Skip to navigation

Security Advisory kernel security update

Advisory: RHSA-2004:105-13
Type: Security Advisory
Severity: Moderate
Issued on: 2004-04-21
Last updated on: 2004-04-21
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
CVEs (cve.mitre.org): CVE-2004-0109

Details

Updated kernel packages that fix a security vulnerability which may allow
local users to gain root privileges are now available.

The Linux kernel handles the basic functions of the operating
system.

This kernel updates several drivers and fixes a number of bugs, including a
potential security vulnerability.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code.
An attacker could create a malicious filesystem in such a way that root
privileges may be obtained if the filesystem is mounted. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0109 to this issue.

The following drivers were updated:

LSI megaraid2 v2.10.1.1
IBM Serveraid v. 6.11.07
MPT Fusion v.2.05.11.03

All users are advised to upgrade to these errata packages, which contain
a backported security patch that corrects this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
kernel-2.4.9-e.40.src.rpm
File outdated by:  RHSA-2009:0001
    MD5: f66df0375d216b86e07fb71763ff9899
 
IA-32:
kernel-2.4.9-e.40.athlon.rpm
File outdated by:  RHSA-2009:0001
    MD5: 452507f7e9ac8079c19e0640b74ae3d1
kernel-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: e7673832f7763e14138c6bc3519cd981
kernel-BOOT-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 8e7674dd40856fdd9e7d3dd6d57dad5c
kernel-debug-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 4d5225bfb895029bb69f50cbcb87af31
kernel-doc-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 9aa43e91e82c97bb7c18081cf7037018
kernel-enterprise-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 3e38c77ad44b39326d21acddc8c74410
kernel-headers-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 7b862da2e3947c6791012e058d517f2d
kernel-smp-2.4.9-e.40.athlon.rpm
File outdated by:  RHSA-2009:0001
    MD5: 70fe436720e2bb799598fc74d6623d7f
kernel-smp-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 4bbbdb628c4e0efb74c14b97f841a81f
kernel-source-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: ad3bc6f5c81d6213f5eec5bc9b82cb86
kernel-summit-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: a1116040cc09a8e9204d1fe6e44b91e4
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
kernel-2.4.9-e.40.src.rpm
File outdated by:  RHSA-2009:0001
    MD5: f66df0375d216b86e07fb71763ff9899
 
IA-32:
kernel-2.4.9-e.40.athlon.rpm
File outdated by:  RHSA-2009:0001
    MD5: 452507f7e9ac8079c19e0640b74ae3d1
kernel-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: e7673832f7763e14138c6bc3519cd981
kernel-BOOT-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 8e7674dd40856fdd9e7d3dd6d57dad5c
kernel-debug-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 4d5225bfb895029bb69f50cbcb87af31
kernel-doc-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 9aa43e91e82c97bb7c18081cf7037018
kernel-headers-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 7b862da2e3947c6791012e058d517f2d
kernel-smp-2.4.9-e.40.athlon.rpm
File outdated by:  RHSA-2009:0001
    MD5: 70fe436720e2bb799598fc74d6623d7f
kernel-smp-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 4bbbdb628c4e0efb74c14b97f841a81f
kernel-source-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: ad3bc6f5c81d6213f5eec5bc9b82cb86
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
kernel-2.4.9-e.40.src.rpm
File outdated by:  RHSA-2009:0001
    MD5: f66df0375d216b86e07fb71763ff9899
 
IA-32:
kernel-2.4.9-e.40.athlon.rpm
File outdated by:  RHSA-2009:0001
    MD5: 452507f7e9ac8079c19e0640b74ae3d1
kernel-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: e7673832f7763e14138c6bc3519cd981
kernel-BOOT-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 8e7674dd40856fdd9e7d3dd6d57dad5c
kernel-debug-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 4d5225bfb895029bb69f50cbcb87af31
kernel-doc-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 9aa43e91e82c97bb7c18081cf7037018
kernel-enterprise-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 3e38c77ad44b39326d21acddc8c74410
kernel-headers-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: 7b862da2e3947c6791012e058d517f2d
kernel-smp-2.4.9-e.40.athlon.rpm
File outdated by:  RHSA-2009:0001
    MD5: 70fe436720e2bb799598fc74d6623d7f
kernel-smp-2.4.9-e.40.i686.rpm
File outdated by:  RHSA-2009:0001
    MD5: 4bbbdb628c4e0efb74c14b97f841a81f
kernel-source-2.4.9-e.40.i386.rpm
File outdated by:  RHSA-2009:0001
    MD5: ad3bc6f5c81d6213f5eec5bc9b82cb86
 

Bugs fixed (see bugzilla for more information)

101365 - Additions to drivers/scsi/scsi_scan.c
101738 - mprotect areas not cleaned up
102692 - Crash with bigpages and ssh shared mem usage
106448 - GRUB failing to install on recent HP DL servers with cciss RAID controllers
111250 - tg3 driver fails to autonegotiate correctly
111342 - get_parition_list can loose disks
111672 - RHEL 2.1 U4 - Need latest Adaptec ServeRAID fix for IA64 for IBM only.
111680 - fix /proc/$PID/cmdline issue
112006 - [PATCH] BUG() from __remove_inode_page
112021 - {PATCH] cciss driver change: SCSI prefetch
112057 - RHEL 3 U2: update megaraid2 to version 2.10.x
112108 - I/O mem bug fix
112130 - RHEL 2.1 U4: update cciss driver
112177 - blkdev_varyio is exported as a GPL only on RHEL 2.1 U4
112722 - ethtool crashes with segmentation fault for tg3 driver
113738 - [PATCH] updated megaraid2 driver (2.10.1)
113900 - RHEL 2.1 U4: Update mptfusion (LSI U320) driver to 2.05.10 or newest.
114053 - [PATCH] file append not working when nfs mounted with nfs_uncached_io
115061 - [PATCH] rhel 2.1 will need to pick up the cyclone-lpj-fix
118496 - updates to scsi_scan.c in RH EL 2.1 Update 4
119303 - oops when using the ipt_redirect module
120029 - CAN-2004-0109 kernel iso9660 buffer overflow
70607 - Oops in get_filesystem_info due to lack of locking
77839 - Assert failure in transaction.c:1224: "!jh->b_committed_data
90209 - only 2 processors of 4 seen on SE7505VB2


References


Keywords

kernel, update


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/