Skip to navigation

Security Advisory Updated 2.4 kernel fixes vulnerabilities

Advisory: RHSA-2003:238-16
Type: Security Advisory
Severity: N/A
Issued on: 2003-07-21
Last updated on: 2003-07-21
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
CVEs (cve.mitre.org): CVE-2003-0461
CVE-2003-0462
CVE-2003-0464
CVE-2003-0476
CVE-2003-0501
CVE-2003-0550
CVE-2003-0551
CVE-2003-0552
CVE-2003-0699
CVE-2003-0700

Details

Updated kernel packages are now available fixing several security
vulnerabilities.

[Updated 28 August 2003]
Added CAN-2003-0699 and CAN-2003-0700 to the list of security issues that
are fixed by this advisory (there are no changes to the packages themselves).

The Linux kernel handles the basic functions of the operating system.

Several security issues have been discovered affecting the Linux kernel:

CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts
for serial links. This could be used by a local attacker to infer password
lengths and inter-keystroke timings during password entry.

CAN-2003-0462: Paul Starzetz discovered a file read race condition existing
in the execve() system call, which could cause a local crash.

CAN-2003-0464: A recent change in the RPC code set the reuse flag on
newly-created sockets. Olaf Kirch noticed that his could allow normal
users to bind to UDP ports used for services such as nfsd.

CAN-2003-0476: The execve system call in Linux 2.4.x records the file
descriptor of the executable process in the file table of the calling
process, allowing local users to gain read access to restricted file
descriptors.

CAN-2003-0501: The /proc filesystem in Linux allows local users to obtain
sensitive information by opening various entries in /proc/self before
executing a setuid program. This causes the program to fail to change the
ownership and permissions of already opened entries.

CAN-2003-0550: The STP protocol is known to have no security, which could
allow attackers to alter the bridge topology. STP is now turned off by
default.

CAN-2003-0551: STP input processing was lax in its length checking, which
could lead to a denial of service.

CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could
be spoofed by sending forged packets with bogus source addresses the same
as the local host.

CAN-2003-0699: The C-Media PCI sound driver in kernel versions prior to
2.4.21 does not use the get_user function to access userspace, which
crosses security boundaries and may facilitate the exploitation of
vulnerabilities.

CAN-2003-0700: The C-Media PCI sound driver in kernel versions prior to
2.4.22 accesses userspace without using the get_user function, which is a
potential security hole (NOTE: this issue is distinct from that described
in CAN-2003-0699).

All users are advised to upgrade to these errata packages, which contain
backported security patches correcting these vulnerabilities.


Important:

If you use Red Hat Linux 7.1, you must have installed quota-3.06-9.71 from
RHSA-2003-187, and if you use Red Hat Linux 7.2 or 7.3, you must have
installed quota-3.06-9.7 from RHSA-2003-187.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh <package>" and
modify system settings to boot the kernel you have installed. To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader,
edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Linux 7.1
SRPMS:
kernel-2.4.20-19.7.src.rpm
File outdated by:  RHSA-2003:417		     MD5: 698d00bb8d014e20e717b554aa582bf5
 
IA-32:
kernel-2.4.20-19.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 41a8c2599df485a6299bcde0a25ae284
kernel-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 41e4f2992c6beaf0a4d3fdbb631c5e9d
kernel-2.4.20-19.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 7e6672a3758853a9fe482dd1840b570c
kernel-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: a7a968d159074b0d7d9bf570e0d4453b
kernel-BOOT-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 64894543c12748599d6abb945d0c03c9
kernel-bigmem-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 50e7098370f3184b9f8170883a63af4c
kernel-doc-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 02634a9fdecc9a9b8c028187b9c0dccc
kernel-smp-2.4.20-19.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: dc872a77835fc0fd81d54905ba979183
kernel-smp-2.4.20-19.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: a17f6e2e1ec4cd10fa34377092bfb075
kernel-smp-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 5e28ba6b0d2e8562f572de0b0724eeb7
kernel-source-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 537f69c51f85b04130082d06a6497946
 
Red Hat Linux 7.2
SRPMS:
kernel-2.4.20-19.7.src.rpm
File outdated by:  RHSA-2003:417		     MD5: 698d00bb8d014e20e717b554aa582bf5
 
IA-32:
kernel-2.4.20-19.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 41a8c2599df485a6299bcde0a25ae284
kernel-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 41e4f2992c6beaf0a4d3fdbb631c5e9d
kernel-2.4.20-19.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 7e6672a3758853a9fe482dd1840b570c
kernel-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: a7a968d159074b0d7d9bf570e0d4453b
kernel-BOOT-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 64894543c12748599d6abb945d0c03c9
kernel-bigmem-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 50e7098370f3184b9f8170883a63af4c
kernel-doc-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 02634a9fdecc9a9b8c028187b9c0dccc
kernel-smp-2.4.20-19.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: dc872a77835fc0fd81d54905ba979183
kernel-smp-2.4.20-19.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: a17f6e2e1ec4cd10fa34377092bfb075
kernel-smp-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 5e28ba6b0d2e8562f572de0b0724eeb7
kernel-source-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 537f69c51f85b04130082d06a6497946
 
Red Hat Linux 7.3
SRPMS:
kernel-2.4.20-19.7.src.rpm
File outdated by:  RHSA-2003:417		     MD5: 698d00bb8d014e20e717b554aa582bf5
 
IA-32:
kernel-2.4.20-19.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 41a8c2599df485a6299bcde0a25ae284
kernel-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 41e4f2992c6beaf0a4d3fdbb631c5e9d
kernel-2.4.20-19.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 7e6672a3758853a9fe482dd1840b570c
kernel-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: a7a968d159074b0d7d9bf570e0d4453b
kernel-BOOT-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 64894543c12748599d6abb945d0c03c9
kernel-bigmem-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 50e7098370f3184b9f8170883a63af4c
kernel-doc-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 02634a9fdecc9a9b8c028187b9c0dccc
kernel-smp-2.4.20-19.7.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: dc872a77835fc0fd81d54905ba979183
kernel-smp-2.4.20-19.7.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: a17f6e2e1ec4cd10fa34377092bfb075
kernel-smp-2.4.20-19.7.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 5e28ba6b0d2e8562f572de0b0724eeb7
kernel-source-2.4.20-19.7.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 537f69c51f85b04130082d06a6497946
 
Red Hat Linux 8.0
IA-32:
kernel-2.4.20-19.8.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 8fc7f90b8e8d557c41d6cf2547952c1d
kernel-2.4.20-19.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: fbfff1b36f17e26e6a1ce479ef49e365
kernel-2.4.20-19.8.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: 8cc317a6f56dbdc0c1464a7e96ee37b8
kernel-2.4.20-19.8.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 9f0d0622b37dc199e8cb79acfc426d74
kernel-BOOT-2.4.20-19.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: 4d8350dd66be36060bf0551f36a9eb6f
kernel-bigmem-2.4.20-19.8.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: f91b6e385290e82075c2b321247f8ada
kernel-doc-2.4.20-19.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: af87de700f6b2568e6b7d5ed4ef75df1
kernel-smp-2.4.20-19.8.athlon.rpm
File outdated by:  RHSA-2003:417		     MD5: 52b18ab6ae28422e518642517644da35
kernel-smp-2.4.20-19.8.i586.rpm
File outdated by:  RHSA-2003:417		     MD5: a552754aad9099019c18cdc8d5cb1f41
kernel-smp-2.4.20-19.8.i686.rpm
File outdated by:  RHSA-2003:417		     MD5: 9856cb68f2f32410ae5ffc7a9789bccb
kernel-source-2.4.20-19.8.i386.rpm
File outdated by:  RHSA-2003:417		     MD5: b5e079c96b00226951564afcc2d4d5af
 
Red Hat Linux 9
IA-32:
kernel-2.4.20-19.9.athlon.rpm
File outdated by:  RHSA-2004:166		     MD5: 2e1ecff32d8c91126f96032576afbe7b
kernel-2.4.20-19.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: 030ed2ec0324b58a1e80e8c7ee54effe
kernel-2.4.20-19.9.i586.rpm
File outdated by:  RHSA-2004:166		     MD5: bd471aa92a83aa40c6fc4ee06e5f2f0e
kernel-2.4.20-19.9.i686.rpm
File outdated by:  RHSA-2004:166		     MD5: e940c18ed58ca525ba0545be23ce43b4
kernel-BOOT-2.4.20-19.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: f97f319353b32eeb2f96a0311135c856
kernel-bigmem-2.4.20-19.9.i686.rpm
File outdated by:  RHSA-2004:166		     MD5: b2216f3ac6697ca319ed8547a1edb320
kernel-doc-2.4.20-19.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: d31fe42a6b1269362dd70ee361bdc94d
kernel-smp-2.4.20-19.9.athlon.rpm
File outdated by:  RHSA-2004:166		     MD5: a22c6fc30dc64d1394361f93890fc23e
kernel-smp-2.4.20-19.9.i586.rpm
File outdated by:  RHSA-2004:166		     MD5: cafec48037739216070833def01a3832
kernel-smp-2.4.20-19.9.i686.rpm
File outdated by:  RHSA-2004:166		     MD5: bb8b49b539bf16b8bce329d80dfafaca
kernel-source-2.4.20-19.9.i386.rpm
File outdated by:  RHSA-2004:166		     MD5: 0daf50da25ade8cce42e7445dfe0d24c
 

References

https://www.redhat.com/security/data/cve/CVE-2003-0461.html
https://www.redhat.com/security/data/cve/CVE-2003-0462.html
https://www.redhat.com/security/data/cve/CVE-2003-0464.html
https://www.redhat.com/security/data/cve/CVE-2003-0476.html
https://www.redhat.com/security/data/cve/CVE-2003-0501.html
https://www.redhat.com/security/data/cve/CVE-2003-0550.html
https://www.redhat.com/security/data/cve/CVE-2003-0551.html
https://www.redhat.com/security/data/cve/CVE-2003-0552.html
https://www.redhat.com/security/data/cve/CVE-2003-0699.html
https://www.redhat.com/security/data/cve/CVE-2003-0700.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/