Security Advisory New kernel 2.2 packages fix local denial of service issue

Advisory: RHSA-2002:264-05
Type: Security Advisory
Severity: N/A
Issued on: 2002-09-23
Last updated on: 2002-11-25
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-1319

Details

The kernel in Red Hat Linux 6.2 and 7 is vulnerable to
a local denial of service attack.

The Linux kernel handles the basic functions of the operating system.
A vulnerability in the Linux kernel has been discovered in which a non-root
user can cause the machine to freeze. This kernel addresses the
vulnerability.

Note: This bug is specific to the x86 architecture kernels only, and does
not affect other architectures.

All users of Red Hat Linux 6.2 and 7 should upgrade to
these errata packages, which are not vulnerable to this issue.

Thanks go to Christopher Devine for reporting the vulnerability on bugtraq,
and Petr Vandrovec for being the first to supply a fix to the community.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

The procedure for upgrading the kernel is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

Updated packages

Red Hat Linux 6.2
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm
Missing file		     8c93dac15cbb3162f4cde7c0c0de5643
 
IA-32:
kernel-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     a9b510b4ffca3e7bf643a46f99ee749f
kernel-2.2.22-6.2.3.i586.rpm
File outdated by:  RHSA-2003:088		     cd23cad52c4cda6b5f07480cdf21ed3b
kernel-2.2.22-6.2.3.i686.rpm
File outdated by:  RHSA-2003:088		     93f87f2b9cfec1fd06529b6a28939d75
kernel-BOOT-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     5c08d5ac6ffebde931cc924914bf4f10
kernel-doc-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     d417601fb70f93e159a10cf5a9e6e21b
kernel-enterprise-2.2.22-6.2.3.i686.rpm
File outdated by:  RHSA-2003:088		     c4fd6d256c39ebc4ea00806b5ab3d56a
kernel-headers-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     436d4c050116d0feb910bd93307797f2
kernel-ibcs-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     9c55348902c8a8f307be174c4602f59d
kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     6d37e0e877ba6c7d812b56ab3019260e
kernel-smp-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     36d0b2a93762e0f4f758bcd93e034312
kernel-smp-2.2.22-6.2.3.i586.rpm
File outdated by:  RHSA-2003:088		     53a7a0043e0d31b144fd61bdaf11e187
kernel-smp-2.2.22-6.2.3.i686.rpm
File outdated by:  RHSA-2003:088		     ff2017bb51f4d19572fde3f451d09dd1
kernel-source-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     d8d77e393802a68aebf80e292522e16b
kernel-utils-2.2.22-6.2.3.i386.rpm
File outdated by:  RHSA-2003:088		     c8d46df81889868d1faff01fca32b284
 
Red Hat Linux 7.0
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm
Missing file		     f82a5596f9b243dec8742963756c11ce
 
IA-32:
kernel-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     ba432d1cde8294af402b86270b496d3b
kernel-2.2.22-7.0.3.i586.rpm
File outdated by:  RHSA-2003:088		     d73578bf7c208e6e11b8f3d71dd5292f
kernel-2.2.22-7.0.3.i686.rpm
File outdated by:  RHSA-2003:088		     b58bd6b9bd450fe76270f2187d740fea
kernel-BOOT-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     63e83e11ea93f22f4640914b14defc64
kernel-doc-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     c11cc524a48dada56206b02f0c8a9425
kernel-enterprise-2.2.22-7.0.3.i686.rpm
File outdated by:  RHSA-2003:088		     ca1fc2c95dd8e63a23507514889b9a8b
kernel-ibcs-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     d5c4579a9db0a2d8e8288b8a539dbfea
kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     cf201e8b3441f9a01799b89a8c748d0e
kernel-smp-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     1fc8a3891a20c03062eb8c369a62bfce
kernel-smp-2.2.22-7.0.3.i586.rpm
File outdated by:  RHSA-2003:088		     a528f8c13f296c12f063227606ffd7ff
kernel-smp-2.2.22-7.0.3.i686.rpm
File outdated by:  RHSA-2003:088		     70d3da3e911ae417338701537044530d
kernel-source-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     554eba6533979171920db4c933e8f0eb
kernel-utils-2.2.22-7.0.3.i386.rpm
File outdated by:  RHSA-2003:088		     3d42a527d8c3193d48e559f86a2ac710
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1319
http://www.kernel.org/pub/linux/kernel/v2.2/ChangeLog-2.2.22

Keywords

bugtraq, DoS

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/