[34006] in bugtraq
[FLSA-2004:1284] Updated kernel resolves security vulnerabilities
daemon@ATHENA.MIT.EDU (Jesse Keating)
Tue Mar 2 14:19:57 2004
From: Jesse Keating <jkeating@j2solutions.net>
To: fedora-legacy-announce@redhat.com
Date: Tue, 2 Mar 2004 10:57:16 -0800
Cc: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pgp-signature";
micalg=pgp-sha1;
boundary="Boundary-02=_QkNRArhR0rRuNlX";
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <200403021057.20696.jkeating@j2solutions.net>
--Boundary-02=_QkNRArhR0rRuNlX
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
=2D----------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated kernel resolves security vulnerabilities
Advisory ID: FLSA:1284
Issue date: 2004-03-02
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=3D1284
CVE Names: CAN-2004-0077, CAN-2004-0075, CAN-2004-0010,=20
CAN-2004-0003
=2D----------------------------------------------------------------------
=2D--------------------------------------------------------------------
1. Topic:
Updated kernel packages that fix security vulnerabilities which may=20
allow local users to gain root privileges are now available. These=20
packages also resolve other minor issues.
2. Relevent releases/architectures:
Red Hat Linux 7.2 - i386, i586, i686, athlon
Red Hat Linux 7.3 - i386, i586, i686, athlon
Red Hat Linux 8.0 - i386, i586, i686, athlon
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
Paul Starzetz discovered a flaw in return value checking in mremap() in=20
the Linux kernel versions 2.4.24 and previous that may allow a local=20
attacker to gain root privileges. No exploit is currently available;=20
however this issue is exploitable. The Common Vulnerabilities and=20
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0077=20
to this issue.
The Vicam USB driver in kernel versions prior to 2.4.25 does not use the=20
copy_from_user function to access userspace, which crosses security=20
boundaries. The Common Vulnerabilities and Exposures project=20
(cve.mitre.org) has assigned the name CAN-2004-0075 to this issue.
Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could
allow local privilege escalation. ncpfs is only used to allow a system=20
to mount volumes of NetWare servers or print to NetWare printers. The=20
Common Vulnerabilities and Exposures project (cve.mitre.org) has=20
assigned the name CAN-2004-0010 to this issue.
Alan Cox found issues in the R128 Direct Render Infrastructure that=20
could allow local privilege escalation. The Common Vulnerabilities and=20
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003=20
to this issue.
All users are advised to upgrade to these errata packages, which contain
backported security patches that correct these issues.
=46edora Legacy would like to thank Paul Starzetz from ISEC for reporting=20
the issue CAN-2004-0077, and Dominic Hargreaves for providing=20
backported rpms for all issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which=20
are not installed but included in the list will not be updated. Note=20
that you can also use wildcards (*.rpm) if your current directory=20
*only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the=20
appropriate RPMs being upgraded on your system. This assumes that you=20
have yum or apt-get configured for obtaining Fedora Legacy content.=20
Please visit http://www.fedoralegacy.org/download for directions on how=20
to configure yum and apt-get.
5. Bug IDs fixed:
http://bugzilla.fedora.us - 1284 - KERNEL: r128 dri AND do_mremap VMA=20
limit local privilege escalation vulnerability
6. RPMs required:
Red Hat Linux 7.2:
SRPM:
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/kernel-2.4.20-30.=
7.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-BOOT-2.4.20=
=2D30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-doc-2.4.20-=
30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-source-2.4.=
20-30.7.legacy.i386.rpm
i568:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i586.rpm
i686:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-bigmem-2.4.=
20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i686.rpm
athlon:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.athlon.rpm
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-30.=
7.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20=
=2D30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-=
30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.=
20-30.7.legacy.i386.rpm
i568:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i586.rpm
i686:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.=
20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i686.rpm
athlon:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.athlon.rpm
Red Hat Linux 8.0:
SRPM:
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/kernel-2.4.20-30.=
8.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-BOOT-2.4.20=
=2D30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-doc-2.4.20-=
30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-source-2.4.=
20-30.8.legacy.i386.rpm
i568:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.i586.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-=
30.8.legacy.i586.rpm
i686:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.i686.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-bigmem-2.4.=
20-30.8.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-=
30.8.legacy.i686.rpm
athlon:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.athlon.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-=
30.8.legacy.athlon.rpm
7. Verification:
SHA1 sum Package Name
=2D------------------------------------------------------------------------=
=2D-
4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 =20
7.2/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4 =20
7.2/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358 =20
7.2/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599 =20
7.2/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd =20
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f =20
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77 =20
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322 =20
7.2/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm
4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 =20
7.3/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4 =20
7.3/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358 =20
7.3/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599 =20
7.3/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd =20
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f =20
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77 =20
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322 =20
7.3/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm
8eea381f80412a9421d25b1466d084cbbf5e1cee =20
8.0/updates/SRPMS/kernel-2.4.20-30.8.legacy.src.rpm
77ee4d29f593a4746e70a6ac55f9791d3183803e =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.athlon.rpm
b1ba3b73d03294d4b31756eb6086bfffd4ef9958 =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i386.rpm
cd49df62f704ed4e11be197fdae0920de1e1c584 =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i586.rpm
467c2613862985f16e07db103d7d88ab914ea73c =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i686.rpm
63e243113b85a57ccaaaf0bcdf1468d7f8290001 =20
8.0/updates/i386/kernel-BOOT-2.4.20-30.8.legacy.i386.rpm
ea960ffbacd83cdb2b0ae78e612da5099121f77c =20
8.0/updates/i386/kernel-bigmem-2.4.20-30.8.legacy.i686.rpm
842cea04dad3976173afb6609c19615eff88aa8a =20
8.0/updates/i386/kernel-doc-2.4.20-30.8.legacy.i386.rpm
e07e04ffef20d0f3fd66cd8cc46d7f2d7d1c2af0 =20
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.athlon.rpm
a2a81a0ebe3e7433e339881bd1ba6177f75599c8 =20
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i586.rpm
8625244b0dca1a71fe9b74769f6376af9495b333 =20
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i686.rpm
4f6b05bc2296a0b37bc9528fd0e36d4e8f69ff67 =20
8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0077
https://rhn.redhat.com/errata/RHSA-2004-065.html
https://bugzilla.fedora.us/show_bug.cgi?id=3D1284
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
10. Special Notes:
If you use lilo, you will have to edit your lilo.conf file and shorten=20
the label of this kernel. The label is too long for lilo, but not for=20
grub.
=2D--------------------------------------------------------------------
=2D-
Jesse Keating RHCE (http://geek.j2solutions.net)
=46edora Legacy Team (http://www.fedoralegacy.org)
--Boundary-02=_QkNRArhR0rRuNlX
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQBARNkQ4v2HLvE71NURAhaqAJ42xouxNwANrFrG/awWDSxUoV2SKACfXh1i
UrkZEyuRnazEuOzGptx1OeU=
=G0/r
-----END PGP SIGNATURE-----
--Boundary-02=_QkNRArhR0rRuNlX--
