Skip to navigation

Security Advisory Updated kernel resolves security vulnerability

Advisory: RHSA-2003:417-08
Type: Security Advisory
Severity: N/A
Issued on: 2004-01-05
Last updated on: 2004-01-05
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
CVEs (cve.mitre.org): CVE-2003-0984
CVE-2003-0985

Details

Updated kernel packages are now available that fix a security
vulnerability which may allow local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux
kernel versions 2.4.23 and previous which may allow a local attacker to
gain root privileges. No exploit is currently available; however, it is
believed that this issue is exploitable (although not trivially.) The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0985 to this issue.

All users are advised to upgrade to these errata packages, which contain a
backported security patch that corrects this issue.

Red Hat would like to thank Paul Starzetz from ISEC for disclosing this
issue as well as Andrea Arcangeli and Solar Designer for working on the patch.

These packages also contain a fix for a minor information leak in the real
time clock (rtc) routines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0984 to this issue.

We have provided kernel updates for Red Hat Linux 7.1-8.0 with this
advisory as these were prepared by us prior to December 31 2003. Please
note that Red Hat Linux 7.1, 7.2, 7.3, and 8.0 have reached their end of
life for errata support and no further errata will be issued for those
distributions.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Linux 7.1

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/SRPMS/kernel-2.4.20-28.7.src.rpm
Missing file
    MD5: 6f37a0c884be50f702665dd418e7d8a5
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/athlon/kernel-2.4.20-28.7.athlon.rpm
Missing file
    MD5: 85dabb948243fcd96fed1946217b3259
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i386/kernel-2.4.20-28.7.i386.rpm
Missing file
    MD5: a4b2cd2ad6acb98c045a0644add55ef8
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i586/kernel-2.4.20-28.7.i586.rpm
Missing file
    MD5: 46325c861ee83b2f679b9f8563f2e441
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i686/kernel-2.4.20-28.7.i686.rpm
Missing file
    MD5: ab86ca21757966e2f49d58438b26253a
ftp://updates.redhat.com/rhn/repository/NULL/kernel-BOOT/2.4.20-28.7/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
Missing file
    MD5: 46cbf5df2050e923343be59c26eb5714
ftp://updates.redhat.com/rhn/repository/NULL/kernel-bigmem/2.4.20-28.7/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
Missing file
    MD5: 78229375349f57c62f0f1837770cc3f0
ftp://updates.redhat.com/rhn/repository/NULL/kernel-doc/2.4.20-28.7/i386/kernel-doc-2.4.20-28.7.i386.rpm
Missing file
    MD5: 9e64a9b15edc09d4a0f75513445f4021
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
Missing file
    MD5: ba80fcbe3237ece886506446413d6330
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/i586/kernel-smp-2.4.20-28.7.i586.rpm
Missing file
    MD5: 51ede5686dc0997c76a14d523e057e67
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/i686/kernel-smp-2.4.20-28.7.i686.rpm
Missing file
    MD5: 4321ad444747e8e3ebf6e7576b08d6db
ftp://updates.redhat.com/rhn/repository/NULL/kernel-source/2.4.20-28.7/i386/kernel-source-2.4.20-28.7.i386.rpm
Missing file
    MD5: dbc9c6aa900467f4182306545d3bed81
 
Red Hat Linux 7.2

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/SRPMS/kernel-2.4.20-28.7.src.rpm
Missing file
    MD5: 6f37a0c884be50f702665dd418e7d8a5
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/athlon/kernel-2.4.20-28.7.athlon.rpm
Missing file
    MD5: 85dabb948243fcd96fed1946217b3259
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i386/kernel-2.4.20-28.7.i386.rpm
Missing file
    MD5: a4b2cd2ad6acb98c045a0644add55ef8
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i586/kernel-2.4.20-28.7.i586.rpm
Missing file
    MD5: 46325c861ee83b2f679b9f8563f2e441
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i686/kernel-2.4.20-28.7.i686.rpm
Missing file
    MD5: ab86ca21757966e2f49d58438b26253a
ftp://updates.redhat.com/rhn/repository/NULL/kernel-BOOT/2.4.20-28.7/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
Missing file
    MD5: 46cbf5df2050e923343be59c26eb5714
ftp://updates.redhat.com/rhn/repository/NULL/kernel-bigmem/2.4.20-28.7/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
Missing file
    MD5: 78229375349f57c62f0f1837770cc3f0
ftp://updates.redhat.com/rhn/repository/NULL/kernel-doc/2.4.20-28.7/i386/kernel-doc-2.4.20-28.7.i386.rpm
Missing file
    MD5: 9e64a9b15edc09d4a0f75513445f4021
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
Missing file
    MD5: ba80fcbe3237ece886506446413d6330
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/i586/kernel-smp-2.4.20-28.7.i586.rpm
Missing file
    MD5: 51ede5686dc0997c76a14d523e057e67
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/i686/kernel-smp-2.4.20-28.7.i686.rpm
Missing file
    MD5: 4321ad444747e8e3ebf6e7576b08d6db
ftp://updates.redhat.com/rhn/repository/NULL/kernel-source/2.4.20-28.7/i386/kernel-source-2.4.20-28.7.i386.rpm
Missing file
    MD5: dbc9c6aa900467f4182306545d3bed81
 
Red Hat Linux 7.3

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/SRPMS/kernel-2.4.20-28.7.src.rpm
Missing file
    MD5: 6f37a0c884be50f702665dd418e7d8a5
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/athlon/kernel-2.4.20-28.7.athlon.rpm
Missing file
    MD5: 85dabb948243fcd96fed1946217b3259
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i386/kernel-2.4.20-28.7.i386.rpm
Missing file
    MD5: a4b2cd2ad6acb98c045a0644add55ef8
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i586/kernel-2.4.20-28.7.i586.rpm
Missing file
    MD5: 46325c861ee83b2f679b9f8563f2e441
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.7/i686/kernel-2.4.20-28.7.i686.rpm
Missing file
    MD5: ab86ca21757966e2f49d58438b26253a
ftp://updates.redhat.com/rhn/repository/NULL/kernel-BOOT/2.4.20-28.7/i386/kernel-BOOT-2.4.20-28.7.i386.rpm
Missing file
    MD5: 46cbf5df2050e923343be59c26eb5714
ftp://updates.redhat.com/rhn/repository/NULL/kernel-bigmem/2.4.20-28.7/i686/kernel-bigmem-2.4.20-28.7.i686.rpm
Missing file
    MD5: 78229375349f57c62f0f1837770cc3f0
ftp://updates.redhat.com/rhn/repository/NULL/kernel-doc/2.4.20-28.7/i386/kernel-doc-2.4.20-28.7.i386.rpm
Missing file
    MD5: 9e64a9b15edc09d4a0f75513445f4021
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/athlon/kernel-smp-2.4.20-28.7.athlon.rpm
Missing file
    MD5: ba80fcbe3237ece886506446413d6330
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/i586/kernel-smp-2.4.20-28.7.i586.rpm
Missing file
    MD5: 51ede5686dc0997c76a14d523e057e67
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.7/i686/kernel-smp-2.4.20-28.7.i686.rpm
Missing file
    MD5: 4321ad444747e8e3ebf6e7576b08d6db
ftp://updates.redhat.com/rhn/repository/NULL/kernel-source/2.4.20-28.7/i386/kernel-source-2.4.20-28.7.i386.rpm
Missing file
    MD5: dbc9c6aa900467f4182306545d3bed81
 
Red Hat Linux 8.0

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.8/SRPMS/kernel-2.4.20-28.8.src.rpm
Missing file
    MD5: 7ff4997770e18fd8dfa94dde6ccd9f05
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.8/athlon/kernel-2.4.20-28.8.athlon.rpm
Missing file
    MD5: 69096d7bf580f241c2774a75d19a4f6b
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.8/i386/kernel-2.4.20-28.8.i386.rpm
Missing file
    MD5: a97ba9aea863b5b49f26259f105e8d8f
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.8/i586/kernel-2.4.20-28.8.i586.rpm
Missing file
    MD5: 90ddcdf7660107c2e297bd2531b4a544
ftp://updates.redhat.com/rhn/repository/NULL/kernel/2.4.20-28.8/i686/kernel-2.4.20-28.8.i686.rpm
Missing file
    MD5: 91ca2b2685cf6c5e0b8d1b9043865bea
ftp://updates.redhat.com/rhn/repository/NULL/kernel-BOOT/2.4.20-28.8/i386/kernel-BOOT-2.4.20-28.8.i386.rpm
Missing file
    MD5: ab4eac1f8c255a9d70808469e46e918c
ftp://updates.redhat.com/rhn/repository/NULL/kernel-bigmem/2.4.20-28.8/i686/kernel-bigmem-2.4.20-28.8.i686.rpm
Missing file
    MD5: 3fecc24946697e5dd0428df38cbb2198
ftp://updates.redhat.com/rhn/repository/NULL/kernel-doc/2.4.20-28.8/i386/kernel-doc-2.4.20-28.8.i386.rpm
Missing file
    MD5: 210eb290286bb696f94e9ebe5399d67e
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.8/athlon/kernel-smp-2.4.20-28.8.athlon.rpm
Missing file
    MD5: 07cc69196376c7cbcad2c4a93aff0be0
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.8/i586/kernel-smp-2.4.20-28.8.i586.rpm
Missing file
    MD5: 25692d7064ab7bc55a17c53ee24e9d3d
ftp://updates.redhat.com/rhn/repository/NULL/kernel-smp/2.4.20-28.8/i686/kernel-smp-2.4.20-28.8.i686.rpm
Missing file
    MD5: 40d954506e1b0ad60c7f150d76872ec5
ftp://updates.redhat.com/rhn/repository/NULL/kernel-source/2.4.20-28.8/i386/kernel-source-2.4.20-28.8.i386.rpm
Missing file
    MD5: 312b7e646dc4825617d3a9b485957c67
 
Red Hat Linux 9

SRPMS:
kernel-2.4.20-28.9.src.rpm
File outdated by:  RHSA-2004:166
    MD5: 5eb1ef7c29f3bd5e3afb9c41d5f688e5
 
IA-32:
kernel-2.4.20-28.9.athlon.rpm
File outdated by:  RHSA-2004:166
    MD5: 954a8afbe2216769a4aaa5b0b597612f
kernel-2.4.20-28.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: a398b7f0a741ab95ab0b66929c48dc95
kernel-2.4.20-28.9.i586.rpm
File outdated by:  RHSA-2004:166
    MD5: 0047dac37b4f888e53b5b304524b795d
kernel-2.4.20-28.9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: 6cdbe7002a6834dc1aa27cc5f47ba5a7
kernel-BOOT-2.4.20-28.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: e394c681c64e22a94ed22dd8a510aad0
kernel-bigmem-2.4.20-28.9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: 3788274eba272ef23704bec4cb19e4af
kernel-doc-2.4.20-28.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: 8355d266e3c354e97099add60ea25331
kernel-smp-2.4.20-28.9.athlon.rpm
File outdated by:  RHSA-2004:166
    MD5: 198dfae0a67d9aa91f367e90e1a264c7
kernel-smp-2.4.20-28.9.i586.rpm
File outdated by:  RHSA-2004:166
    MD5: 08a3391dcb7f5532310ce234d2570bd0
kernel-smp-2.4.20-28.9.i686.rpm
File outdated by:  RHSA-2004:166
    MD5: d9fe2e46b08f596e19a49ae724d2db5a
kernel-source-2.4.20-28.9.i386.rpm
File outdated by:  RHSA-2004:166
    MD5: 12ad6c3ad16ddee2ad6c3ba579005a9d
 

Bugs fixed (see bugzilla for more information)

90338 - (TUX)password incorrectly parsed + patch to fix the problem


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/