Skip to navigation

Security Advisory Updated 2.4 kernel fixes vulnerabilities and driver bugs

Advisory: RHSA-2003:187-25
Type: Security Advisory
Severity: N/A
Issued on: 2003-05-22
Last updated on: 2003-06-03
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
CVEs (cve.mitre.org): CVE-2003-0247
CVE-2003-0248
CVE-2003-0364

Details

Updated kernel packages are now available that contain fixes for security
vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB
drivers.

The Linux kernel handles the basic functions of the operating system.

Several security issues have been found that affect the Linux kernel:

Al Viro found a security issue in the tty layer whereby any user could
cause a kernel oops. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0247 to this issue.

Andrea Arcangeli found an issue in the low-level mxcsr code in which a
malformed address would leave garbage in cpu state registers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0248 to this issue.

The TCP/IP fragment reassembly handling allows remote attackers to cause
a denial of service (CPU consumption) via packets that cause a large number
of hash table collisions, a vulnerability similar to CAN-2003-0244. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0364 to this issue.

It is recommended that users upgrade to these erratum kernels, which
contain patches to correct these vulnerabilities. In addition, these
kernels fix a number of bugs:

Driver bugs fixes are included for the Silicon Image IDE driver, the USB
ohci driver, the Audigy driver, and the driver for the Olympus Camedia
digital camera.

A fix written by Andrew Morton is included to address a system stall caused
by file I/O in rare cases.

An updated fix corrects some bugs in the ptrace security fix for Red Hat
Linux 7.1, 7.2, 7.3, and 8.0. Note that these bugs were functionality
limitations, not additional security vulnerabilities.

Updated fixes for the ioperm security issue are also included.

A potential data corruption scenario has been identified. This
scenario can occur under heavy, complex I/O loads. The scenario
only occurs while performing memory mapped file I/O, where the
file is simultaneously unlinked and the corresponding file blocks
reallocated. Furthermore, the memory mapped writes must be to a
partial page at the end of a file on an ext3 file system. As such,
Red Hat considers this an unlikely scenario.

Red Hat Linux kernel erratum RHSA-2003:172 exposed a bug in the quota
packages for Red Hat Linux 7.1, 7.2 and 7.3; a fixed quota package is also
included in this erratum.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh <package>" and
modify system settings to boot the kernel you have installed. To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader,
edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Linux 7.1

SRPMS:
kernel-2.4.20-18.7.src.rpm
File outdated by:  RHSA-2003:417
    MD5: c82f56812527104e74c697824af1ac73
ftp://updates.redhat.com/rhn/repository/NULL/quota/3.06-9.71/SRPMS/quota-3.06-9.71.src.rpm
Missing file
    MD5: 2846936e75a817d3780da62451c09c56
 
IA-32:
kernel-2.4.20-18.7.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7681a5d0f9498bf6b26ee90a45269aff
kernel-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 0d84746b58a0440c9b13a5428c38367e
kernel-2.4.20-18.7.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 040d0ceb9752d2be91136ea600400388
kernel-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: f074b41ecede502a15306ebf3afdd5a4
kernel-BOOT-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 87f59bb0acb3d7a6475830a17c16eaa2
kernel-bigmem-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: f6acd4f21af98ae692ca0ca53ef590f2
kernel-doc-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 356bb8fd1f5ac3ca2af8aa51e6fd2051
kernel-smp-2.4.20-18.7.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 6a267cab0213dbc7df5218b83c74e809
kernel-smp-2.4.20-18.7.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: a68072f1a88c16cc1fe18ecb0a30d4d1
kernel-smp-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 39fc8a07d3dd636629da6775b69ee063
kernel-source-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: a94c4a9e7e17ef5624e9be24d0359af3
ftp://updates.redhat.com/rhn/repository/NULL/quota/3.06-9.71/i386/quota-3.06-9.71.i386.rpm
Missing file
    MD5: 2a2c696d179b30acb490508ee57518e5
 
Red Hat Linux 7.2

SRPMS:
kernel-2.4.20-18.7.src.rpm
File outdated by:  RHSA-2003:417
    MD5: c82f56812527104e74c697824af1ac73
 
IA-32:
kernel-2.4.20-18.7.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7681a5d0f9498bf6b26ee90a45269aff
kernel-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 0d84746b58a0440c9b13a5428c38367e
kernel-2.4.20-18.7.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 040d0ceb9752d2be91136ea600400388
kernel-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: f074b41ecede502a15306ebf3afdd5a4
kernel-BOOT-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 87f59bb0acb3d7a6475830a17c16eaa2
kernel-bigmem-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: f6acd4f21af98ae692ca0ca53ef590f2
kernel-doc-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 356bb8fd1f5ac3ca2af8aa51e6fd2051
kernel-smp-2.4.20-18.7.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 6a267cab0213dbc7df5218b83c74e809
kernel-smp-2.4.20-18.7.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: a68072f1a88c16cc1fe18ecb0a30d4d1
kernel-smp-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 39fc8a07d3dd636629da6775b69ee063
kernel-source-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: a94c4a9e7e17ef5624e9be24d0359af3
ftp://updates.redhat.com/rhn/repository/NULL/quota/3.06-9.7/i386/quota-3.06-9.7.i386.rpm
Missing file
    MD5: a20126b952697b5ea5ba614b5fc2dbc3
 
Red Hat Linux 7.3

SRPMS:
kernel-2.4.20-18.7.src.rpm
File outdated by:  RHSA-2003:417
    MD5: c82f56812527104e74c697824af1ac73
 
IA-32:
kernel-2.4.20-18.7.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7681a5d0f9498bf6b26ee90a45269aff
kernel-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 0d84746b58a0440c9b13a5428c38367e
kernel-2.4.20-18.7.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 040d0ceb9752d2be91136ea600400388
kernel-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: f074b41ecede502a15306ebf3afdd5a4
kernel-BOOT-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 87f59bb0acb3d7a6475830a17c16eaa2
kernel-bigmem-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: f6acd4f21af98ae692ca0ca53ef590f2
kernel-doc-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 356bb8fd1f5ac3ca2af8aa51e6fd2051
kernel-smp-2.4.20-18.7.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 6a267cab0213dbc7df5218b83c74e809
kernel-smp-2.4.20-18.7.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: a68072f1a88c16cc1fe18ecb0a30d4d1
kernel-smp-2.4.20-18.7.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 39fc8a07d3dd636629da6775b69ee063
kernel-source-2.4.20-18.7.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: a94c4a9e7e17ef5624e9be24d0359af3
ftp://updates.redhat.com/rhn/repository/NULL/quota/3.06-9.7/i386/quota-3.06-9.7.i386.rpm
Missing file
    MD5: a20126b952697b5ea5ba614b5fc2dbc3
 
Red Hat Linux 8.0

SRPMS:
kernel-2.4.20-18.8.src.rpm
File outdated by:  RHSA-2003:417
    MD5: 2a683e3a5fdd1c256f569575db838c56
 
IA-32:
kernel-2.4.20-18.8.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: d28682bcca89100d2b1f1e7d541ad374
kernel-2.4.20-18.8.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 782adf3197f3fea6597d604f5f094ec7
kernel-2.4.20-18.8.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 0ac54f19c74a9011a0aacd54c33cf2cf
kernel-2.4.20-18.8.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 47692793117cdfa9fafdd430569a3739
kernel-BOOT-2.4.20-18.8.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 29dac8f60ee2a1a4006f9359ed3c6017
kernel-bigmem-2.4.20-18.8.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: 3018e4d29d255cfe8c8f32a4aaed044c
kernel-doc-2.4.20-18.8.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: d8c695a172e6230402876a8924210b08
kernel-smp-2.4.20-18.8.athlon.rpm
File outdated by:  RHSA-2003:417
    MD5: 7d2f1d08d3d6599e6a5946521a278986
kernel-smp-2.4.20-18.8.i586.rpm
File outdated by:  RHSA-2003:417
    MD5: 6e190b9b2754bd37874d99602b00a6a7
kernel-smp-2.4.20-18.8.i686.rpm
File outdated by:  RHSA-2003:417
    MD5: e06aac3bfaafbc2c167dc8281ae9379b
kernel-source-2.4.20-18.8.i386.rpm
File outdated by:  RHSA-2003:417
    MD5: 8ee44c17fa3cd00441378675e47fba02
 
Red Hat Linux 9

SRPMS:
kernel-2.4.20-18.9.src.rpm
File outdated by:  RHSA-2004:166
    MD5: 1fa4951227acbf5eafe81a1b24b38997
 
IA-32:
kernel-2.4.20-18.9.athlon.rpm
File outdated by:  RHSA-2004:166
    MD5: 059647419aa13dae133a5903f42a5e98
kernel-2.4.20-18.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: 353f255cee3a920303d36cdd8fd0b576
kernel-2.4.20-18.9.i586.rpm
File outdated by:  RHSA-2004:166
    MD5: a03ecef3fc7be61fd5bac7dec7c6e8f8
kernel-2.4.20-18.9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: 3a25931ea51efc6f79d672bb1243f166
kernel-BOOT-2.4.20-18.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: ab6dc3aef544abd4dbb211a556969f6b
kernel-bigmem-2.4.20-18.9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: dc36d66e123ab19fa5a83064b8cb9aa9
kernel-doc-2.4.20-18.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: 9e0efa8c2bc28306c426eec4b4bbd538
kernel-smp-2.4.20-18.9.athlon.rpm
File outdated by:  RHSA-2004:166
    MD5: 49f0696aac0f1ce33b6f5f3192f272e8
kernel-smp-2.4.20-18.9.i586.rpm
File outdated by:  RHSA-2004:166
    MD5: 8d8224a7476ca2cea4715bdd11501d36
kernel-smp-2.4.20-18.9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: 1687b82fd84c28bdd321edd5e7a48cac
kernel-source-2.4.20-18.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: f47a7e87a44f4f8b1c810cecea6e14bf
 

Bugs fixed (see bugzilla for more information)

72604 - USB patch to allow Olympus digital cameras to work
90890 - kernel-2.4.20-13.9 breaks Soundcard, Mozilla, ETH0
90920 - pcmcia init script no longer works with 2.4.20-13.7
90922 - Bad: PCMCIA unrecognized after upgrade to kernel 2.4.20-13.7
90936 - New kernel errata removes /lib/modules/`uname -r`/pcmcia symlinks which breaks this package
90939 - Quotas problem with new kernel 2.4.20-13.7
90979 - SoundBlaster Audigy Oops with 2.4.20-13.8 kernel
90982 - audigy oops in rhl8.0 kernel errata
90985 - quotas fail with kernel-2.4.20-13.7
91099 - line 84 config.in in /linux-2.4.20-13.9/drivers/net/wan is incorrect
91112 - Kernel upgrade 2.4.20-13.7 kills pcmcia
91248 - pcmcia subsystem startup failes to load pcmcia modules
91432 - quota-3.03-1 doesn't initialize after applying the latest kernel update, that is 2.4.20-13.7
91489 - Faulty SB Audigy drivers in kernel 2.4.20-13.9?
91561 - kernel 2.4.20-13.7 drops pcmcia support on Toshiba 8100 laptop
91580 - no pcmcia found
91585 - ioperm security fix is flawed, still uses uninitialized memory
91650 - jfs without debug


References


Keywords

DoS


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/