Skip to navigation

Security Advisory Updated 2.4 kernel fixes USB storage

Advisory: RHSA-2003:135-09
Type: Security Advisory
Severity: N/A
Issued on: 2003-04-08
Last updated on: 2003-04-08
Affected Products: Red Hat Linux 9
CVEs (cve.mitre.org): CVE-2003-0127

Details

Updated kernel packages for Red Hat Linux 9 are now available.
The kernel package version 2.4.20-6 has a security hole in ptrace.
Using USB CD-ROMs on some ServerWorks systems can hang older versions
of the kernel.

The Linux kernel handles the basic functions of the operating system.

A vulnerability in ptrace handling has been found in version 2.4.20-6
of the kernel. This vulnerability makes it possible for local users to
gain elevated (root) privileges without authorization. This vulnerability
is fixed in kernel-2.4.20-8 and kernel-2.4.20-9.

Please note this vulnerability only affects Red Hat Linux 9 boxed sets
manufactured for distribution within the United States. The part numbers,
which can be found on the bottom flap of the box, are RHF0120US and
RHF0121US. Copies of Red Hat Linux 9 obtained through other means (such as
from Red Hat Network, FTP, or international boxed sets) already contain
kernel-2.4.20-8 and are therefore not vulnerable to this issue.

An NPTL support defect in the kernel causes bind not to restart on
uniprocessor systems; this bug has been fixed in kernel-2.4.20-9.

USB mass storage devices (in particular, USB CD-ROMs) and the ohci driver
sometimes causes system hangs; this defect has been fixed.

Additionally, support for the tg3, e100, and e1000 drivers has been added.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh <package>" and
modify system settings to boot the kernel you have installed. To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader,
edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Linux 9

SRPMS:
kernel-2.4.20-9.src.rpm
File outdated by:  RHSA-2004:166
    MD5: 907a4a6ccd687be8cdb4c38b66d10e67
 
IA-32:
kernel-2.4.20-9.athlon.rpm
File outdated by:  RHSA-2004:166
    MD5: 3cf6f66ef44bd670cacf4768b20f503c
kernel-2.4.20-9.i586.rpm
File outdated by:  RHSA-2004:166
    MD5: 7aed26e3c4393f433255e3aa4d0bb409
kernel-2.4.20-9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: c78a4bb56e6acf96375ebb4a646f6826
kernel-BOOT-2.4.20-9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: 18d0088eae5b5f2daf2f3a955f0812e3
kernel-bigmem-2.4.20-9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: 0b9ce410c8a3e7639b8a2e82a53abf0e
kernel-doc-2.4.20-9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: b987cbd4bbec07a65ca882e8276f7d96
kernel-smp-2.4.20-9.athlon.rpm
File outdated by:  RHSA-2004:166
    MD5: 984d637b03b999ec8d09d778acc06c04
kernel-smp-2.4.20-9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: 3ad01acbf3504ef601518e0489d5ce3f
kernel-source-2.4.20-9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: 153b636ac64f7f52e62f1fba47b0ccf7
 

References


Keywords

bind, cdrom, netdump, ptrace, storage, usb


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/