Security Advisory Updated 2.4 kernel available

Advisory: RHSA-2002:007-17
Type: Security Advisory
Severity: N/A
Issued on: 2002-01-09
Last updated on: 2002-02-05
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-0046
CVE-2002-0047

Details

A security vunlerability in the Linux CIPE (VPN tunnel) implementation has
been fixed.

Larry McVoy has discovered a problem in the CIPE (VPN tunnel)
implementation, where a malformed packet could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-0047 to this issue.

Andrew Griffiths has discovered a vulnerability that allows remote machines
to read random memory using a bug in the Linux ICMP implementation.
However, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after
version 2.2.18 have this bug fixed. All Red Hat Linux 2.4 kernels have this
fix are not vulnerable to this bug.

It is recommended that users running older 2.2 kernels on Red Hat Linux 6.2
or 7 upgrade to the latest available errata kernel, which includes a fix
for this problem. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0046 to this issue.

A patch for recent 2.4 kernels is circulating to fix the bug in the Linux
ICMP implementation. Red Hat, Inc. recommends not using this patch since it
actually breaks the kernel ICMP implementation and since Red Hat Linux 2.4
kernels are not vulnerable to the bug.

In addition to the CIPE security fix, several other bugs were fixed, and
some drivers were updated:

* For Red Hat Linux 7.1: DRM/DRI (3D support) for the XFree86 erratum
RHEA-2002:010
* New aacraid driver rewritten by Alan Cox
* New DAC960 driver
* Additional Qlogic 2200 driver
* LM_Sensors driver upgrade


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied. Red Hat Linux 7.1 users should
update the packages in the XFree86 Erratum (RHEA-2002:010).

The procedure for upgrading the kernel is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

Updated packages

Red Hat Linux 7.1
SRPMS:
kernel-2.4.9-21.src.rpm
File outdated by:  RHSA-2003:098		     c98c533651ad7ddf1953291c6b86e24d
modutils-2.4.10-1.src.rpm
File outdated by:  RHSA-2002:205		     bce506e9913f952f74ecb1cc4f5e0d14
ftp://updates.redhat.com/7.1/en/os/SRPMS/tux-2.2.0-1.src.rpm
Missing file		     0fc99d749b73ce672ce314097fa75680
 
Alpha:
kernel-2.4.9-21.alpha.rpm
File outdated by:  RHSA-2002:205		     e968e639383c1c6ac5f81cac4ef23282
kernel-BOOT-2.4.9-21.alpha.rpm
File outdated by:  RHSA-2002:205		     963d4f2f6b7aba6a872cddef8ea98a0a
kernel-doc-2.4.9-21.alpha.rpm
File outdated by:  RHSA-2002:205		     56cdcbcdfb7986b8925320e5c6147894
kernel-headers-2.4.9-21.alpha.rpm
File outdated by:  RHSA-2002:028		     76e4da4321e4fc73bf71cad185d7c74c
kernel-smp-2.4.9-21.alpha.rpm
File outdated by:  RHSA-2002:205		     23e236f018b86d66c7d6a0e703d8741b
kernel-source-2.4.9-21.alpha.rpm
File outdated by:  RHSA-2002:205		     b0b96c30d406279778e17f2425564182
modutils-2.4.10-1.alpha.rpm
File outdated by:  RHSA-2002:205		     34b7a78b5a0f91f8b476448532c6ca01
ftp://updates.redhat.com/7.1/en/os/alpha/tux-2.2.0-1.alpha.rpm
Missing file		     be01c0f774210275c54158b30ce241a5
 
IA-32:
kernel-2.4.9-21.athlon.rpm
File outdated by:  RHSA-2003:417		     3ca1396e73f1d5f105fdc70577c1ad5b
kernel-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     071131740198219c636b8927f8f88457
kernel-2.4.9-21.i586.rpm
File outdated by:  RHSA-2003:417		     243e4c5fa57a8002046bf24de2e1ffd2
kernel-2.4.9-21.i686.rpm
File outdated by:  RHSA-2003:417		     deb1513ff79d1d40dde059cf1e3142db
kernel-BOOT-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     36d81ca909ec13711442a7ced06c5954
kernel-debug-2.4.9-21.i686.rpm
File outdated by:  RHSA-2003:098		     9b0033255956ed2be1c6878dfd84c472
kernel-doc-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     13389781e18047d555a0e65ae0e1e53b
kernel-enterprise-2.4.9-21.i686.rpm
File outdated by:  RHBA-2002:104		     2881b02642d6244d36fe7baaa4954c45
kernel-headers-2.4.9-21.i386.rpm
File outdated by:  RHBA-2002:104		     6e02167e35be2a1234419dc04d285c8d
kernel-smp-2.4.9-21.athlon.rpm
File outdated by:  RHSA-2003:417		     98c26aa144875e66ad7a24d715fffc3c
kernel-smp-2.4.9-21.i586.rpm
File outdated by:  RHSA-2003:417		     2510b6f2059f2790d9528cdd63e92f95
kernel-smp-2.4.9-21.i686.rpm
File outdated by:  RHSA-2003:417		     eaaac60d828e3954c6f2018cc7dfb2d6
kernel-source-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     b1d7f572f45b208f1c9dc4983bf51cc7
modutils-2.4.10-1.i386.rpm
File outdated by:  RHSA-2002:205		     62512921c8a9704642ace9972f2bcb32
ftp://updates.redhat.com/7.1/en/os/i386/tux-2.2.0-1.i386.rpm
Missing file		     b071d20ef0474a1e4ca5ec65b333796f
 
IA-64:
kernel-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2002:205		     d4b7d97af57ead842eb82c2b81e8c395
kernel-doc-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2002:205		     be80ab57387b969df0b046893a991735
kernel-headers-2.4.9-21.ia64.rpm
File outdated by:  RHBA-2002:104		     55a98e22cb5ac68e1f35a971206ef30c
kernel-smp-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2002:205		     4724141890684670cf7d636eedecda3f
kernel-source-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2002:205		     3931d07ace606c7772f0aa68f1a7026c
modutils-2.4.10-1.ia64.rpm
File outdated by:  RHSA-2002:205		     747b4ec0ea09f49b2cd1f1bea75f2b26
ftp://updates.redhat.com/7.1/en/os/ia64/tux-2.2.0-1.ia64.rpm
Missing file		     0115dc46812b1aa8404b753815f18186
 
Red Hat Linux 7.2
SRPMS:
kernel-2.4.9-21.src.rpm
File outdated by:  RHSA-2003:098		     c98c533651ad7ddf1953291c6b86e24d
modutils-2.4.10-1.src.rpm
File outdated by:  RHSA-2002:205		     bce506e9913f952f74ecb1cc4f5e0d14
ftp://updates.redhat.com/7.2/en/os/SRPMS/tux-2.2.0-1.src.rpm
Missing file		     0fc99d749b73ce672ce314097fa75680
 
IA-32:
kernel-2.4.9-21.athlon.rpm
File outdated by:  RHSA-2003:417		     3ca1396e73f1d5f105fdc70577c1ad5b
kernel-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     071131740198219c636b8927f8f88457
kernel-2.4.9-21.i586.rpm
File outdated by:  RHSA-2003:417		     243e4c5fa57a8002046bf24de2e1ffd2
kernel-2.4.9-21.i686.rpm
File outdated by:  RHSA-2003:417		     deb1513ff79d1d40dde059cf1e3142db
kernel-BOOT-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     36d81ca909ec13711442a7ced06c5954
kernel-debug-2.4.9-21.i686.rpm
File outdated by:  RHSA-2003:098		     9b0033255956ed2be1c6878dfd84c472
kernel-doc-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     13389781e18047d555a0e65ae0e1e53b
kernel-enterprise-2.4.9-21.i686.rpm
File outdated by:  RHBA-2002:104		     2881b02642d6244d36fe7baaa4954c45
kernel-headers-2.4.9-21.i386.rpm
File outdated by:  RHBA-2002:104		     6e02167e35be2a1234419dc04d285c8d
kernel-smp-2.4.9-21.athlon.rpm
File outdated by:  RHSA-2003:417		     98c26aa144875e66ad7a24d715fffc3c
kernel-smp-2.4.9-21.i586.rpm
File outdated by:  RHSA-2003:417		     2510b6f2059f2790d9528cdd63e92f95
kernel-smp-2.4.9-21.i686.rpm
File outdated by:  RHSA-2003:417		     eaaac60d828e3954c6f2018cc7dfb2d6
kernel-source-2.4.9-21.i386.rpm
File outdated by:  RHSA-2003:417		     b1d7f572f45b208f1c9dc4983bf51cc7
modutils-2.4.10-1.i386.rpm
File outdated by:  RHSA-2002:205		     62512921c8a9704642ace9972f2bcb32
ftp://updates.redhat.com/7.2/en/os/i386/tux-2.2.0-1.i386.rpm
Missing file		     b071d20ef0474a1e4ca5ec65b333796f
 
IA-64:
kernel-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2003:098		     d4b7d97af57ead842eb82c2b81e8c395
kernel-doc-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2003:098		     be80ab57387b969df0b046893a991735
kernel-headers-2.4.9-21.ia64.rpm
File outdated by:  RHBA-2002:104		     55a98e22cb5ac68e1f35a971206ef30c
kernel-smp-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2003:098		     4724141890684670cf7d636eedecda3f
kernel-source-2.4.9-21.ia64.rpm
File outdated by:  RHSA-2003:098		     3931d07ace606c7772f0aa68f1a7026c
ftp://updates.redhat.com/7.2/en/os/ia64/tux-2.2.0-1.ia64.rpm
Missing file		     0115dc46812b1aa8404b753815f18186
 

Bugs fixed (see bugzilla for more information)

54855 - i810 audio problem after up2date4d kernel 2.4.9-6
55476 - Kernel 2.4.9-7 crashes Dell PE2500 with aacraid on startup
55605 - kernel 2.4.9-7 constantly outputs messages to syslog about clock timer


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0047
http://www.securityfocus.com/archive/1/251418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047

Keywords

cipe, icmp

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/