Red Hat 9042 Published by

An updated kernel package has been released for Red Hat Enterprise Linux 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: RHSA-2004:549-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-549.html
Issue date: 2004-12-02
Updated on: 2004-12-02
Product: Red Hat Enterprise Linux
Keywords: taroon kernel security errata AF_UNIX
Obsoletes: RHBA-2004:433
CVE Names: CAN-2004-0136 CAN-2004-0619 CAN-2004-0685 CAN-2004-0812 CAN-2004-0883 CAN-2004-0949 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073
----------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64



3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues:

A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use thse flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CAN-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function in the Broadcom 5820 cryptonet driver. On systems using this driver, a local user could cause a denial of service (crash) or possibly gain elevated privileges. (CAN-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to 2.4.25 which could be triggered by a malformed binary. On architectures other than x86, a local user could create a malicious binary which could cause a denial of service (crash). (CAN-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

127258 - CAN-2004-0619 Broadcom 5820 integer overflow
127915 - CAN-2004-0136 Verify interpreter arch
127918 - CAN-2004-0685 usb sparse fixes in 2.4
133003 - CAN-2004-0812 User application with "out" instruction can crash the system
134720 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949)
134874 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)
134981 - CAN-2004-0136 Program crashes the kernel
140710 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1 kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60 kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955 kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175 kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82 kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63 kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528 kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22 kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671 kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224 kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517 kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9 kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5 kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

ppc64:
677ab689167f78686f91b88f36aa70a3 kernel-doc-2.4.21-20.0.1.EL.ppc64.rpm
2b0078cf957293819e11232b8d090b55 kernel-source-2.4.21-20.0.1.EL.ppc64.rpm

ppc64iseries:
b22a72441fa3b7ca93101e41f4bee003 kernel-2.4.21-20.0.1.EL.ppc64iseries.rpm
e8a2dd6770e48537a4606f5cb413a82e kernel-unsupported-2.4.21-20.0.1.EL.ppc64iseries.rpm

ppc64pseries:
2f5724e8b26f64ac1a3b401a8ce4e55a kernel-2.4.21-20.0.1.EL.ppc64pseries.rpm
ba54755ba36b7176270d807468232af7 kernel-unsupported-2.4.21-20.0.1.EL.ppc64pseries.rpm

s390:
2c69b4903f00b833dc6343fecb1cbc21 kernel-2.4.21-20.0.1.EL.s390.rpm
229cdd30ce01ff95e5c12660598631b3 kernel-doc-2.4.21-20.0.1.EL.s390.rpm
de76d738799e18613ff9d791e56453e9 kernel-source-2.4.21-20.0.1.EL.s390.rpm
4b75ed72fff3f4a4a6a0f05e23bdaeeb kernel-unsupported-2.4.21-20.0.1.EL.s390.rpm

s390x:
e46dc77dc92833dea60ba5a03bf462f1 kernel-2.4.21-20.0.1.EL.s390x.rpm
d8ed930629a1292ac52eeb1a9bbd067f kernel-doc-2.4.21-20.0.1.EL.s390x.rpm
585d443c6dd03e4ef290b637f5e7238c kernel-source-2.4.21-20.0.1.EL.s390x.rpm
e1050dc296ba58c1b174fdf5ceb53be1 kernel-unsupported-2.4.21-20.0.1.EL.s390x.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92 kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054 kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32 kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0 kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2 kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48 kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1 kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60 kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955 kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175 kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82 kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63 kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528 kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22 kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671 kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224 kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92 kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054 kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32 kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0 kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2 kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48 kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1 kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60 kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955 kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175 kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82 kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63 kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528 kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22 kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671 kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224 kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517 kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9 kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5 kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92 kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054 kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32 kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0 kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2 kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48 kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1 kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60 kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955 kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175 kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82 kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63 kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528 kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22 kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671 kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224 kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517 kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9 kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5 kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92 kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054 kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32 kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0 kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2 kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48 kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.