--------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-251 2004-08-10 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kernel Version : 2.4.22 Release : 1.2199.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0415 to this issue. These packages contain a patch written by Al Viro to correct these flaws. Red Hat would like to thank iSEC Security Research for disclosing this issue and a number of vendor-sec participants for reviewing and working on the patch to this issue. Additionally, a number of issues were fixed in the USB serial code. References: http://www.isec.pl/vulnerabilities/isec-0016-procleaks.txt http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415 --------------------------------------------------------------------- * Wed Aug 04 2004 Dave Jones <davej@xxxxxxxxxx> - Fix various fpos races. (CAN-2004-0415) * Wed Jul 07 2004 Dave Jones <davej@xxxxxxxxxx> - Updates to usbserial post_helper (Pete Zaitcev) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 990abbc3a23ceb0dad35dcf86a9f22bd SRPMS/kernel-2.4.22-1.2199.nptl.src.rpm 09a7dc7a6acc6dd91b5c5870fc0c2215 x86_64/kernel-2.4.22-1.2199.nptl.x86_64.rpm 3ddc71af11ce37ef2e45a24e82e2b3e9 x86_64/kernel-source-2.4.22-1.2199.nptl.x86_64.rpm 4c25c4633ea124cb13c983c4426aeb2c x86_64/kernel-doc-2.4.22-1.2199.nptl.x86_64.rpm e60c0a0d1974f55a1c6d391f277ac811 x86_64/kernel-smp-2.4.22-1.2199.nptl.x86_64.rpm b5e8570da6b93c2778c007b5252a2cab x86_64/debug/kernel-debuginfo-2.4.22-1.2199.nptl.x86_64.rpm 0235c05043346ac36fe34e7aa6d7981e i386/kernel-source-2.4.22-1.2199.nptl.i386.rpm 4761cf2c7322ec44fa6fa177ac17a075 i386/kernel-doc-2.4.22-1.2199.nptl.i386.rpm 51784ae484de03f848ae9036100f3c3b i386/kernel-BOOT-2.4.22-1.2199.nptl.i386.rpm fd796c7a0a4b8d95c4b4970b66ff24ab i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i386.rpm ae0865018027dd9805e1c6ed31d2ad5c i386/kernel-2.4.22-1.2199.nptl.i586.rpm 5b87410e6d21d49ffd9007b7c495e094 i386/kernel-smp-2.4.22-1.2199.nptl.i586.rpm 75cf98521b45187a13fce4fa2246181e i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i586.rpm 37382d2ff7beb3873032270e290c8bd0 i386/kernel-2.4.22-1.2199.nptl.i686.rpm e1d1d064c83af617d57018f820e52e92 i386/kernel-smp-2.4.22-1.2199.nptl.i686.rpm e87f2192c4ccb72a82ae6042b203fcf0 i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i686.rpm 3ab11ad24807b682f375a640c9040688 i386/kernel-2.4.22-1.2199.nptl.athlon.rpm d1d18eab4c48cd0e5857dd8775344d49 i386/kernel-smp-2.4.22-1.2199.nptl.athlon.rpm 5068d9d87ab03dff7a9a1b14ce35cfaf i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.athlon.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------