[RHSA-2004:260-01] Updated kernel packages fix security vulnerabilities
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jun 18 21:25:00 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: RHSA-2004:260-01
Issue date: 2004-06-18
Updated on: 2004-06-18
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes: RHSA-2004:188
CVE Names: CAN-2004-0495 CAN-2004-0554
- ---------------------------------------------------------------------
1. Topic:
Updated kernel packages for Red Hat Enterprise Linux 2.1 that fix security
vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64
that allowed local users to cause a denial of service (system crash) by
triggering a signal handler with a certain sequence of fsave and frstor
instructions. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0554 to this issue.
Enhancements were committed to the 2.6 kernel by Al Viro which enabled the
Sparse source code checking tool to check for a certain class of kernel
bugs. A subset of these fixes also applies to various drivers in the 2.4
kernel. These flaws could lead to privilege escalation or access to kernel
memory. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0495 to these issues.
All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum. These packages contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
https://rhn.redhat.com/help/latest-up2date.pxt
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
126122 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel
126031 - CAN-2004-0554 local user can get the kernel to hang
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm
athlon:
Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm
i386:
Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm
i686:
Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-summit-2.4.9-e.41.i686.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm
athlon:
Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm
i386:
Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm
i686:
Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm
athlon:
Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm
Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm
i386:
Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm
Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm
i686:
Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
e8a6f83bc24e92297315f751559a251a kernel-2.4.9-e.41.athlon.rpm
3e0d87495a7c6b7bef7e02f55ef6d24a kernel-2.4.9-e.41.i686.rpm
3958537aa5fd88aebb95864351f824c8 kernel-2.4.9-e.41.src.rpm
fdf9aa6832ac6faeb301988d98e7a31b kernel-BOOT-2.4.9-e.41.i386.rpm
8aa5eb290f69829b5284c90705b6061f kernel-debug-2.4.9-e.41.i686.rpm
4af5cd44eb2fa282c0d743927478738c kernel-doc-2.4.9-e.41.i386.rpm
703fec744138ab5ca5118e266e5b75f1 kernel-enterprise-2.4.9-e.41.i686.rpm
55f2acc05244bf82043d85920aeab3e4 kernel-headers-2.4.9-e.41.i386.rpm
04ab73b3bca23210c7643a74a7602b49 kernel-smp-2.4.9-e.41.athlon.rpm
b2186df6f7d6c688a30365a17dc9a4b4 kernel-smp-2.4.9-e.41.i686.rpm
e6b5c0f91e0808d6c1ba5de86b600c17 kernel-source-2.4.9-e.41.i386.rpm
e05538bec3d7e58542c34f222890facf kernel-summit-2.4.9-e.41.i686.rpm
These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/team/key.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554
9. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFA012sXlSAg2UNWIIRApqaAJ9Nuz1XLmQCLCw1ieJIqA7dXpEZngCfSUGf
kKnzkP/NlgcdhMGvZQK682k=
=k/N4
-----END PGP SIGNATURE-----
More information about the Enterprise-watch-list
mailing list