INFORMATION BULLETIN

P-081: Linux Kernel Vulnerabilities

[RHSA-2004:689-06]

REVISION HISTORY:
01/21/2005 - added link to Red Hat Advisories RHSA-2005:016 and 2005:017 that 
             provide updated kernel packages for Enterprise Linux AS, ES, WS 
             (v.2.1) and Linux Advanced Workstation 2.1 for the Itanium Processor.  
             In addition to the vulnerabilities noted in the original bulletin, 
             these bulletins provide fixes for CAN#2005-0003, CAN-2004-1057, and 
             CAN-2004-1335. 
01/24/2005 - added a link to Secunia Advisory SA13972.
02/22/2005 - added a link to Red Hat Security Advisory RHSA-2005:092-14 for 
             Red Hat Desktop (v. 4) and Red Hat Enterprise Linux AS, ES, WS (v. 4).
03/24/2006 - added a link to DSA 1017
05/30/2006 - added a link to Debian Security Advisory DSA-1082-1 for Debian 
             GNU/Linux 3.0 alias woody.
			 
			 

[***** Start RHSA-2004:689-06 *****]

Updated kernel packages fix security vulnerabilities

Advisory: RHSA-2004:689-06 
Last updated on: 2004-12-23 
Affected Products: Red Hat Desktop (v. 3)
                          Red Hat Enterprise Linux AS (v. 3)
                          Red Hat Enterprise Linux ES (v. 3)
                          Red Hat Enterprise Linux WS (v. 3) 
CVEs (cve.mitre.org): CAN-2004-0565
                      CAN-2004-1016
                      CAN-2004-1017
                      CAN-2004-1137
                      CAN-2004-1144
                      CAN-2004-1234
 

back


   Security Advisory 


Details:

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the
Linux 2.4 kernel on the AMD64 architecture. A local attacker could use
this flaw to gain privileges. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1144 to this issue.

ISEC security research discovered multiple vulnerabilities in the IGMP
functionality which was backported in the Red Hat Enterprise Linux 3
kernels. These flaws could allow a local user to cause a denial of
service (crash) or potentially gain privileges. Where multicast
applications are being used on a system, these flaws may also allow remote
users to cause a denial of service. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to
this issue.

ISEC security research and Georgi Guninski independantly discovered a flaw
in the scm_send function in the auxiliary message layer. A local user
could create a carefully crafted auxiliary message which could cause a
denial of service (system hang). The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1016 to this issue.

A floating point information leak was discovered in the ia64 architecture
context switch code. A local user could use this flaw to read register
values of other processes by setting the MFH bit. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0565 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to
2.4.26. A local user could create a carefully crafted binary in such a
way that it would cause a denial of service (system crash). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1234 to this issue.

These packages also fix issues in the io_edgeport driver, and a memory leak
in ip_options_get.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.



Updated packages:

Red Hat Desktop (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
kernel-2.4.21-27.0.1.EL.src.rpm     abbf2ea9f5b6cd480eab25b472ed64ba 
  
IA-32: 
kernel-2.4.21-27.0.1.EL.athlon.rpm     1f8c7b25b7fffbc85993ec55905dcc5e 
kernel-2.4.21-27.0.1.EL.i686.rpm     b0a8a21ca61cb102ebbccb3ea815fa8d 
kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm     dbe3ea95f5e93c6d61394cb829dd18d4 
kernel-doc-2.4.21-27.0.1.EL.i386.rpm     7f4dd010b194e99a4e8e8cfdec9c2097 
kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm     abdef53df06ee9af541823ac24261f2d 
kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm     816e736618c6d05b35c979b2492d6fb8 
kernel-smp-2.4.21-27.0.1.EL.athlon.rpm     b7ec4b9732b8743940cab2f4853ccae8 
kernel-smp-2.4.21-27.0.1.EL.i686.rpm     6bd020027cdb043d747452fadc043ec5 
kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm     caec8b413e4b0bd3abe885fbde2b2d4c 
kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm     68ea78ae3d41965edd0cd80cc17ff95e 
kernel-source-2.4.21-27.0.1.EL.i386.rpm     162ab3a522f8160b09c1629f563a2fc4 
kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm     f67ab1ac2f5b06c9c0e97d074684974e 
kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm     7a997263d5c711cc787fe2a9bb4101a3 
  
x86_64: 
kernel-2.4.21-27.0.1.EL.ia32e.rpm     f5b00c38dc3884ecac2e5566c8db7471 
kernel-2.4.21-27.0.1.EL.x86_64.rpm     b143e2768ecc0b84e5d10987fe76925d 
kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm     010de9e78951ac60ad2d9b88fb3d4eba 
kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm     d41dff47cc7c3278daf998d447bc5809 
kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e792eaa5735a1852c2f32088fd24378f 
kernel-source-2.4.21-27.0.1.EL.x86_64.rpm     2271f0c3aec207d30b4c81b386fb64fb 
kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm     2a0f9f13ef39f254697455fb36af531e 
kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e2b329e10ee3a5d254385d49e57e3558 
  
Red Hat Enterprise Linux AS (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
kernel-2.4.21-27.0.1.EL.src.rpm     abbf2ea9f5b6cd480eab25b472ed64ba 
  
IA-32: 
kernel-2.4.21-27.0.1.EL.athlon.rpm     1f8c7b25b7fffbc85993ec55905dcc5e 
kernel-2.4.21-27.0.1.EL.i686.rpm     b0a8a21ca61cb102ebbccb3ea815fa8d 
kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm     dbe3ea95f5e93c6d61394cb829dd18d4 
kernel-doc-2.4.21-27.0.1.EL.i386.rpm     7f4dd010b194e99a4e8e8cfdec9c2097 
kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm     abdef53df06ee9af541823ac24261f2d 
kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm     816e736618c6d05b35c979b2492d6fb8 
kernel-smp-2.4.21-27.0.1.EL.athlon.rpm     b7ec4b9732b8743940cab2f4853ccae8 
kernel-smp-2.4.21-27.0.1.EL.i686.rpm     6bd020027cdb043d747452fadc043ec5 
kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm     caec8b413e4b0bd3abe885fbde2b2d4c 
kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm     68ea78ae3d41965edd0cd80cc17ff95e 
kernel-source-2.4.21-27.0.1.EL.i386.rpm     162ab3a522f8160b09c1629f563a2fc4 
kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm     f67ab1ac2f5b06c9c0e97d074684974e 
kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm     7a997263d5c711cc787fe2a9bb4101a3 
  
IA-64: 
kernel-2.4.21-27.0.1.EL.ia64.rpm     5d8f8152c6c9786cda4b12e75fe66221 
kernel-doc-2.4.21-27.0.1.EL.ia64.rpm     e3b551b4df18eadc40fe6ae7d0d0d013 
kernel-source-2.4.21-27.0.1.EL.ia64.rpm     f0ede4dc792c5cbbe3d80af6dd4bab07 
kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm     51fdf74adca231adebace8f019d8d920 
  
PPC: 
kernel-2.4.21-27.0.1.EL.ppc64iseries.rpm     bc4093dfba89bafa591eaa78ec5f6916 
kernel-2.4.21-27.0.1.EL.ppc64pseries.rpm     fc6f34a93f682a1273e0ec4375eb0998 
kernel-doc-2.4.21-27.0.1.EL.ppc64.rpm     9fad7bb5b55495ddee280d62de15b1dc 
kernel-source-2.4.21-27.0.1.EL.ppc64.rpm     c083c0b8df5ff034f269d8380e6dbad0 
kernel-unsupported-2.4.21-27.0.1.EL.ppc64iseries.rpm     abb1744cd91a84d40e7f5a016ead294c 
kernel-unsupported-2.4.21-27.0.1.EL.ppc64pseries.rpm     a39c1a6fa61b0295e0f5e3065b0812f6 
  
s390: 
kernel-2.4.21-27.0.1.EL.s390.rpm     30e5097e6dd66d5c21a99901882f7e9f 
kernel-doc-2.4.21-27.0.1.EL.s390.rpm     d481b85ea42c24a00736ea720ae48c39 
kernel-source-2.4.21-27.0.1.EL.s390.rpm     81c880f52af50c26f8a525e114b8b223 
kernel-unsupported-2.4.21-27.0.1.EL.s390.rpm     79fd1f5f22ad407138185018ee029750 
  
s390x: 
kernel-2.4.21-27.0.1.EL.s390x.rpm     dfcdfd9650c5a5012ade9ea3afb1c186 
kernel-doc-2.4.21-27.0.1.EL.s390x.rpm     66d37169facb8256fdf5f4658d11ac80 
kernel-source-2.4.21-27.0.1.EL.s390x.rpm     d3f921de093961d3badf8f1da21f4a82 
kernel-unsupported-2.4.21-27.0.1.EL.s390x.rpm     e7d85997309e95e1f778fd34a069d999 
  
x86_64: 
kernel-2.4.21-27.0.1.EL.ia32e.rpm     f5b00c38dc3884ecac2e5566c8db7471 
kernel-2.4.21-27.0.1.EL.x86_64.rpm     b143e2768ecc0b84e5d10987fe76925d 
kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm     010de9e78951ac60ad2d9b88fb3d4eba 
kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm     d41dff47cc7c3278daf998d447bc5809 
kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e792eaa5735a1852c2f32088fd24378f 
kernel-source-2.4.21-27.0.1.EL.x86_64.rpm     2271f0c3aec207d30b4c81b386fb64fb 
kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm     2a0f9f13ef39f254697455fb36af531e 
kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e2b329e10ee3a5d254385d49e57e3558 
  
Red Hat Enterprise Linux ES (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
kernel-2.4.21-27.0.1.EL.src.rpm     abbf2ea9f5b6cd480eab25b472ed64ba 
  
IA-32: 
kernel-2.4.21-27.0.1.EL.athlon.rpm     1f8c7b25b7fffbc85993ec55905dcc5e 
kernel-2.4.21-27.0.1.EL.i686.rpm     b0a8a21ca61cb102ebbccb3ea815fa8d 
kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm     dbe3ea95f5e93c6d61394cb829dd18d4 
kernel-doc-2.4.21-27.0.1.EL.i386.rpm     7f4dd010b194e99a4e8e8cfdec9c2097 
kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm     abdef53df06ee9af541823ac24261f2d 
kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm     816e736618c6d05b35c979b2492d6fb8 
kernel-smp-2.4.21-27.0.1.EL.athlon.rpm     b7ec4b9732b8743940cab2f4853ccae8 
kernel-smp-2.4.21-27.0.1.EL.i686.rpm     6bd020027cdb043d747452fadc043ec5 
kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm     caec8b413e4b0bd3abe885fbde2b2d4c 
kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm     68ea78ae3d41965edd0cd80cc17ff95e 
kernel-source-2.4.21-27.0.1.EL.i386.rpm     162ab3a522f8160b09c1629f563a2fc4 
kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm     f67ab1ac2f5b06c9c0e97d074684974e 
kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm     7a997263d5c711cc787fe2a9bb4101a3 
  
IA-64: 
kernel-2.4.21-27.0.1.EL.ia64.rpm     5d8f8152c6c9786cda4b12e75fe66221 
kernel-doc-2.4.21-27.0.1.EL.ia64.rpm     e3b551b4df18eadc40fe6ae7d0d0d013 
kernel-source-2.4.21-27.0.1.EL.ia64.rpm     f0ede4dc792c5cbbe3d80af6dd4bab07 
kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm     51fdf74adca231adebace8f019d8d920 
  
x86_64: 
kernel-2.4.21-27.0.1.EL.ia32e.rpm     f5b00c38dc3884ecac2e5566c8db7471 
kernel-2.4.21-27.0.1.EL.x86_64.rpm     b143e2768ecc0b84e5d10987fe76925d 
kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm     010de9e78951ac60ad2d9b88fb3d4eba 
kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm     d41dff47cc7c3278daf998d447bc5809 
kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e792eaa5735a1852c2f32088fd24378f 
kernel-source-2.4.21-27.0.1.EL.x86_64.rpm     2271f0c3aec207d30b4c81b386fb64fb 
kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm     2a0f9f13ef39f254697455fb36af531e 
kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e2b329e10ee3a5d254385d49e57e3558 
  
Red Hat Enterprise Linux WS (v. 3) 

--------------------------------------------------------------------------------
 
SRPMS: 
kernel-2.4.21-27.0.1.EL.src.rpm     abbf2ea9f5b6cd480eab25b472ed64ba 
  
IA-32: 
kernel-2.4.21-27.0.1.EL.athlon.rpm     1f8c7b25b7fffbc85993ec55905dcc5e 
kernel-2.4.21-27.0.1.EL.i686.rpm     b0a8a21ca61cb102ebbccb3ea815fa8d 
kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm     dbe3ea95f5e93c6d61394cb829dd18d4 
kernel-doc-2.4.21-27.0.1.EL.i386.rpm     7f4dd010b194e99a4e8e8cfdec9c2097 
kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm     abdef53df06ee9af541823ac24261f2d 
kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm     816e736618c6d05b35c979b2492d6fb8 
kernel-smp-2.4.21-27.0.1.EL.athlon.rpm     b7ec4b9732b8743940cab2f4853ccae8 
kernel-smp-2.4.21-27.0.1.EL.i686.rpm     6bd020027cdb043d747452fadc043ec5 
kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm     caec8b413e4b0bd3abe885fbde2b2d4c 
kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm     68ea78ae3d41965edd0cd80cc17ff95e 
kernel-source-2.4.21-27.0.1.EL.i386.rpm     162ab3a522f8160b09c1629f563a2fc4 
kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm     f67ab1ac2f5b06c9c0e97d074684974e 
kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm     7a997263d5c711cc787fe2a9bb4101a3 
  
IA-64: 
kernel-2.4.21-27.0.1.EL.ia64.rpm     5d8f8152c6c9786cda4b12e75fe66221 
kernel-doc-2.4.21-27.0.1.EL.ia64.rpm     e3b551b4df18eadc40fe6ae7d0d0d013 
kernel-source-2.4.21-27.0.1.EL.ia64.rpm     f0ede4dc792c5cbbe3d80af6dd4bab07 
kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm     51fdf74adca231adebace8f019d8d920 
  
x86_64: 
kernel-2.4.21-27.0.1.EL.ia32e.rpm     f5b00c38dc3884ecac2e5566c8db7471 
kernel-2.4.21-27.0.1.EL.x86_64.rpm     b143e2768ecc0b84e5d10987fe76925d 
kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm     010de9e78951ac60ad2d9b88fb3d4eba 
kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm     d41dff47cc7c3278daf998d447bc5809 
kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e792eaa5735a1852c2f32088fd24378f 
kernel-source-2.4.21-27.0.1.EL.x86_64.rpm     2271f0c3aec207d30b4c81b386fb64fb 
kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm     2a0f9f13ef39f254697455fb36af531e 
kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm     e2b329e10ee3a5d254385d49e57e3558 
  
(The unlinked packages above are only available from the Red Hat Network)
 

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/



Bugs fixed:  (see bugzilla for more information)

124734 - CAN-2004-0565 Information leak on Linux/ia64
126126 - CAN-2004-0565 Information leak on Linux/ia64
142593 - CAN-2004-1017 io_edgeport driver overflows
142729 - CAN-2004-1016 CMSG validation checks
142733 - 20041208 ip_options_get memory leak
142748 - CAN-2004-1137 IGMP flaws
142964 - CAN-2004-1144 x86-64 privilege escalation
142965 - CAN-2004-1234 kernel denial of service vulnerability and exploit



References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234




Keywords:

errata, kernel, security, taroon 

The listed packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

http://www.redhat.com/solutions/security/news/publickey/#key 
You can verify each package and see who signed it with the following command:

rpm --checksig -v filename 

If you only wish to verify that each package has not been corrupted or tampered with, 
examine only the md5sum with the following command:

md5sum filename 
The Red Hat security contact is security@redhat.com. More contact details at 
http://www.redhat.com/solutions/security/news/contact.html


[***** End RHSA-2004:689-06 *****]

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/