Red Hat 9038 Published by

An updated kernel package is available for Red Hat Enterprise Linux 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: RHSA-2005:043-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-043.html
Issue date: 2005-01-18
Updated on: 2005-01-18
Product: Red Hat Enterprise Linux
Keywords: taroon kernel security errata
Obsoletes: RHSA-2004:689
CVE Names: CAN-2004-1235 CAN-2004-1237 CAN-2005-0003
----------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64



3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1235 to this issue.

A flaw was discovered where an executable could cause a VMA overlap leading to a crash. A local user could trigger this flaw by creating a carefully crafted a.out binary on 32-bit systems or a carefully crafted ELF binary on Itanium systems. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0003 to this issue.

iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0001 to this issue. A patch that coincidentally fixed this issue was committed to the Update 4 kernel release in December 2004. Therefore Red Hat Enterprise Linux 3 kernels provided by RHBA-2004:550 and subsequent updates are not vulnerable to this issue.

A flaw in the system call filtering code in the audit subsystem included in Red Hat Enterprise Linux 3 allowed a local user to cause a crash when auditing was enabled. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1237 to this issue.

Olaf Kirch discovered that the recent security fixes for cmsg_len handling (CAN-2004-1016) broke 32-bit compatibility on 64-bit platforms such as AMD64 and Intel EM64T. A patch to correct this issue is included.

A recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included.

Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

132245 - CAN-2004-1237 Kernel panic when stopping Lotus Domino 6.52
141996 - CAN-2004-1237 instant kernel panic from one line perl program - BAD
142091 - CAN-2004-1237 kernel oops captured, system hangs
142442 - CAN-2004-1237 kernel panic ( __audit_get_target)
143866 - CAN-2004-1237 kernel panic caused by auditd
144029 - LTC13264-Kernel errata from Dec 23 results in a DB2 shutdown.
144048 - CAN-2004-1237 kernel panic when Oracle agentctl is run
144134 - CAN-2004-1235 isec.pl uselib() privilege escalation
144784 - CAN-2005-0003 huge vma-in-executable bug

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467 kernel-2.4.21-27.0.2.EL.ia64.rpm
5d11a56a9e01f16c1280e91f38783387 kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8 kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

ppc64:
ba9f26ba2b62b45c3b095ad27e788b36 kernel-doc-2.4.21-27.0.2.EL.ppc64.rpm
4adf67ea243913ece424045c696fe88d kernel-source-2.4.21-27.0.2.EL.ppc64.rpm

ppc64iseries:
32860054d812bd958f7dd7067fd8d062 kernel-2.4.21-27.0.2.EL.ppc64iseries.rpm
b806c052dfdec4fd298b041ea6ae1ddd kernel-unsupported-2.4.21-27.0.2.EL.ppc64iseries.rpm

ppc64pseries:
78e15c97f0bd6775837a5d17667a0b0d kernel-2.4.21-27.0.2.EL.ppc64pseries.rpm
a1d9e58411aa72bac10782701579d9f4 kernel-unsupported-2.4.21-27.0.2.EL.ppc64pseries.rpm

s390:
965050540cc98a2d020bf96fec166a9b kernel-2.4.21-27.0.2.EL.s390.rpm
dc258fbe8dfcdbe9991d83d5b9a2eaa6 kernel-doc-2.4.21-27.0.2.EL.s390.rpm
879eea09a534959b7566d826b7f6178f kernel-source-2.4.21-27.0.2.EL.s390.rpm
867a209a3c7d0321ac7a730bb76f66b7 kernel-unsupported-2.4.21-27.0.2.EL.s390.rpm

s390x:
2f4704180201df5c9f4601d6388a2f1d kernel-2.4.21-27.0.2.EL.s390x.rpm
e94480cab994b4578f36d5b52cbe8a18 kernel-doc-2.4.21-27.0.2.EL.s390x.rpm
82702da6b0a1f02ee75e35530d8cfa41 kernel-source-2.4.21-27.0.2.EL.s390x.rpm
b7d12fcf166bdc9918d14be2b9d7edae kernel-unsupported-2.4.21-27.0.2.EL.s390x.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467 kernel-2.4.21-27.0.2.EL.ia64.rpm
5d11a56a9e01f16c1280e91f38783387 kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8 kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467 kernel-2.4.21-27.0.2.EL.ia64.rpm
5d11a56a9e01f16c1280e91f38783387 kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8 kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://marc.theaimsgroup.com/?m=109503896031720
http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.