I'm just wondering why this was sent out last Thursday but didn't make it onto BugTRAQ until today. Does anyone have any idea why there was such a holdup on the announcement making it out? -Jim P. On Thu, 2005-02-24 at 22:39 -0500, Marc Deslauriers wrote: > --------------------------------------------------------------------- > Fedora Legacy Update Advisory > > Synopsis: Updated kernel packages fix security issues > Advisory ID: FLSA:2336 > Issue date: 2005-02-24 > Product: Red Hat Linux, Fedora Core > Keywords: Bugfix > Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2336 > CVE Names: CAN-2004-0177 CAN-2004-0685 CAN-2004-0814 > CAN-2004-0883 CAN-2004-0949 CAN-2004-1016 > CAN-2004-1017 CAN-2004-1056 CAN-2004-1068 > CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 > CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 > CAN-2004-1234 CAN-2004-1235 CAN-2005-0001 > --------------------------------------------------------------------- > > > --------------------------------------------------------------------- > 1. Topic: > > Updated kernel packages that fix several security issues are now > available. > > The Linux kernel handles the basic functions of the operating system. > > 2. Relevant releases/architectures: > > Red Hat Linux 7.3 - i386 > Red Hat Linux 9 - i386 > Fedora Core 1 - i386 > > 3. Problem description: > > This update includes fixes for several security issues: > > The ext3 code in kernels before 2.4.26 did not properly initialize > journal descriptor blocks. A privileged local user could read portions > of kernel memory. The Common Vulnerabilities and Exposures project > (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue. > > Conectiva discovered flaws in certain USB drivers affecting kernels > prior to 2.4.27 which used the copy_to_user function on uninitialized > structures. These flaws could allow local users to read small amounts > of kernel memory. (CAN-2004-0685) > > Multiple race conditions in the terminal layer could allow local users > to obtain portions of kernel data via a TIOCSETD ioctl call to a > terminal interface that is being accessed by another thread. This could > also allow remote attackers to cause a denial of service (panic) by > switching from console to PPP line discipline, then quickly sending data > that is received during the switch. (CAN-2004-0814) > > Stefan Esser discovered various flaws including buffer overflows in > the smbfs driver affecting kernels prior to 2.4.28. A local user may be > able to cause a denial of service (crash) or possibly gain privileges. > In order to exploit these flaws the user would require control of > a connected Samba server. (CAN-2004-0883, CAN-2004-0949) > > ISEC security research and Georgi Guninski independantly discovered a > flaw in the scm_send function in the auxiliary message layer. A local > user could create a carefully crafted auxiliary message which could > cause a denial of service (system hang). (CAN-2004-1016) > > Multiple overflows were discovered and corrected in the io_edgeport > driver. (CAN-2004-1017) > > The Direct Rendering Manager (DRM) driver does not properly check the > DMA lock, which could allow remote attackers or local users to cause a > denial of service (X Server crash) and possibly modify the video output. > (CAN-2004-1056) > > A missing serialization flaw in unix_dgram_recvmsg was discovered that > affects kernels prior to 2.4.28. A local user could potentially make > use of a race condition in order to gain privileges. (CAN-2004-1068) > > Paul Starzetz of iSEC discovered various flaws in the ELF binary loader > affecting kernels prior to 2.4.28. A local user could use these flaws to > gain read access to executable-only binaries or possibly gain > privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, > CAN-2004-1074) > > ISEC security research discovered multiple vulnerabilities in the IGMP > functionality of the kernels. These flaws could allow a local user to > cause a denial of service (crash) or potentially gain privileges. Where > multicast applications are being used on a system, these flaws may also > allow remote users to cause a denial of service. (CAN-2004-1137) > > Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior > to 2.4.26. A local user could create a carefully crafted binary in such > a way that it would cause a denial of service (system crash). > (CAN-2004-1234) > > iSEC Security Research discovered a VMA handling flaw in the uselib(2) > system call of the Linux kernel. A local user could make use of this > flaw to gain elevated (root) privileges. (CAN-2004-1235) > > iSEC Security Research discovered a flaw in the page fault handler code > that could lead to local users gaining elevated (root) privileges on > multiprocessor machines. (CAN-2005-0001) > > All users are advised to upgrade their kernels to the packages > associated with their machine architectures and configurations as listed > in this erratum. > > 4. Solution: > > Before applying this update, make sure all previously released errata > relevant to your system have been applied. > > To install kernel packages manually, use "rpm -ivh <package>" and modify > system settings to boot the kernel you have installed. To do this, edit > /boot/grub/grub.conf and change the default entry to "default=0" (or, if > you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and > run lilo) > > Please note that this update is also available via yum and apt. Many > people find this an easier way to apply updates. To use yum issue: > > yum update > > or to use apt: > > apt-get update; apt-get upgrade > > This will start an interactive process that will result in the > appropriate RPMs being upgraded on your system. This assumes that you > have yum or apt-get configured for obtaining Fedora Legacy content. > Please visit http://www.fedoralegacy.org/docs for directions on how to > configure yum and apt-get. > > Note that this may not automatically pull the new kernel in if you have > configured apt/yum to ignore kernels. If so, follow the manual > instructions above. > > 5. Bug IDs fixed: > > http://bugzilla.fedora.us - bug #2336 - Kernel bugs > > 6. RPMs required: > > Red Hat Linux 7.3: > > SRPM: > http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm > > i386: > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm > > i586: > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm > > i686: > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm > > athlon: > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm > http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm > > Red Hat Linux 9: > > SRPM: > http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm > > i386: > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm > > i586: > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm > > i686: > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm > > athlon: > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm > http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm > > Fedora Core 1: > > SRPM: > http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm > > i386: > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm > > i586: > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm > > i686: > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm > > athlon: > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm > http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm > > 7. Verification: > > SHA1 sum Package Name > --------------------------------------------------------------------- > > 7900b4d4608f6f23f1b19f8545a67bd733493c65 > redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm > dad7ced597c96a258e11d0de8437356ac82e40f3 > redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm > caea6cb5c96897341c71e023e71d90b1b01bdde9 > redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm > ffe552201b6bfdc5359596ae901bc249a365cec6 > redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm > 4be06cfe9783c4d045fbfff4774e50f308fa6934 > redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm > 7d4b1b49e292ade40eb1f14e89338ae8df014981 > redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm > 6a17058770d6e6c2b8706232d1ceb60866b36ab0 > redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm > b8e1b78b834e48ec35906b3924eb2bd12a33e4d6 > redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm > 55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0 > redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm > c923851d4e460a672891db11bbc98089189a5a93 > redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm > dfcf9626635256e898e9696b7c8e58d826069be4 > redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm > f4620b08ec8e2ae3973d5b3e555893ab3a7ce340 > redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm > 2d6d73763d1d7631b61c40b8093757466dd24cd7 > redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm > 7b1f8f93eb586ae3fbe834670801d45b999700c2 > redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm > 8d472f8c69a624b310758472c7f387c258f73c02 > redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm > 618c079b5c9336a0bf0c4e7342616c001eea5f15 > redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm > dcc66fd50b44cdb55c543d2d0496de595e627d7a > redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm > d092d4efcc10b605fdf9724c5bd65560811063c4 > redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm > d99388a8d0f9b0b7e19aa61d25399dc4e5489427 > redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm > ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4 > redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm > 75e49f1b57037546407f3631a3c5f75fb2d671ee > redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm > c7b63e8f26ccb8a237a5918d50e04b112e13f700 > redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm > f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11 > redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm > d11209f3d111ed3e633662c5f651772f11282f8e > redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm > 91df569f7f98a976f2686628c9a45160c8f730c6 > fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm > 1ef2868a7a990521a080925ca81981cafa676258 > fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm > 5b093d72e5f7398f3b829c6ce557eb9817042732 > fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm > b66170a9431426138e454ddec7f3b98ec45a10fb > fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm > 4c5895f14271a8b5bc6e5489c053fba1f96e71f8 > fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm > a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb > fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm > c16b6217ac2ade811576e303a7eb1ddc0214d692 > fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm > d307317b04336c289cddde005e11c30b188119cb > fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm > 3b0301c812ad4379c6eb7bbd7970ab4f9602b37c > fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm > d14e7971299e22a38cdeee145028d797ea477a1c > fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm > > These packages are GPG signed by Fedora Legacy for security. Our key is > available from http://www.fedoralegacy org/about/security.php > > You can verify each package with the following command: > > rpm --checksig -v <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the sha1sum with the following command: > > sha1sum <filename> > > 8. References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001 > > 9. Contact: > > The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More > project details at http://www.fedoralegacy.org > > --------------------------------------------------------------------- > -- > > fedora-legacy-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
