e30fe011aaec81a31ef08d318dbc0fcb
kernel-2.4.21-20.0.1.EL.x86_64.rpm a7b9984ba33ef118bfac14ccf3d55a92
kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm 11d87e3ae8f05534a8863edf9609a054
kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm e91f6c5fb7353522f1e1edf4fa5ddc32
kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0
kernel-source-2.4.21-20.0.1.EL.x86_64.rpm bc37b34ac3e62c3ae600615621d8f2d2
kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm 56b4bb346e1eac026ae7d68952ce2c2e
kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48
Red Hat Enterprise Linux AS (v. 3)
-----------------------------------------------------------------------------
SRPMS:
kernel-2.4.21-20.0.1.EL.src.rpm c9e3ddfa76b6337d22ee18de622288c1
IA-32:
kernel-2.4.21-20.0.1.EL.athlon.rpm f8c081ece832012d2336fdd79e4deb60
kernel-2.4.21-20.0.1.EL.i686.rpm 333a016b05fefae9c36edce0db8ce528
kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm 6783573b11708147b9eeebccfadc0d82
kernel-doc-2.4.21-20.0.1.EL.i386.rpm 6dd1727c460491c50d3baafa9f3eb48e
kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm 0880fd510254db4de758d7769c12aa22
kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671
kernel-smp-2.4.21-20.0.1.EL.athlon.rpm fdb4239f2bb030111db06b4d97db5caf
kernel-smp-2.4.21-20.0.1.EL.i686.rpm 8c78b2438e867fb71842d766d0e9124d
kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955
kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224
kernel-source-2.4.21-20.0.1.EL.i386.rpm 2a562d9602e88bf603315e8284be1b63
kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175
kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm 87f698bc20a97bdd8cc0d700449cb93f
IA-64:
kernel-2.4.21-20.0.1.EL.ia64.rpm 602204cf75227aa55af4701cc4528517
kernel-doc-2.4.21-20.0.1.EL.ia64.rpm 999dae9a7f28e800a969f9470fd01aa9
kernel-source-2.4.21-20.0.1.EL.ia64.rpm a5ab35ad4ec2542009bcf798d53c1a7a
kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm 7d3b7d3723dfa22e9587cf504da049f5
PPC:
kernel-2.4.21-20.0.1.EL.ppc64iseries.rpm b22a72441fa3b7ca93101e41f4bee003
kernel-2.4.21-20.0.1.EL.ppc64pseries.rpm 2f5724e8b26f64ac1a3b401a8ce4e55a
kernel-doc-2.4.21-20.0.1.EL.ppc64.rpm 677ab689167f78686f91b88f36aa70a3
kernel-source-2.4.21-20.0.1.EL.ppc64.rpm 2b0078cf957293819e11232b8d090b55
kernel-unsupported-2.4.21-20.0.1.EL.ppc64iseries.rpm
e8a2dd6770e48537a4606f5cb413a82e
kernel-unsupported-2.4.21-20.0.1.EL.ppc64pseries.rpm
ba54755ba36b7176270d807468232af7
s390:
kernel-2.4.21-20.0.1.EL.s390.rpm 2c69b4903f00b833dc6343fecb1cbc21
kernel-doc-2.4.21-20.0.1.EL.s390.rpm 229cdd30ce01ff95e5c12660598631b3
kernel-source-2.4.21-20.0.1.EL.s390.rpm de76d738799e18613ff9d791e56453e9
kernel-unsupported-2.4.21-20.0.1.EL.s390.rpm 4b75ed72fff3f4a4a6a0f05e23bdaeeb
s390x:
kernel-2.4.21-20.0.1.EL.s390x.rpm e46dc77dc92833dea60ba5a03bf462f1
kernel-doc-2.4.21-20.0.1.EL.s390x.rpm d8ed930629a1292ac52eeb1a9bbd067f
kernel-source-2.4.21-20.0.1.EL.s390x.rpm 585d443c6dd03e4ef290b637f5e7238c
kernel-unsupported-2.4.21-20.0.1.EL.s390x.rpm e1050dc296ba58c1b174fdf5ceb53be1
x86_64:
kernel-2.4.21-20.0.1.EL.ia32e.rpm e30fe011aaec81a31ef08d318dbc0fcb
kernel-2.4.21-20.0.1.EL.x86_64.rpm a7b9984ba33ef118bfac14ccf3d55a92
kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm 11d87e3ae8f05534a8863edf9609a054
kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm e91f6c5fb7353522f1e1edf4fa5ddc32
kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0
kernel-source-2.4.21-20.0.1.EL.x86_64.rpm bc37b34ac3e62c3ae600615621d8f2d2
kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e
kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48
Red Hat Enterprise Linux ES (v. 3)
-----------------------------------------------------------------------------
SRPMS:
kernel-2.4.21-20.0.1.EL.src.rpm c9e3ddfa76b6337d22ee18de622288c1
IA-32:
kernel-2.4.21-20.0.1.EL.athlon.rpm f8c081ece832012d2336fdd79e4deb60
kernel-2.4.21-20.0.1.EL.i686.rpm 333a016b05fefae9c36edce0db8ce528
kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm 6783573b11708147b9eeebccfadc0d82
kernel-doc-2.4.21-20.0.1.EL.i386.rpm 6dd1727c460491c50d3baafa9f3eb48e
kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm 0880fd510254db4de758d7769c12aa22
kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671
kernel-smp-2.4.21-20.0.1.EL.athlon.rpm fdb4239f2bb030111db06b4d97db5caf
kernel-smp-2.4.21-20.0.1.EL.i686.rpm 8c78b2438e867fb71842d766d0e9124d
kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955
kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224
kernel-source-2.4.21-20.0.1.EL.i386.rpm 2a562d9602e88bf603315e8284be1b63
kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175
kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f
IA-64:
kernel-2.4.21-20.0.1.EL.ia64.rpm 602204cf75227aa55af4701cc4528517
kernel-doc-2.4.21-20.0.1.EL.ia64.rpm 999dae9a7f28e800a969f9470fd01aa9
kernel-source-2.4.21-20.0.1.EL.ia64.rpm a5ab35ad4ec2542009bcf798d53c1a7a
kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm 7d3b7d3723dfa22e9587cf504da049f5
x86_64:
kernel-2.4.21-20.0.1.EL.ia32e.rpm e30fe011aaec81a31ef08d318dbc0fcb
kernel-2.4.21-20.0.1.EL.x86_64.rpm a7b9984ba33ef118bfac14ccf3d55a92
kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm 11d87e3ae8f05534a8863edf9609a054
kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm e91f6c5fb7353522f1e1edf4fa5ddc32
kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0
kernel-source-2.4.21-20.0.1.EL.x86_64.rpm bc37b34ac3e62c3ae600615621d8f2d2
kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e
kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48
Red Hat Enterprise Linux WS (v. 3)
-----------------------------------------------------------------------------
SRPMS:
kernel-2.4.21-20.0.1.EL.src.rpm c9e3ddfa76b6337d22ee18de622288c1
IA-32:
kernel-2.4.21-20.0.1.EL.athlon.rpm f8c081ece832012d2336fdd79e4deb60
kernel-2.4.21-20.0.1.EL.i686.rpm 333a016b05fefae9c36edce0db8ce528
kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm 6783573b11708147b9eeebccfadc0d82
kernel-doc-2.4.21-20.0.1.EL.i386.rpm 6dd1727c460491c50d3baafa9f3eb48e
kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm 0880fd510254db4de758d7769c12aa22
kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671
kernel-smp-2.4.21-20.0.1.EL.athlon.rpm fdb4239f2bb030111db06b4d97db5caf
kernel-smp-2.4.21-20.0.1.EL.i686.rpm 8c78b2438e867fb71842d766d0e9124d
kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955
kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224
kernel-source-2.4.21-20.0.1.EL.i386.rpm 2a562d9602e88bf603315e8284be1b63
kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175
kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f
IA-64:
kernel-2.4.21-20.0.1.EL.ia64.rpm 602204cf75227aa55af4701cc4528517
kernel-doc-2.4.21-20.0.1.EL.ia64.rpm 999dae9a7f28e800a969f9470fd01aa9
kernel-source-2.4.21-20.0.1.EL.ia64.rpm a5ab35ad4ec2542009bcf798d53c1a7a
kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5
x86_64:
kernel-2.4.21-20.0.1.EL.ia32e.rpm e30fe011aaec81a31ef08d318dbc0fcb
kernel-2.4.21-20.0.1.EL.x86_64.rpm a7b9984ba33ef118bfac14ccf3d55a92
kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm 11d87e3ae8f05534a8863edf9609a054
kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm e91f6c5fb7353522f1e1edf4fa5ddc32
kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0
kernel-source-2.4.21-20.0.1.EL.x86_64.rpm bc37b34ac3e62c3ae600615621d8f2d2
kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e
kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48
(The unlinked packages above are only available from the Red Hat Network)
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
Bugs fixed: (see bugzilla for more information)
127258 - CAN-2004-0619 Broadcom 5820 integer overflow
127915 - CAN-2004-0136 Verify interpreter arch
127918 - CAN-2004-0685 usb sparse fixes in 2.4
133003 - CAN-2004-0812 User application with "out" instruction can crash
the system
134720 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949)
134874 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071
CAN-2004-1072 CAN-2004-1073)
134981 - CAN-2004-0136 Program crashes the kernel
140710 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073
Keywords:
AF_UNIX, errata, kernel, security, taroon
-----------------------------------------------------------------------------
The listed packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/solutions/security/news/publickey/#key
You can verify each package and see who signed it with the following
command:
rpm --checksig -v filename
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum filename
The Red Hat security contact is security@redhat.com. More contact details
at http://www.redhat.com/solutions/security/news/contact.html
Copyright © 2002 Red Hat, Inc. All rights reserved.
[***** End Red Hat Advisory RHSA-2004:549-10 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/