Skip to navigation

Security Advisory Updated 2.4 kernel fixes security vulnerabilities and various bugs

Advisory: RHSA-2003:172-27
Type: Security Advisory
Severity: Important
Issued on: 2003-09-05
Last updated on: 2003-05-14
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
CVEs (cve.mitre.org): CVE-2003-0187
CVE-2003-0244
CVE-2003-0246
CVE-2003-0619

Details

Updated kernel packages that fix a remote denial of service vulnerability
in the TCP/IP stack, and a local privilege vulnerability, are now available.

[Updated 28 August 2003]
Added CAN-2003-0187 and CAN-2003-0619 to the list of security issues that
were fixed by this advisory (there are no changes to the packages themselves).

The Linux kernel handles the basic functions of the operating system.

The connection tracking core of Netfilter for Linux 2.4.20, with
CONFIG_IP_NF_CONNTRACK enabled (or the ip_conntrack module loaded), allows
remote attackers to cause a denial of service (resource consumption). This
causes Netfilter to fail to identify connections with an UNCONFIRMED status
and use large timeouts. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0187 to this issue.

A flaw has been found in several hash table implementations in the kernel
networking code. A remote attacker could send packets with carefully
chosen, forged source addresses in such a way as to make every routing
cache entry get hashed into the same hash chain. The result would be that
the kernel would use a disproportionate amount of processor time to deal
with new packets, resulting in a remote denial of service attack. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0244 to this issue.

A flaw has been found in the "ioperm" system call, which fails to properly
restrict privileges. This flaw can allow an unprivileged local user to
gain read and write access to I/O ports on the system. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0246 to this issue.

An integer signedness error in the Linux kernel before 2.4.21 allows remote
attackers to cause a denial of service (kernel panic) via a negative size
value within XDR data of an NFSv3 procedure call. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0619 to this issue.

All users should upgrade to these updated packages, which are not
vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh <package>" and
modify system settings to boot the kernel you have installed. To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader,
edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Linux 7.1
SRPMS:
kernel-2.4.20-13.7.src.rpm
File outdated by:  RHSA-2003:417		     MD5: d1799a2701cd94e64dd7217fd4d1e666
 
IA-32:
kernel-2.4.20-13.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 1ed2234cddcf1a5eb18f8dd9abd2585b
kernel-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 02347832231e93183581c3dbb8e46c4a
kernel-2.4.20-13.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: b5533475a0fd9b383f56945d64dea185
kernel-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 77316b8f05f6fd1e352679f56b9992f6
kernel-BOOT-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 49c156feaa21c6b847813f3a087b5ae3
kernel-bigmem-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 408d19fa437c5e452167f2c8c1f362ce
kernel-doc-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 702f8a04e66fdfd8f41a4319fe604e0a
kernel-smp-2.4.20-13.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 4ec891edbd9340da904fd6a8d1d98043
kernel-smp-2.4.20-13.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 592733320530871511e9c5d636563533
kernel-smp-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 24168061d6bffb12a1fc150eaea6b1b9
kernel-source-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 36437fe4edf013dc89aa9d226f20fd01
 
Red Hat Linux 7.2
SRPMS:
kernel-2.4.20-13.7.src.rpm
File outdated by:  RHSA-2003:417		     MD5: d1799a2701cd94e64dd7217fd4d1e666
 
IA-32:
kernel-2.4.20-13.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 1ed2234cddcf1a5eb18f8dd9abd2585b
kernel-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 02347832231e93183581c3dbb8e46c4a
kernel-2.4.20-13.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: b5533475a0fd9b383f56945d64dea185
kernel-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 77316b8f05f6fd1e352679f56b9992f6
kernel-BOOT-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 49c156feaa21c6b847813f3a087b5ae3
kernel-bigmem-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 408d19fa437c5e452167f2c8c1f362ce
kernel-doc-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 702f8a04e66fdfd8f41a4319fe604e0a
kernel-smp-2.4.20-13.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 4ec891edbd9340da904fd6a8d1d98043
kernel-smp-2.4.20-13.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 592733320530871511e9c5d636563533
kernel-smp-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 24168061d6bffb12a1fc150eaea6b1b9
kernel-source-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 36437fe4edf013dc89aa9d226f20fd01
 
Red Hat Linux 7.3
SRPMS:
kernel-2.4.20-13.7.src.rpm
File outdated by:  RHSA-2003:417		     MD5: d1799a2701cd94e64dd7217fd4d1e666
 
IA-32:
kernel-2.4.20-13.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 1ed2234cddcf1a5eb18f8dd9abd2585b
kernel-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 02347832231e93183581c3dbb8e46c4a
kernel-2.4.20-13.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: b5533475a0fd9b383f56945d64dea185
kernel-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 77316b8f05f6fd1e352679f56b9992f6
kernel-BOOT-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 49c156feaa21c6b847813f3a087b5ae3
kernel-bigmem-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 408d19fa437c5e452167f2c8c1f362ce
kernel-doc-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 702f8a04e66fdfd8f41a4319fe604e0a
kernel-smp-2.4.20-13.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 4ec891edbd9340da904fd6a8d1d98043
kernel-smp-2.4.20-13.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 592733320530871511e9c5d636563533
kernel-smp-2.4.20-13.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 24168061d6bffb12a1fc150eaea6b1b9
kernel-source-2.4.20-13.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 36437fe4edf013dc89aa9d226f20fd01
 
Red Hat Linux 8.0
SRPMS:
kernel-2.4.20-13.8.src.rpm
File outdated by:  RHSA-2003:417		     MD5: 1eac6e546a88e479821b0c64fafd076c
ftp://updates.redhat.com/rhn/repository/NULL/oprofile/0.4-44.8.1/SRPMS/oprofile-0.4-44.8.1.src.rpm
Missing file		     MD5: 5cdd690b2c0b8b275a4d048a95d8bf8b
 
IA-32:
kernel-2.4.20-13.8.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 20f2ec3996100d5c4b5a5cf609cbf96c
kernel-2.4.20-13.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 04a3edfdf82d73de6e58fcf2254b7fd4
kernel-2.4.20-13.8.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: be7d58a03d9a28db072b99c57fe80f0b
kernel-2.4.20-13.8.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 08584687dae702a02c9603fb95f5275c
kernel-BOOT-2.4.20-13.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: cbc978d4e686f0e2f8d4bb91a527ee59
kernel-bigmem-2.4.20-13.8.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: d336ee0403d4d8ffccdbed5fd460693f
kernel-doc-2.4.20-13.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 7061fe2b7d9a9e04d7d799590871d2fc
kernel-smp-2.4.20-13.8.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: bcdbbbe42fee19a74d993c9eb0b5c2e0
kernel-smp-2.4.20-13.8.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 23fb8e7b7c895205314be4abd10b0474
kernel-smp-2.4.20-13.8.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: f4f693c588d9519b26ec912e1e58419b
kernel-source-2.4.20-13.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 96429c0d8185bb1672ed3530877e9e9c
ftp://updates.redhat.com/rhn/repository/NULL/oprofile/0.4-44.8.1/i386/oprofile-0.4-44.8.1.i386.rpm
Missing file		     MD5: 88440b86e921dce49f05b0c1a0344cc9
 
Red Hat Linux 9
SRPMS:
kernel-2.4.20-13.9.src.rpm
File outdated by:  RHSA-2004:166		     MD5: 5a39e35dfea5b4b79c8be444bf49dcc5
 
IA-32:
kernel-2.4.20-13.9.athlon.rpm
File outdated by:  RHSA-2004:166		     MD5: 6b3e0a56fb8977818b0802f64a91dbb3
kernel-2.4.20-13.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: b46c026c49d52da7b9f971f4a8a13908
kernel-2.4.20-13.9.i586.rpm
File outdated by:  RHSA-2004:166		     MD5: c0957a0fe3c04594c9b5489877a7c570
kernel-2.4.20-13.9.i686.rpm
File outdated by:  RHSA-2004:166		     MD5: ac8410ce50e12268cc07e6dfb80a08f0
kernel-BOOT-2.4.20-13.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: 794415512835127e0a7c7a99e56aa986
kernel-bigmem-2.4.20-13.9.i686.rpm
File outdated by:  RHSA-2004:166		     MD5: 21ca6ca4b4d4aada6ce90dbb700145b3
kernel-doc-2.4.20-13.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: 5a1e0fd284dc69896c25f8c31bea6513
kernel-smp-2.4.20-13.9.athlon.rpm
File outdated by:  RHSA-2004:166		     MD5: 0460a0cc4bf91467fc3b26a979a8d658
kernel-smp-2.4.20-13.9.i586.rpm
File outdated by:  RHSA-2004:166		     MD5: 6d9a641dadcc0abce2584f9f92f20552
kernel-smp-2.4.20-13.9.i686.rpm
File outdated by:  RHSA-2004:166		     MD5: bac56b09e64cbe6befa0f134f9c7ab53
kernel-source-2.4.20-13.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: 9367405b84ff5bb55cef17c879cf9ce0
 

Bugs fixed (see bugzilla for more information)

81282 - No pcmcia devices found (HP OmniBook XT6050) after upgrade.
86180 - orinoco_cs periodically drops connection with linksys wpc11v3
88047 - /proc/<pid>/cmdline is empty in RHL8
88550 - Acer 351tev fails loading trident.o module
88847 - Sound card AZT1008 not initialized by ad1848.o
89049 - ALi M5451 doesn't work
89554 - Kernel needs dell inspiron 8500 support
89686 - V.110 doesn't work with HFC_PCI cards.
89732 - Installer hangs when loading aic7xxx module
89743 - usb-uhci Kernel freeze with one-shot interrupt transfers
90276 - Some drivers are missing a copy_from_user() function call


References

https://www.redhat.com/security/data/cve/CVE-2003-0187.html
https://www.redhat.com/security/data/cve/CVE-2003-0244.html
https://www.redhat.com/security/data/cve/CVE-2003-0246.html
https://www.redhat.com/security/data/cve/CVE-2003-0619.html
http://marc.theaimsgroup.com/?l=bk-commits-24&m=105217616607144&w=2
http://bugzilla.kernel.org/show_bug.cgi?id=703

Keywords

dos

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/