Skip to navigation

Security Advisory Updated 2.4 kernel fixes various vulnerabilities

Advisory: RHSA-2003:025-20
Type: Security Advisory
Severity: N/A
Issued on: 2003-02-04
Last updated on: 2003-02-03
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
CVEs (cve.mitre.org): CVE-2003-0001
CVE-2003-0018

Details

Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now
available that fix an information leak from several ethernet drivers, and
a file system issue.

The Linux kernel handles the basic functions of the operating system.
Vulnerabilities have been found in version 2.4.18 of the kernel. This
advisory deals with updates to Red Hat Linux 7.1, 7.2, 7.3, and 8.0.

Multiple ethernet Network Interface Card (NIC) device drivers do not pad
frames with null bytes, which allows remote attackers to obtain information
from previous packets or kernel memory by using malformed packets. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0001 to this issue.

A vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and
later that can create a limited information leak where any user on the
system with write privileges to a file system can read information from
that file system (from previously deleted files), and can create minor file
system corruption (easily repaired by fsck). Red Hat Linux in its default
configuration is not affected by this bug, because the ext3 file system
(the default file system in Red Hat Linux 7.2 and later) does not support
the O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18
kernels have this bug. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0018 to this issue.

Users of the ext2 file system can migrate to the ext3 file system
using the tune2fs program as described in the white paper at
http://www.redhat.com/support/wpapers/redhat/ext3/

All users of Red Hat Linux 7.1, 7.2, 7.3, and 8.0 should upgrade
to these errata packages, which contain patches to ethernet drivers to
remove the information leak and a patch to fix O_DIRECT handling.

In addition, the following drivers are upgraded to support newer hardware:
3c59x, e100, e1000, tg3


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied, especially the additional
packages from RHSA-2002:205 and RHSA-2002:206 respectively.

The procedure for upgrading the kernel manually is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

Updated packages

Red Hat Linux 7.1

SRPMS:
kernel-2.4.18-24.7.x.src.rpm
File outdated by:  RHSA-2003:417
    MD5: 4d0a3a9f1bcdfec8a014c5666a4c4501
 
IA-32:
kernel-2.4.18-24.7.x.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7179efeb266bba7aa633a01267e24e74
kernel-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 63f1217de153ff63217515e1b016da33
kernel-2.4.18-24.7.x.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 0a6684bc40e9f9f06d934dd806e182b3
kernel-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: e0f9b4ae807dd4ee026a026f8233e977
kernel-BOOT-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 03a071c1c7252869382d683b1ceefa9f
kernel-bigmem-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: ef2c961e676946329d5221fda16e2846
kernel-debug-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:098
    MD5: 13e60edc74a4e9ae6efe396acab4eb70
kernel-doc-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 18dd6648f9d77d3d266e584c7c2feca4
kernel-smp-2.4.18-24.7.x.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: fcd9c11db5c7c02bd8ac16c12260c0e6
kernel-smp-2.4.18-24.7.x.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 35e33d5b3746db33bdf747bf4a866e00
kernel-smp-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: c7b78cdeb9e72d94cfa80bbe49303241
kernel-source-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 040aafbd075ad5f4041fa086a8179c80
 
Red Hat Linux 7.2

SRPMS:
kernel-2.4.18-24.7.x.src.rpm
File outdated by:  RHSA-2003:417
    MD5: 4d0a3a9f1bcdfec8a014c5666a4c4501
 
IA-32:
kernel-2.4.18-24.7.x.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7179efeb266bba7aa633a01267e24e74
kernel-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 63f1217de153ff63217515e1b016da33
kernel-2.4.18-24.7.x.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 0a6684bc40e9f9f06d934dd806e182b3
kernel-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: e0f9b4ae807dd4ee026a026f8233e977
kernel-BOOT-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 03a071c1c7252869382d683b1ceefa9f
kernel-bigmem-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: ef2c961e676946329d5221fda16e2846
kernel-debug-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:098
    MD5: 13e60edc74a4e9ae6efe396acab4eb70
kernel-doc-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 18dd6648f9d77d3d266e584c7c2feca4
kernel-smp-2.4.18-24.7.x.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: fcd9c11db5c7c02bd8ac16c12260c0e6
kernel-smp-2.4.18-24.7.x.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 35e33d5b3746db33bdf747bf4a866e00
kernel-smp-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: c7b78cdeb9e72d94cfa80bbe49303241
kernel-source-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 040aafbd075ad5f4041fa086a8179c80
 
Red Hat Linux 7.3

SRPMS:
kernel-2.4.18-24.7.x.src.rpm
File outdated by:  RHSA-2003:417
    MD5: 4d0a3a9f1bcdfec8a014c5666a4c4501
 
IA-32:
kernel-2.4.18-24.7.x.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7179efeb266bba7aa633a01267e24e74
kernel-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 63f1217de153ff63217515e1b016da33
kernel-2.4.18-24.7.x.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 0a6684bc40e9f9f06d934dd806e182b3
kernel-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: e0f9b4ae807dd4ee026a026f8233e977
kernel-BOOT-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 03a071c1c7252869382d683b1ceefa9f
kernel-bigmem-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: ef2c961e676946329d5221fda16e2846
kernel-debug-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:098
    MD5: 13e60edc74a4e9ae6efe396acab4eb70
kernel-doc-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 18dd6648f9d77d3d266e584c7c2feca4
kernel-smp-2.4.18-24.7.x.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: fcd9c11db5c7c02bd8ac16c12260c0e6
kernel-smp-2.4.18-24.7.x.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 35e33d5b3746db33bdf747bf4a866e00
kernel-smp-2.4.18-24.7.x.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: c7b78cdeb9e72d94cfa80bbe49303241
kernel-source-2.4.18-24.7.x.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 040aafbd075ad5f4041fa086a8179c80
 
Red Hat Linux 8.0

SRPMS:
kernel-2.4.18-24.8.0.src.rpm
File outdated by:  RHSA-2003:417
    MD5: 3ab26ebfd1c80ba101b5b86bf5cd6421
 
IA-32:
kernel-2.4.18-24.8.0.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 6e12213933aac18036ecbec4e9d0b0ac
kernel-2.4.18-24.8.0.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 2be552e4025aba02877ca21a0bd64007
kernel-2.4.18-24.8.0.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: d69f50521cb66ce09a9cefde417e8107
kernel-2.4.18-24.8.0.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 5ccc7bd0668a144b91580490ae487744
kernel-BOOT-2.4.18-24.8.0.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 232613b661b5dc806647935bbab16cb0
kernel-bigmem-2.4.18-24.8.0.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 551569c64e64b83c145dc17b08dd505b
kernel-debug-2.4.18-24.8.0.i686.rpm
File outdated by:  RHSA-2003:098
    MD5: 56fafedd2ee58f288327fb56eaafd884
kernel-doc-2.4.18-24.8.0.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: b0dddbebe98c52bdeb737473319008a0
kernel-smp-2.4.18-24.8.0.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 619979740d16881959d5f888aefaf195
kernel-smp-2.4.18-24.8.0.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 91e3b03e57e7df41d1472b45ad151719
kernel-smp-2.4.18-24.8.0.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: b125aab060782242428bdafb05edab93
kernel-source-2.4.18-24.8.0.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 43ffe5e9be347b2da60d83cc03d64923
 

Bugs fixed (see bugzilla for more information)

76159 - Errata kernel 2.4.18-17.8.0 fails PCI resource allocation


References


Keywords

ethernet, frame, O_DIRECT, padding


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/