--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New kernel fixes local denial of service issue Advisory ID: RHSA-2002:262-07 Issue date: 2002-09-23 Updated on: 2002-11-16 Product: Red Hat Linux Keywords: bugtraq DoS Cross references: Obsoletes: RHSA-2002:205 RHSA-2002:206 --------------------------------------------------------------------- 1. Topic: The kernel in Red Hat Linux 7.1, 7.1K, 7.2, 7.3, and 8.0 are vulnerable to a local denial of service attack. Updated packages are available which address this vulnerability, as well as bugs in several drivers. 2. Relevant releases/architectures: Red Hat Linux 7.1 - athlon, i386, i586, i686 Red Hat Linux 7.2 - athlon, i386, i586, i686 Red Hat Linux 7.3 - athlon, i386, i586, i686 Red Hat Linux 8.0 - athlon, i386, i586, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A vulnerability in the Linux kernel has been discovered in which a non-root user can cause the machine to freeze. This kernel addresses the vulnerability. Note: This bug is specific to the x86 architecture kernels only, and does not affect ia64 or other architectures. In addition, a bug in the maestro3 soundcard driver has been fixed as well as a bug in the xircom pcmcia driver network driver and the tg3 network driver for Broadcom gigabit ethernet chips. All users of Red Hat Linux 7.1, 7.1K, 7.2, 7.3, and 8.0 should upgrade to these errata packages, which are not vulnerable to this issue. Thanks go to Christopher Devine for reporting the vulnerability on bugtraq, and Petr Vandrovec for being the first to supply a fix to the community. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied, especially the additional packages from RHSA-2002:205 and RHSA-2002:206 respectively. The procedure for upgrading the kernel manually is documented at: http://www.redhat.com/support/docs/howto/kernel-upgrade/ Please read the directions for your architecture carefully before proceeding with the kernel upgrade. Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly on default configurations of up2date. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 77834 - Working Dos from bugtraq mailing list 69920 - Kernel Crashes in TG3 Driver 76171 - kernel-2.4.18-17.7.x update caused maestro3 to stop working 77138 - Sound Modules Fail for Enigma kernel 2.4.18-17.7.x on Dell Latitude J750 76555 - problems with kernel-2.4.18-17.8.0 on Dell Latitude CPx 77565 - [gdth] NULL pointer dereference in scsi.c (scsi_release_commandblocks) 76233 - new kernel up2date hangs laptop at shutdown 77241 - esd peaks CPU w/ kernel 2.4.18-17.8.0 on Dell Inspiron 8100 77258 - Ethernet interface not working on SiS 963 south bridge (SiS 648 chipset) 77134 - Sound Modules fail for Enigma kernel 2.4.18-17.7.x 76385 - 2.4.18-17.7.x update breaks Wacom tablet support 75359 - kernel source does not compile due to missing include files 76624 - Segmentation Fault using GDTH on RH72 kernel-smp-2.4.18-17.7.x 76206 - xirc2ps_cs hangs apmd after upgrading to 2.4.18-17 6. RPMs required: Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm athlon: ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm i586: ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm i686: ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm athlon: ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm i586: ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm i686: ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm athlon: ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm i586: ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm i686: ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm ftp://updates.redhat.com/7.3/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm Red Hat Linux 8.0: SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.18-18.8.0.src.rpm athlon: ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.18-18.8.0.athlon.rpm ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.18-18.8.0.athlon.rpm i386: ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.18-18.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.18-18.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.18-18.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.18-18.8.0.i386.rpm i586: ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.18-18.8.0.i586.rpm ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.18-18.8.0.i586.rpm i686: ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.18-18.8.0.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.18-18.8.0.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.18-18.8.0.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-debug-2.4.18-18.8.0.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-uml-2.4.18-18.8.0.i686.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 7f8581e632826cafd7530109c79c19bb 7.1/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm e38b754b71fb5a091f3bce785c968724 7.1/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm 0ab8f1aa236289f6c3c9c152cd578669 7.1/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm d16d76b77189d9da17481e9c0e0cc0ca 7.1/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm 026e9c4a13ba2fd3fdd49eb9b2f432ea 7.1/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm 02c6831a3e971fab22ecbb5f1e1a09f3 7.1/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm a81a5af709b40d713100a82124e7c0dd 7.1/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm fd20bdd2a82510eab8e8498fec0232fb 7.1/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm a1ed7b8fd3d6de8db0ec73b0b4e75f1d 7.1/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm d8adfe12ad67f8bac27339a450b97499 7.1/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm ff7a46200b12e53e5092b9d889c7cb9c 7.1/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm 61e83bb1999b8fa861fb98f41b8f46ef 7.1/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm 20be5fba2e3ebe73c1126bb61fce6c43 7.1/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm 7f8581e632826cafd7530109c79c19bb 7.2/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm e38b754b71fb5a091f3bce785c968724 7.2/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm 0ab8f1aa236289f6c3c9c152cd578669 7.2/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm d16d76b77189d9da17481e9c0e0cc0ca 7.2/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm 026e9c4a13ba2fd3fdd49eb9b2f432ea 7.2/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm 02c6831a3e971fab22ecbb5f1e1a09f3 7.2/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm a81a5af709b40d713100a82124e7c0dd 7.2/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm fd20bdd2a82510eab8e8498fec0232fb 7.2/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm a1ed7b8fd3d6de8db0ec73b0b4e75f1d 7.2/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm d8adfe12ad67f8bac27339a450b97499 7.2/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm ff7a46200b12e53e5092b9d889c7cb9c 7.2/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm 61e83bb1999b8fa861fb98f41b8f46ef 7.2/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm 20be5fba2e3ebe73c1126bb61fce6c43 7.2/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm 7f8581e632826cafd7530109c79c19bb 7.3/en/os/SRPMS/kernel-2.4.18-18.7.x.src.rpm e38b754b71fb5a091f3bce785c968724 7.3/en/os/athlon/kernel-2.4.18-18.7.x.athlon.rpm 0ab8f1aa236289f6c3c9c152cd578669 7.3/en/os/athlon/kernel-smp-2.4.18-18.7.x.athlon.rpm d16d76b77189d9da17481e9c0e0cc0ca 7.3/en/os/i386/kernel-2.4.18-18.7.x.i386.rpm 026e9c4a13ba2fd3fdd49eb9b2f432ea 7.3/en/os/i386/kernel-BOOT-2.4.18-18.7.x.i386.rpm 02c6831a3e971fab22ecbb5f1e1a09f3 7.3/en/os/i386/kernel-doc-2.4.18-18.7.x.i386.rpm a81a5af709b40d713100a82124e7c0dd 7.3/en/os/i386/kernel-source-2.4.18-18.7.x.i386.rpm fd20bdd2a82510eab8e8498fec0232fb 7.3/en/os/i586/kernel-2.4.18-18.7.x.i586.rpm a1ed7b8fd3d6de8db0ec73b0b4e75f1d 7.3/en/os/i586/kernel-smp-2.4.18-18.7.x.i586.rpm d8adfe12ad67f8bac27339a450b97499 7.3/en/os/i686/kernel-2.4.18-18.7.x.i686.rpm ff7a46200b12e53e5092b9d889c7cb9c 7.3/en/os/i686/kernel-bigmem-2.4.18-18.7.x.i686.rpm 61e83bb1999b8fa861fb98f41b8f46ef 7.3/en/os/i686/kernel-debug-2.4.18-18.7.x.i686.rpm 20be5fba2e3ebe73c1126bb61fce6c43 7.3/en/os/i686/kernel-smp-2.4.18-18.7.x.i686.rpm 65f6590b550c8a0d0b04bb885c12368d 8.0/en/os/SRPMS/kernel-2.4.18-18.8.0.src.rpm 946a8573a7af951a37f91bfbd445da07 8.0/en/os/athlon/kernel-2.4.18-18.8.0.athlon.rpm c31721f77fc44fd6bab38c75ff66fa17 8.0/en/os/athlon/kernel-smp-2.4.18-18.8.0.athlon.rpm 6da80288107c7b7bb574c8aa47242e3b 8.0/en/os/i386/kernel-2.4.18-18.8.0.i386.rpm 889397ada127361d19bb29c83eb33b57 8.0/en/os/i386/kernel-BOOT-2.4.18-18.8.0.i386.rpm 9c91e050657805d547b1664ca55d7691 8.0/en/os/i386/kernel-doc-2.4.18-18.8.0.i386.rpm b99ffefa103eeb4d12ad6efae9cf4ef1 8.0/en/os/i386/kernel-source-2.4.18-18.8.0.i386.rpm 93835d95e05a593fd86b497259d6a313 8.0/en/os/i586/kernel-2.4.18-18.8.0.i586.rpm 6ba903e2c94ea619baf10ebffdfd9a15 8.0/en/os/i586/kernel-smp-2.4.18-18.8.0.i586.rpm 41fea4a230a8989d16151fe21b38c9d4 8.0/en/os/i686/kernel-2.4.18-18.8.0.i686.rpm 3b5aa2480f92f79b2a9f597a865dc6a5 8.0/en/os/i686/kernel-bigmem-2.4.18-18.8.0.i686.rpm 6026588279d9871ffac63e15a9091563 8.0/en/os/i686/kernel-debug-2.4.18-18.8.0.i686.rpm b94e4989c4c28fab3fbe1fa8b79ea902 8.0/en/os/i686/kernel-smp-2.4.18-18.8.0.i686.rpm be0e87f588f1995d48ed72c3251d21be 8.0/en/os/i686/kernel-uml-2.4.18-18.8.0.i686.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://online.securityfocus.com/archive/1/299687/2002-11-11/2002-11-17/0 9. Contact: The Red Hat security contact is <security@redhat.com>. More contact details at http://www.redhat.com/solutions/security/news/contact.html Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list