--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New kernel 2.2 packages fix local vulnerabilities Advisory ID: RHSA-2002:210-06 Issue date: 2002-09-23 Updated on: 2002-10-10 Product: Red Hat Linux Keywords: elevated local root kernel Cross references: Obsoletes: RHSA-2001:142 --------------------------------------------------------------------- 1. Topic: Some potential local security vulnerabilities were found in the kernel during code audits; these have been fixed in the 2.2.22 kernel. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64 Red Hat Linux 7.0 - alpha, i386, i586, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A security code audit of the 2.2 kernel found a number of possible local security vulnerabilities. These vulnerabilities could allow a local user to obtain elevated (root) privileges. Red Hat Linux 6.2 and 7.0 shipped with the 2.2 kernel and are both vulnerable to these issues. All Red Hat Linux users using the 2.2 kernel should upgrade to the errata pacakages contaning the 2.2.22 kernel which are not vulnerable to these issues. Many thanks to Silvio Cesare and Solar Designer for their work in discovering these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The procedure for upgrading the kernel is documented at: http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html Please read the directions for your architecture carefully before proceeding with the kernel upgrade. Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly on default configurations of up2date. 5. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.2.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/kernel-enterprise-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-smp-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-BOOT-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-utils-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-doc-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-headers-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-source-2.2.22-6.2.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/kernel-jensen-2.2.22-6.2.2.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.2.i386.rpm i586: ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.2.i586.rpm ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.2.i586.rpm i686: ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.2.i686.rpm ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.2.i686.rpm ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.2.i686.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.2.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/kernel-enterprise-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-smp-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-BOOT-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-utils-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-doc-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-source-2.2.22-7.0.2.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/kernel-jensen-2.2.22-7.0.2.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.2.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.2.i386.rpm i586: ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.2.i586.rpm ftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.22-7.0.2.i586.rpm i686: ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.2.i686.rpm ftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.2.i686.rpm ftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.22-7.0.2.i686.rpm 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 17d2896d2f7fb9b6fb63128593e44cf7 6.2/en/os/SRPMS/kernel-2.2.22-6.2.2.src.rpm 934a473b6149c31aab29ffeb55d1bb33 6.2/en/os/alpha/kernel-2.2.22-6.2.2.alpha.rpm 3078540160bbcb03a9b087b8d3f02797 6.2/en/os/alpha/kernel-BOOT-2.2.22-6.2.2.alpha.rpm 78ad15c3d6e79f40906f660f337a41cf 6.2/en/os/alpha/kernel-doc-2.2.22-6.2.2.alpha.rpm df17f26a164abb1cc432a1601553c32c 6.2/en/os/alpha/kernel-enterprise-2.2.22-6.2.2.alpha.rpm 87d00fcd2b047605c3e6b2fcb2ed3550 6.2/en/os/alpha/kernel-headers-2.2.22-6.2.2.alpha.rpm f1357fd71e421012e86d57f5b8403b49 6.2/en/os/alpha/kernel-jensen-2.2.22-6.2.2.alpha.rpm d9848588d5b399e2e46dabef9dfa56a2 6.2/en/os/alpha/kernel-smp-2.2.22-6.2.2.alpha.rpm 2492a5eafc3a5369ee021f31acddc161 6.2/en/os/alpha/kernel-source-2.2.22-6.2.2.alpha.rpm f7866cc49775c8cc041a99630a8ccd8f 6.2/en/os/alpha/kernel-utils-2.2.22-6.2.2.alpha.rpm a8ed8ef5a2ab223ae3686b6c9332979d 6.2/en/os/i386/kernel-2.2.22-6.2.2.i386.rpm 415ee4e472766ff19818aa8f93959e06 6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.2.i386.rpm f08d05768682829b67a96837135f5b3e 6.2/en/os/i386/kernel-doc-2.2.22-6.2.2.i386.rpm e0e5f8eaaa90337287056ecdf61a1b85 6.2/en/os/i386/kernel-headers-2.2.22-6.2.2.i386.rpm 6f1c7eee03bdce33b41c45882786a90c 6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.2.i386.rpm 7fbb23912a3fff7d67bfff2fbb0e28af 6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.2.i386.rpm d64f7291e28cbeef5606d66f33deb741 6.2/en/os/i386/kernel-smp-2.2.22-6.2.2.i386.rpm a1daa9363e733e772e3d14821cc39379 6.2/en/os/i386/kernel-source-2.2.22-6.2.2.i386.rpm 265b166a208ad120483e90b0ddb1e150 6.2/en/os/i386/kernel-utils-2.2.22-6.2.2.i386.rpm 0b7f92ce29dff3dc44cef4cf5e7b739a 6.2/en/os/i586/kernel-2.2.22-6.2.2.i586.rpm ddc59fcecc7d8c78f072bcb24cc81cc9 6.2/en/os/i586/kernel-smp-2.2.22-6.2.2.i586.rpm 256c8301d5ee1ddfe1835f52106fc8ae 6.2/en/os/i686/kernel-2.2.22-6.2.2.i686.rpm 9c5e0a7ef930677409e17b6874b0a64c 6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.2.i686.rpm aa50bde6dbcfdccd105b094fb2a64b3e 6.2/en/os/i686/kernel-smp-2.2.22-6.2.2.i686.rpm 14c7af0e8c0d2eb4459e53457c711f6d 7.0/en/os/SRPMS/kernel-2.2.22-7.0.2.src.rpm 33b15c03cedaf29c677c11a4014c6fe0 7.0/en/os/alpha/kernel-2.2.22-7.0.2.alpha.rpm d0384d7a4b6537aad8f998e121fdc413 7.0/en/os/alpha/kernel-BOOT-2.2.22-7.0.2.alpha.rpm e1efc88a783d30235ee9772ec09e65da 7.0/en/os/alpha/kernel-doc-2.2.22-7.0.2.alpha.rpm bacb622d69236a51609495cb6613ff37 7.0/en/os/alpha/kernel-enterprise-2.2.22-7.0.2.alpha.rpm 836ffa5d2975669d1e81e66586d48733 7.0/en/os/alpha/kernel-jensen-2.2.22-7.0.2.alpha.rpm fc0ebba88dbbdf0af7ac00fda9f6dc64 7.0/en/os/alpha/kernel-smp-2.2.22-7.0.2.alpha.rpm 8bc6b2708e152fec14e9b1a1de0adfe1 7.0/en/os/alpha/kernel-source-2.2.22-7.0.2.alpha.rpm fdb3a29828d1f7b5a2592940a11f2cb6 7.0/en/os/alpha/kernel-utils-2.2.22-7.0.2.alpha.rpm c561988f01540db372bc01b8ae0c77d2 7.0/en/os/i386/kernel-2.2.22-7.0.2.i386.rpm 9d045b22d45c579b7482f6d748bc840a 7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.2.i386.rpm 1865fbcf74b3f91c0d2d57f1753b4a47 7.0/en/os/i386/kernel-doc-2.2.22-7.0.2.i386.rpm 3d3c946eba48ced9b4b652335e674786 7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.2.i386.rpm e840ba8a42aabb575b5be7f76d03315f 7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.2.i386.rpm 179b363e1de74a4fc221efa8c65eb756 7.0/en/os/i386/kernel-smp-2.2.22-7.0.2.i386.rpm 24f087e27a87b1023bde1095e7319207 7.0/en/os/i386/kernel-source-2.2.22-7.0.2.i386.rpm fb444ec4b89b911f08da0560d779836a 7.0/en/os/i386/kernel-utils-2.2.22-7.0.2.i386.rpm 3c5b3eb12bafd6b17763822194d662b6 7.0/en/os/i586/kernel-2.2.22-7.0.2.i586.rpm d6ec7ae5f3f2b08df563c26f8143ec16 7.0/en/os/i586/kernel-smp-2.2.22-7.0.2.i586.rpm 815ea0a611884d4285d3e60ec64b689b 7.0/en/os/i686/kernel-2.2.22-7.0.2.i686.rpm 16d4f5bbc2360d2fdb6a662d0cf9b9cb 7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.2.i686.rpm bc678bf0ce41901831fc585387a6d4d1 7.0/en/os/i686/kernel-smp-2.2.22-7.0.2.i686.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 7. References: http://www.kernel.org/pub/linux/kernel/v2.2/ChangeLog-2.2.22 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list