[RHSA-2005:472-01] Important: kernel security update

bugzilla at redhat.com bugzilla at redhat.com
Wed May 25 16:48:00 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2005:472-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-472.html
Issue date:        2005-05-25
Updated on:        2005-05-25
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2005:294
CVE Names:         CAN-2004-0491 CAN-2005-0176 CAN-2005-1263
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the three security issues
described below as well as an important fix for a problem that could
lead to data corruption on x86-architecture SMP systems with greater
than 4GB of memory through heavy usage of multi-threaded applications.

A flaw between execve() syscall handling and core dumping of ELF-format
executables allowed local unprivileged users to cause a denial of
service (system crash) or possibly gain privileges.  The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-1263
to this issue.

A flaw in shared memory locking allowed local unprivileged users to lock
and unlock regions of shared memory segments they did not own (CAN-2005-0176).

A flaw in the locking of SysV IPC shared memory regions allowed local
unprivileged users to bypass their RLIMIT_MEMLOCK resource limit
(CAN-2004-0491).

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

Please also consult the RHEL3 Update 5 advisory RHSA-2005:294 for the
complete list of features added and bugs fixed in U5, which was released
only a week prior to this security update.

4. Solution:

Before applying this update, make sure that all previously released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

126411 - CAN-2004-0491 mlock accounting issue
141394 - Memory corruption with kernel 2.4.21-27.EL
141905 - kernel 2.4.21-25.ELsmp panic (kscand)
142802 - CAN-2005-0176 unlock someone elses ipc memory
149087 - Kernel panic regression in 2.4.21-27.0.2.ELsmp
157451 - CAN-2005-1263 Linux kernel ELF core dump crash vulnerability


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-32.0.1.EL.src.rpm
a3294ea2b31db1bf71ede79779154f38  kernel-2.4.21-32.0.1.EL.src.rpm

i386:
f30e36f4f0ab84d2e769e93829aa2d20  kernel-2.4.21-32.0.1.EL.athlon.rpm
8f7eec82049385001ae13568757a1bfa  kernel-2.4.21-32.0.1.EL.i686.rpm
8a8c57c90c0a9f5c34f967a4e21248f9  kernel-BOOT-2.4.21-32.0.1.EL.i386.rpm
c758821e238e5071adf2882b0bf57753  kernel-doc-2.4.21-32.0.1.EL.i386.rpm
8393b9131dce3de5227d38ab93330a0e  kernel-hugemem-2.4.21-32.0.1.EL.i686.rpm
f4a85b153deaf0e452a8588592838a99  kernel-hugemem-unsupported-2.4.21-32.0.1.EL.i686.rpm
c779afc884615fd6acc4a808db06ac41  kernel-smp-2.4.21-32.0.1.EL.athlon.rpm
074d57f89eae848e55970fb792b760bb  kernel-smp-2.4.21-32.0.1.EL.i686.rpm
616020364fcea7e7096bd62801e79fc4  kernel-smp-unsupported-2.4.21-32.0.1.EL.athlon.rpm
c3334ea418483f996ebeeb162ed70cef  kernel-smp-unsupported-2.4.21-32.0.1.EL.i686.rpm
cddaf98d731e7f56a3de6d99d526368c  kernel-source-2.4.21-32.0.1.EL.i386.rpm
3eda75e78526882c03fd1dc10547aeed  kernel-unsupported-2.4.21-32.0.1.EL.athlon.rpm
b472ffdcda9b6f22464a16065380dfb9  kernel-unsupported-2.4.21-32.0.1.EL.i686.rpm

ia64:
c10a00a0548076ea502106afac33e63a  kernel-2.4.21-32.0.1.EL.ia64.rpm
0ba08af2b5d5f5b1c00250e6d350e793  kernel-doc-2.4.21-32.0.1.EL.ia64.rpm
d275d6c615cb3412e45aa4d78ace1749  kernel-source-2.4.21-32.0.1.EL.ia64.rpm
d678c9224c56f5bc1e83cdaddf90b419  kernel-unsupported-2.4.21-32.0.1.EL.ia64.rpm

ppc:
3285b1097d83b39e8f5bd0c7442a38c7  kernel-2.4.21-32.0.1.EL.ppc64iseries.rpm
aee706eb7afbfb0d104b32414321c0fe  kernel-2.4.21-32.0.1.EL.ppc64pseries.rpm
0df4f27241d864aa97b8c6b65c192754  kernel-doc-2.4.21-32.0.1.EL.ppc64.rpm
94093bba6dd19f9beb125d326e9dea80  kernel-source-2.4.21-32.0.1.EL.ppc64.rpm
dc4619039c6c145024d865b5ede767c5  kernel-unsupported-2.4.21-32.0.1.EL.ppc64iseries.rpm
8e14770d84fa176a9c28ab613fc06d5d  kernel-unsupported-2.4.21-32.0.1.EL.ppc64pseries.rpm

s390:
330adcf820bea66ce0467dfebddff8e7  kernel-2.4.21-32.0.1.EL.s390.rpm
bf35c7665526c46bacdc8cab8794742c  kernel-doc-2.4.21-32.0.1.EL.s390.rpm
2cf9a00e21b35478deb826f039fdb481  kernel-source-2.4.21-32.0.1.EL.s390.rpm
18f80bb172a141ee13489eaf59027b3b  kernel-unsupported-2.4.21-32.0.1.EL.s390.rpm

s390x:
c0e8287dcfec54dab6737d157809d4b6  kernel-2.4.21-32.0.1.EL.s390x.rpm
4ae8efce1828b68781e3e38b8046a219  kernel-doc-2.4.21-32.0.1.EL.s390x.rpm
c7268b452f1688334a2b0c8402b50cd8  kernel-source-2.4.21-32.0.1.EL.s390x.rpm
0634145d1338a4233703ee91f06300e1  kernel-unsupported-2.4.21-32.0.1.EL.s390x.rpm

x86_64:
d532f04df3c0564483d86dd4e1705096  kernel-2.4.21-32.0.1.EL.ia32e.rpm
8a2779b71f5d106f65a45857f0632755  kernel-2.4.21-32.0.1.EL.x86_64.rpm
e5c7ea7acd1a1f66ce323d709ad193e9  kernel-doc-2.4.21-32.0.1.EL.x86_64.rpm
bc742330f75227eb12797af9ff926f47  kernel-smp-2.4.21-32.0.1.EL.x86_64.rpm
c1f5b201f8f558e8630e849f6d51e596  kernel-smp-unsupported-2.4.21-32.0.1.EL.x86_64.rpm
1d6e7647f79c50e46dd536ace43fa781  kernel-source-2.4.21-32.0.1.EL.x86_64.rpm
8520b785bb89fb1d2727e5d3dabd90d1  kernel-unsupported-2.4.21-32.0.1.EL.ia32e.rpm
cf1d9a17cd60efea252f414a537b7feb  kernel-unsupported-2.4.21-32.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-32.0.1.EL.src.rpm
a3294ea2b31db1bf71ede79779154f38  kernel-2.4.21-32.0.1.EL.src.rpm

i386:
f30e36f4f0ab84d2e769e93829aa2d20  kernel-2.4.21-32.0.1.EL.athlon.rpm
8f7eec82049385001ae13568757a1bfa  kernel-2.4.21-32.0.1.EL.i686.rpm
8a8c57c90c0a9f5c34f967a4e21248f9  kernel-BOOT-2.4.21-32.0.1.EL.i386.rpm
c758821e238e5071adf2882b0bf57753  kernel-doc-2.4.21-32.0.1.EL.i386.rpm
8393b9131dce3de5227d38ab93330a0e  kernel-hugemem-2.4.21-32.0.1.EL.i686.rpm
f4a85b153deaf0e452a8588592838a99  kernel-hugemem-unsupported-2.4.21-32.0.1.EL.i686.rpm
c779afc884615fd6acc4a808db06ac41  kernel-smp-2.4.21-32.0.1.EL.athlon.rpm
074d57f89eae848e55970fb792b760bb  kernel-smp-2.4.21-32.0.1.EL.i686.rpm
616020364fcea7e7096bd62801e79fc4  kernel-smp-unsupported-2.4.21-32.0.1.EL.athlon.rpm
c3334ea418483f996ebeeb162ed70cef  kernel-smp-unsupported-2.4.21-32.0.1.EL.i686.rpm
cddaf98d731e7f56a3de6d99d526368c  kernel-source-2.4.21-32.0.1.EL.i386.rpm
3eda75e78526882c03fd1dc10547aeed  kernel-unsupported-2.4.21-32.0.1.EL.athlon.rpm
b472ffdcda9b6f22464a16065380dfb9  kernel-unsupported-2.4.21-32.0.1.EL.i686.rpm

x86_64:
d532f04df3c0564483d86dd4e1705096  kernel-2.4.21-32.0.1.EL.ia32e.rpm
8a2779b71f5d106f65a45857f0632755  kernel-2.4.21-32.0.1.EL.x86_64.rpm
e5c7ea7acd1a1f66ce323d709ad193e9  kernel-doc-2.4.21-32.0.1.EL.x86_64.rpm
bc742330f75227eb12797af9ff926f47  kernel-smp-2.4.21-32.0.1.EL.x86_64.rpm
c1f5b201f8f558e8630e849f6d51e596  kernel-smp-unsupported-2.4.21-32.0.1.EL.x86_64.rpm
1d6e7647f79c50e46dd536ace43fa781  kernel-source-2.4.21-32.0.1.EL.x86_64.rpm
8520b785bb89fb1d2727e5d3dabd90d1  kernel-unsupported-2.4.21-32.0.1.EL.ia32e.rpm
cf1d9a17cd60efea252f414a537b7feb  kernel-unsupported-2.4.21-32.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-32.0.1.EL.src.rpm
a3294ea2b31db1bf71ede79779154f38  kernel-2.4.21-32.0.1.EL.src.rpm

i386:
f30e36f4f0ab84d2e769e93829aa2d20  kernel-2.4.21-32.0.1.EL.athlon.rpm
8f7eec82049385001ae13568757a1bfa  kernel-2.4.21-32.0.1.EL.i686.rpm
8a8c57c90c0a9f5c34f967a4e21248f9  kernel-BOOT-2.4.21-32.0.1.EL.i386.rpm
c758821e238e5071adf2882b0bf57753  kernel-doc-2.4.21-32.0.1.EL.i386.rpm
8393b9131dce3de5227d38ab93330a0e  kernel-hugemem-2.4.21-32.0.1.EL.i686.rpm
f4a85b153deaf0e452a8588592838a99  kernel-hugemem-unsupported-2.4.21-32.0.1.EL.i686.rpm
c779afc884615fd6acc4a808db06ac41  kernel-smp-2.4.21-32.0.1.EL.athlon.rpm
074d57f89eae848e55970fb792b760bb  kernel-smp-2.4.21-32.0.1.EL.i686.rpm
616020364fcea7e7096bd62801e79fc4  kernel-smp-unsupported-2.4.21-32.0.1.EL.athlon.rpm
c3334ea418483f996ebeeb162ed70cef  kernel-smp-unsupported-2.4.21-32.0.1.EL.i686.rpm
cddaf98d731e7f56a3de6d99d526368c  kernel-source-2.4.21-32.0.1.EL.i386.rpm
3eda75e78526882c03fd1dc10547aeed  kernel-unsupported-2.4.21-32.0.1.EL.athlon.rpm
b472ffdcda9b6f22464a16065380dfb9  kernel-unsupported-2.4.21-32.0.1.EL.i686.rpm

ia64:
c10a00a0548076ea502106afac33e63a  kernel-2.4.21-32.0.1.EL.ia64.rpm
0ba08af2b5d5f5b1c00250e6d350e793  kernel-doc-2.4.21-32.0.1.EL.ia64.rpm
d275d6c615cb3412e45aa4d78ace1749  kernel-source-2.4.21-32.0.1.EL.ia64.rpm
d678c9224c56f5bc1e83cdaddf90b419  kernel-unsupported-2.4.21-32.0.1.EL.ia64.rpm

x86_64:
d532f04df3c0564483d86dd4e1705096  kernel-2.4.21-32.0.1.EL.ia32e.rpm
8a2779b71f5d106f65a45857f0632755  kernel-2.4.21-32.0.1.EL.x86_64.rpm
e5c7ea7acd1a1f66ce323d709ad193e9  kernel-doc-2.4.21-32.0.1.EL.x86_64.rpm
bc742330f75227eb12797af9ff926f47  kernel-smp-2.4.21-32.0.1.EL.x86_64.rpm
c1f5b201f8f558e8630e849f6d51e596  kernel-smp-unsupported-2.4.21-32.0.1.EL.x86_64.rpm
1d6e7647f79c50e46dd536ace43fa781  kernel-source-2.4.21-32.0.1.EL.x86_64.rpm
8520b785bb89fb1d2727e5d3dabd90d1  kernel-unsupported-2.4.21-32.0.1.EL.ia32e.rpm
cf1d9a17cd60efea252f414a537b7feb  kernel-unsupported-2.4.21-32.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-32.0.1.EL.src.rpm
a3294ea2b31db1bf71ede79779154f38  kernel-2.4.21-32.0.1.EL.src.rpm

i386:
f30e36f4f0ab84d2e769e93829aa2d20  kernel-2.4.21-32.0.1.EL.athlon.rpm
8f7eec82049385001ae13568757a1bfa  kernel-2.4.21-32.0.1.EL.i686.rpm
8a8c57c90c0a9f5c34f967a4e21248f9  kernel-BOOT-2.4.21-32.0.1.EL.i386.rpm
c758821e238e5071adf2882b0bf57753  kernel-doc-2.4.21-32.0.1.EL.i386.rpm
8393b9131dce3de5227d38ab93330a0e  kernel-hugemem-2.4.21-32.0.1.EL.i686.rpm
f4a85b153deaf0e452a8588592838a99  kernel-hugemem-unsupported-2.4.21-32.0.1.EL.i686.rpm
c779afc884615fd6acc4a808db06ac41  kernel-smp-2.4.21-32.0.1.EL.athlon.rpm
074d57f89eae848e55970fb792b760bb  kernel-smp-2.4.21-32.0.1.EL.i686.rpm
616020364fcea7e7096bd62801e79fc4  kernel-smp-unsupported-2.4.21-32.0.1.EL.athlon.rpm
c3334ea418483f996ebeeb162ed70cef  kernel-smp-unsupported-2.4.21-32.0.1.EL.i686.rpm
cddaf98d731e7f56a3de6d99d526368c  kernel-source-2.4.21-32.0.1.EL.i386.rpm
3eda75e78526882c03fd1dc10547aeed  kernel-unsupported-2.4.21-32.0.1.EL.athlon.rpm
b472ffdcda9b6f22464a16065380dfb9  kernel-unsupported-2.4.21-32.0.1.EL.i686.rpm

ia64:
c10a00a0548076ea502106afac33e63a  kernel-2.4.21-32.0.1.EL.ia64.rpm
0ba08af2b5d5f5b1c00250e6d350e793  kernel-doc-2.4.21-32.0.1.EL.ia64.rpm
d275d6c615cb3412e45aa4d78ace1749  kernel-source-2.4.21-32.0.1.EL.ia64.rpm
d678c9224c56f5bc1e83cdaddf90b419  kernel-unsupported-2.4.21-32.0.1.EL.ia64.rpm

x86_64:
d532f04df3c0564483d86dd4e1705096  kernel-2.4.21-32.0.1.EL.ia32e.rpm
8a2779b71f5d106f65a45857f0632755  kernel-2.4.21-32.0.1.EL.x86_64.rpm
e5c7ea7acd1a1f66ce323d709ad193e9  kernel-doc-2.4.21-32.0.1.EL.x86_64.rpm
bc742330f75227eb12797af9ff926f47  kernel-smp-2.4.21-32.0.1.EL.x86_64.rpm
c1f5b201f8f558e8630e849f6d51e596  kernel-smp-unsupported-2.4.21-32.0.1.EL.x86_64.rpm
1d6e7647f79c50e46dd536ace43fa781  kernel-source-2.4.21-32.0.1.EL.x86_64.rpm
8520b785bb89fb1d2727e5d3dabd90d1  kernel-unsupported-2.4.21-32.0.1.EL.ia32e.rpm
cf1d9a17cd60efea252f414a537b7feb  kernel-unsupported-2.4.21-32.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFClKxCXlSAg2UNWIIRAhroAKC5RHQEpcg1ZdXSk0eYIpL4K1w6oACfSnNV
XqD12d6EUy9q8u4IgHecVgY=
=pp6T
-----END PGP SIGNATURE-----





More information about the Enterprise-watch-list mailing list