Updated 2.4 kernel fixes various vulnerabilities

Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now
available that fix an information leak from several ethernet drivers, and
a file system issue.

The Linux kernel handles the basic functions of the operating system.
Vulnerabilities have been found in version 2.4.18 of the kernel. This
advisory deals with updates to Red Hat Linux 7.1, 7.2, 7.3, and 8.0.

Multiple ethernet Network Interface Card (NIC) device drivers do not pad
frames with null bytes, which allows remote attackers to obtain information
from previous packets or kernel memory by using malformed packets. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0001 to this issue.

A vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and
later that can create a limited information leak where any user on the
system with write privileges to a file system can read information from
that file system (from previously deleted files), and can create minor file
system corruption (easily repaired by fsck). Red Hat Linux in its default
configuration is not affected by this bug, because the ext3 file system
(the default file system in Red Hat Linux 7.2 and later) does not support
the O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18
kernels have this bug. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0018 to this issue.

Users of the ext2 file system can migrate to the ext3 file system
using the tune2fs program as described in the white paper at
http://www.redhat.com/support/wpapers/redhat/ext3/

All users of Red Hat Linux 7.1, 7.2, 7.3, and 8.0 should upgrade
to these errata packages, which contain patches to ethernet drivers to
remove the information leak and a patch to fix O_DIRECT handling.

In addition, the following drivers are upgraded to support newer hardware:
3c59x, e100, e1000, tg3

Before applying this update, make sure all previously released errata
relevant to your system have been applied, especially the additional
packages from RHSA-2002:205 and RHSA-2002:206 respectively.

The procedure for upgrading the kernel manually is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

76159 - Errata kernel 2.4.18-17.8.0 fails PCI resource allocation

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0018
http://www.atstake.com/research/advisories/2003/a010603-1.txt

ethernet, frame, O_DIRECT, padding