--------------------------------------------------------------------- Fedora Test Update Notification FEDORALEGACY-2004-1804 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1804 2004-09-29 --------------------------------------------------------------------- Name : kernel Version 7.3 : 2.4.20-37.7.legacy Version 9 : 2.4.20-37.9.legacy Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue. This issue is addressed in the Red Hat 7.3 packages referenced in this advisory, having been previously fixed for Red Hat 9. These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue. This issue was addressed in the Red Hat 7.3 packages referenced in this advisory, having been previously fixed for Red Hat 9. A bug in the SoundBlaster 16 code which did not properly handle certain sample sizes has been fixed. This flaw could be used by local users to crash a system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0178 to this issue. Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0415 to this issue. During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances. In the 2.4 kernel, as shipped with Red Hat Enterprise Linux, the only way this could happen is through the kernel nfs server. A user on a system that mounted a remote file system from a vulnerable machine may be able to make unauthorized changes to the group ID of exported files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0497 to this issue. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. These flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. Integer overflow in the Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0619 to this issue. This driver has been removed from this release. Integer overflow in the IEEE 1394 (Firewire) driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0658 to this issue. The do_fork function in Linux 2.4.x before 2.4.26 had a bug which could trigger a memory leak leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0427 to this issue. An integer signedness error in the cpufreq proc handle allowed local users to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0228 to this issue. The JFS file system code in Linux 2.4.x had an information leak in which in-memory data is written to the device for the JFS file system, which allowed local users to obtain sensitive information by reading the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0181 to this issue. The XFS file system code in Linux 2.4.x had an information leak in which in-memory data is written to the device for the XFS file system, which allowed local users to obtain sensitive information by reading the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0133 to this issue. In addition, these packages correct further minor issues: An bug in the e1000 network driver. This bug could be used by local users to leak small amounts of kernel memory (CAN-2004-0535). Inappropriate permissions on /proc/scsi/qla2300/HbaApiNode (CAN-2004-0587). Potential buffer overflow in the panic() function (CAN-2004-0394). --------------------------------------------------------------------- Changelog: * Fri Aug 06 2004 Jon Peatfield <J.S.Peatfield@xxxxxxxxxxxxxxx> - fix linux-2.4.21-file-offset-fixes.patch to work with older gcc - versions e.g. on RH73 (Michal Jaegermann <michal@xxxxxxxxxxxx>) - - include various patches from RHEL which we didn't have yet: - argument size checks in proc_tty.c, binfmt_elf.c, socket.c, - char/vt.c, cdrom/cdu31a.c, arch/i386/kernel/mtrr.c ; type - check/ATIME fix in af_unix.c ; return checking in - char/consolemap.c ; sanity check in isdn/pcbit/capi.c ; extra - checks and type fixes in isdn/isdn_ppp.c, isdn/isdn_common.c ; - eflasg fix in arch/i386/kernel/traps.c. (Michal Jaegermann - <michal@xxxxxxxxxxxx>) - - add usb sparse patch (CAN-2004-0685) (mjc@xxxxxxxxxx) - see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921 - - nfs patch from Trond to allow us to serve clients which use - cookies != 8 bytes, OSX 10.3 uses 30 FreeBSD uses 20... - See http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125996 - http://www.fys.uio.no/~trondmy/src/Linux-2.4.x/2.4.23-rc1/linux-2.4.23-03-fix_osx.dif * Thu Aug 05 2004 Jon Peatfield <J.S.Peatfield@xxxxxxxxxxxxxxx> - add in updated fix for e1000, qla /proc permissions fix - fix possible races/overflows in file offset handling (Alexander Viro) * Fri Jul 02 2004 Jon Peatfield <jp107@xxxxxxxxxxxxxxx> - loosely based on fc1 changes by Dave Jones <davej@xxxxxxxxxx> - add patch to fix missing checks in fchown() (CAN-2004-0497) - Drop Broadcom 5820 driver due to code quality concerns. * Fri Jun 18 2004 Dominic Hargreaves <dom@xxxxxxxx> - Fix memory leak in kernel/fork.c. (CAN-2004-0427) - Numerous userspace pointer reference bugs found with the sparse tool by Al Viro. (CAN-2004-0495) - Fix e1000 driver information leak. (CAN-2004-0535) * Tue Jun 15 2004 Dominic Hargreaves <dom@xxxxxxxx> - Fix local DoS in "clear_cpu()" macro. (CAN-2004-0554) * Thu May 13 2004 Dominic Hargreaves <dom@xxxxxxxx> - Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228) - Fix for C1 Halt Disconnect problem on nForce2 systems. * Wed May 05 2004 Dominic Hargreaves <dom@xxxxxxxx> - Fix potential local denial of service in sb16 driver (CAN-2004-0178) - Fix information leak in JFS (CAN-2004-0181) - Add range checking to i810_dma() in DRM driver. - Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy() - Fix possible buffer overflow in panic() (CAN-2004-0394) * Tue Apr 13 2004 Dave Jones <davej@xxxxxxxxxx> - Yet another additional r128 DRM check. (CAN-2004-0003) - Bounds checking in ISO9660 filesystem. (CAN-2004-0109) - Fix Information leak in EXT3 (CAN-2004-0133) - Fix local DoS in mremap() --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 8a1c65a280190c3fc5102bb5a37db4a6d38dc38c 7.3/updates-testing/i386/kernel-2.4.20-37.7.legacy.athlon.rpm b7a9696838f7c981fa9dc7f016c626f068d77f32 7.3/updates-testing/i386/kernel-2.4.20-37.7.legacy.i386.rpm b01d2fc73b95e89a67b9490b7f7c4261be0b2d92 7.3/updates-testing/i386/kernel-2.4.20-37.7.legacy.i586.rpm 2c64ea0f6f088eeb2a47eed62f20fce086695f1f 7.3/updates-testing/i386/kernel-2.4.20-37.7.legacy.i686.rpm e76f2bbdb94c0baa2d8c81df33f1f001b4eb6515 7.3/updates-testing/i386/kernel-bigmem-2.4.20-37.7.legacy.i686.rpm 302b9f0ae8e4b8dc975b0243ada68287508d85e9 7.3/updates-testing/i386/kernel-BOOT-2.4.20-37.7.legacy.i386.rpm c63c54ec6da4d10a21cd768d9596edb463dab3f3 7.3/updates-testing/i386/kernel-doc-2.4.20-37.7.legacy.i386.rpm ca0abce4704e89972b4d55edc615d1ac77c9038a 7.3/updates-testing/i386/kernel-smp-2.4.20-37.7.legacy.athlon.rpm e151c2fe55bfb2ecc802ccbc82b176b6e6e32e27 7.3/updates-testing/i386/kernel-smp-2.4.20-37.7.legacy.i586.rpm 8cddf2b85c8e0aa6442d111a4190c2b2ebc65d45 7.3/updates-testing/i386/kernel-smp-2.4.20-37.7.legacy.i686.rpm 40595f8d08b8b631742cfb891168a96de36364f0 7.3/updates-testing/i386/kernel-source-2.4.20-37.7.legacy.i386.rpm d5122c56d20371d25921a789f20b4a429f0ed0ee 7.3/updates-testing/SRPMS/kernel-2.4.20-37.7.legacy.src.rpm f93b63bc5a40f24351a2d7855aaa66aacf6b1349 9/updates-testing/i386/kernel-2.4.20-37.9.legacy.athlon.rpm 15c94e731201db0ad89b41d9b2c35e7f85d6f517 9/updates-testing/i386/kernel-2.4.20-37.9.legacy.i386.rpm 5ee67818d1902c1e7ef919e1986c4c6f5cb58b6c 9/updates-testing/i386/kernel-2.4.20-37.9.legacy.i586.rpm 4a61fc7fd41a7d35cfcc25178ec5cb659ed3f6fe 9/updates-testing/i386/kernel-2.4.20-37.9.legacy.i686.rpm 790eef91cb194f60ab6c9ec5b0c4f08365b02022 9/updates-testing/i386/kernel-bigmem-2.4.20-37.9.legacy.i686.rpm dd464f337d30580cd60b279d3b28f1ff972b718c 9/updates-testing/i386/kernel-BOOT-2.4.20-37.9.legacy.i386.rpm 6283845b3af07cf065902f3e75312a3ef7b5c90a 9/updates-testing/i386/kernel-doc-2.4.20-37.9.legacy.i386.rpm 25f86ab0bb3cfb9e1cf03e71af16c3d58e3db12b 9/updates-testing/i386/kernel-smp-2.4.20-37.9.legacy.athlon.rpm c3f2461bd36aba58139e3cb29e34ecf9e97f6daf 9/updates-testing/i386/kernel-smp-2.4.20-37.9.legacy.i586.rpm d03acba749f539607b3068670d8d2b12e7a98c02 9/updates-testing/i386/kernel-smp-2.4.20-37.9.legacy.i686.rpm 65079b01af9d60ca90b6650690634aa5d0c79cfa 9/updates-testing/i386/kernel-source-2.4.20-37.9.legacy.i386.rpm 4fdcc24dba64ef30ce49b170f6bbd3be98a129d8 9/updates-testing/SRPMS/kernel-2.4.20-37.9.legacy.src.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. ---------------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
