[RHSA-2003:172-00] Updated 2.4 kernel fixes security vulnerabilities and various bugs From: bugzilla@redhat.com To: redhat-watch-list@redhat.com, redhat-announce-list@redhat.com Date: Wednesday 20.51.00 --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated 2.4 kernel fixes security vulnerabilities and various bugs Advisory ID: RHSA-2003:172-00 Issue date: 2003-05-14 Updated on: 2003-05-14 Product: Red Hat Linux Keywords: dos Cross references: RHSA-2003-098 RHBA-2003-135 Obsoletes: RHSA-2003-098 RHBA-2003-135 CVE Names: CAN-2003-0244 CAN-2003-0246 --------------------------------------------------------------------- 1. Topic: Updated kernel packages that fix a remote denial of service vulnerability in the TCP/IP stack, and a local privilege vulnerability, are now available. 2. Relevant releases/architectures: Red Hat Linux 7.1 - athlon, i386, i586, i686 Red Hat Linux 7.2 - athlon, i386, i586, i686 Red Hat Linux 7.3 - athlon, i386, i586, i686 Red Hat Linux 8.0 - athlon, i386, i586, i686 Red Hat Linux 9 - athlon, i386, i586, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw has been found in several hash table implementations in the kernel networking code. A remote attacker could send packets with carefully chosen, forged source addresses in such a way as to make every routing cache entry get hashed into the same hash chain. The result would be that the kernel would use a disproportionate amount of processor time to deal with new packets, resulting in a remote denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0244 to this issue. A flaw has been found in the "ioperm" system call, which fails to properly restrict privileges. This flaw can allow an unprivileged local user to gain read and write access to I/O ports on the system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0246 to this issue. All users should upgrade to these updated packages, which are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To use Red Hat Network to upgrade the kernel, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly if you are using the default configuration of up2date. To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo) Do not use "rpm -Uvh" as that will remove your running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 89743 - usb-uhci Kernel freeze with one-shot interrupt transfers 81282 - No pcmcia devices found (HP OmniBook XT6050) after upgrade. 89686 - V.110 doesn't work with HFC_PCI cards. 89049 - ALi M5451 doesn't work 89732 - Installer hangs when loading aic7xxx module 89554 - Kernel needs dell inspiron 8500 support 88847 - Sound card AZT1008 not initialized by ad1848.o 86180 - orinoco_cs periodically drops connection with linksys wpc11v3 88550 - Acer 351tev fails loading trident.o module 88047 - /proc/<pid>/cmdline is empty 90276 - Some drivers are missing a copy_from_user() function call 6. RPMs required: Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm athlon: ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm i586: ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm i686: ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm athlon: ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm i586: ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm i686: ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm athlon: ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm i586: ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm i686: ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm Red Hat Linux 8.0: SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm ftp://updates.redhat.com/8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm athlon: ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-13.8.athlon.rpm ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-13.8.athlon.rpm i386: ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-13.8.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-13.8.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-13.8.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-13.8.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/oprofile-0.4-44.8.1.i386.rpm i586: ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-13.8.i586.rpm ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-13.8.i586.rpm i686: ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-13.8.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-13.8.i686.rpm ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-13.8.i686.rpm Red Hat Linux 9: SRPMS: ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-13.9.src.rpm athlon: ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-13.9.athlon.rpm ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-13.9.athlon.rpm i386: ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-13.9.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-13.9.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-13.9.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-13.9.i386.rpm i586: ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-13.9.i586.rpm ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-13.9.i586.rpm i686: ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-13.9.i686.rpm ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-13.9.i686.rpm ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-13.9.i686.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- d1799a2701cd94e64dd7217fd4d1e666 7.1/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm 1ed2234cddcf1a5eb18f8dd9abd2585b 7.1/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm 4ec891edbd9340da904fd6a8d1d98043 7.1/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm 02347832231e93183581c3dbb8e46c4a 7.1/en/os/i386/kernel-2.4.20-13.7.i386.rpm 49c156feaa21c6b847813f3a087b5ae3 7.1/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm 702f8a04e66fdfd8f41a4319fe604e0a 7.1/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm 36437fe4edf013dc89aa9d226f20fd01 7.1/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm b5533475a0fd9b383f56945d64dea185 7.1/en/os/i586/kernel-2.4.20-13.7.i586.rpm 592733320530871511e9c5d636563533 7.1/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm 77316b8f05f6fd1e352679f56b9992f6 7.1/en/os/i686/kernel-2.4.20-13.7.i686.rpm 408d19fa437c5e452167f2c8c1f362ce 7.1/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm 24168061d6bffb12a1fc150eaea6b1b9 7.1/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm d1799a2701cd94e64dd7217fd4d1e666 7.2/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm 1ed2234cddcf1a5eb18f8dd9abd2585b 7.2/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm 4ec891edbd9340da904fd6a8d1d98043 7.2/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm 02347832231e93183581c3dbb8e46c4a 7.2/en/os/i386/kernel-2.4.20-13.7.i386.rpm 49c156feaa21c6b847813f3a087b5ae3 7.2/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm 702f8a04e66fdfd8f41a4319fe604e0a 7.2/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm 36437fe4edf013dc89aa9d226f20fd01 7.2/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm b5533475a0fd9b383f56945d64dea185 7.2/en/os/i586/kernel-2.4.20-13.7.i586.rpm 592733320530871511e9c5d636563533 7.2/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm 77316b8f05f6fd1e352679f56b9992f6 7.2/en/os/i686/kernel-2.4.20-13.7.i686.rpm 408d19fa437c5e452167f2c8c1f362ce 7.2/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm 24168061d6bffb12a1fc150eaea6b1b9 7.2/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm d1799a2701cd94e64dd7217fd4d1e666 7.3/en/os/SRPMS/kernel-2.4.20-13.7.src.rpm 1ed2234cddcf1a5eb18f8dd9abd2585b 7.3/en/os/athlon/kernel-2.4.20-13.7.athlon.rpm 4ec891edbd9340da904fd6a8d1d98043 7.3/en/os/athlon/kernel-smp-2.4.20-13.7.athlon.rpm 02347832231e93183581c3dbb8e46c4a 7.3/en/os/i386/kernel-2.4.20-13.7.i386.rpm 49c156feaa21c6b847813f3a087b5ae3 7.3/en/os/i386/kernel-BOOT-2.4.20-13.7.i386.rpm 702f8a04e66fdfd8f41a4319fe604e0a 7.3/en/os/i386/kernel-doc-2.4.20-13.7.i386.rpm 36437fe4edf013dc89aa9d226f20fd01 7.3/en/os/i386/kernel-source-2.4.20-13.7.i386.rpm b5533475a0fd9b383f56945d64dea185 7.3/en/os/i586/kernel-2.4.20-13.7.i586.rpm 592733320530871511e9c5d636563533 7.3/en/os/i586/kernel-smp-2.4.20-13.7.i586.rpm 77316b8f05f6fd1e352679f56b9992f6 7.3/en/os/i686/kernel-2.4.20-13.7.i686.rpm 408d19fa437c5e452167f2c8c1f362ce 7.3/en/os/i686/kernel-bigmem-2.4.20-13.7.i686.rpm 24168061d6bffb12a1fc150eaea6b1b9 7.3/en/os/i686/kernel-smp-2.4.20-13.7.i686.rpm 1eac6e546a88e479821b0c64fafd076c 8.0/en/os/SRPMS/kernel-2.4.20-13.8.src.rpm 5cdd690b2c0b8b275a4d048a95d8bf8b 8.0/en/os/SRPMS/oprofile-0.4-44.8.1.src.rpm 20f2ec3996100d5c4b5a5cf609cbf96c 8.0/en/os/athlon/kernel-2.4.20-13.8.athlon.rpm bcdbbbe42fee19a74d993c9eb0b5c2e0 8.0/en/os/athlon/kernel-smp-2.4.20-13.8.athlon.rpm 04a3edfdf82d73de6e58fcf2254b7fd4 8.0/en/os/i386/kernel-2.4.20-13.8.i386.rpm cbc978d4e686f0e2f8d4bb91a527ee59 8.0/en/os/i386/kernel-BOOT-2.4.20-13.8.i386.rpm 7061fe2b7d9a9e04d7d799590871d2fc 8.0/en/os/i386/kernel-doc-2.4.20-13.8.i386.rpm 96429c0d8185bb1672ed3530877e9e9c 8.0/en/os/i386/kernel-source-2.4.20-13.8.i386.rpm 88440b86e921dce49f05b0c1a0344cc9 8.0/en/os/i386/oprofile-0.4-44.8.1.i386.rpm be7d58a03d9a28db072b99c57fe80f0b 8.0/en/os/i586/kernel-2.4.20-13.8.i586.rpm 23fb8e7b7c895205314be4abd10b0474 8.0/en/os/i586/kernel-smp-2.4.20-13.8.i586.rpm 08584687dae702a02c9603fb95f5275c 8.0/en/os/i686/kernel-2.4.20-13.8.i686.rpm d336ee0403d4d8ffccdbed5fd460693f 8.0/en/os/i686/kernel-bigmem-2.4.20-13.8.i686.rpm f4f693c588d9519b26ec912e1e58419b 8.0/en/os/i686/kernel-smp-2.4.20-13.8.i686.rpm 5a39e35dfea5b4b79c8be444bf49dcc5 9/en/os/SRPMS/kernel-2.4.20-13.9.src.rpm 6b3e0a56fb8977818b0802f64a91dbb3 9/en/os/athlon/kernel-2.4.20-13.9.athlon.rpm 0460a0cc4bf91467fc3b26a979a8d658 9/en/os/athlon/kernel-smp-2.4.20-13.9.athlon.rpm b46c026c49d52da7b9f971f4a8a13908 9/en/os/i386/kernel-2.4.20-13.9.i386.rpm 794415512835127e0a7c7a99e56aa986 9/en/os/i386/kernel-BOOT-2.4.20-13.9.i386.rpm 5a1e0fd284dc69896c25f8c31bea6513 9/en/os/i386/kernel-doc-2.4.20-13.9.i386.rpm 9367405b84ff5bb55cef17c879cf9ce0 9/en/os/i386/kernel-source-2.4.20-13.9.i386.rpm c0957a0fe3c04594c9b5489877a7c570 9/en/os/i586/kernel-2.4.20-13.9.i586.rpm 6d9a641dadcc0abce2584f9f92f20552 9/en/os/i586/kernel-smp-2.4.20-13.9.i586.rpm ac8410ce50e12268cc07e6dfb80a08f0 9/en/os/i686/kernel-2.4.20-13.9.i686.rpm 21ca6ca4b4d4aada6ce90dbb700145b3 9/en/os/i686/kernel-bigmem-2.4.20-13.9.i686.rpm bac56b09e64cbe6befa0f134f9c7ab53 9/en/os/i686/kernel-smp-2.4.20-13.9.i686.rpm These packages are GPG signed by Red Hat for security. Our key is available at http://www.redhat.com/solutions/security/news/publickey/ You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://marc.theaimsgroup.com/?l=bk-commits-24&m=105217616607144&w=2 http://bugzilla.kernel.org/show_bug.cgi?id=703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246 9. Contact: The Red Hat security contact is <security@redhat.com>. More contact details at http://www.redhat.com/solutions/security/news/contact/ Copyright 2003 Red Hat, Inc.
*** Bug 21076 has been marked as a duplicate of this bug. ***
Created attachment 12314 [details, diff] ioperm-bitmap.patch
Created attachment 12315 [details, diff] hash-exploit.patch
patches in gentoo-sources-2.4.20-r6
Changing bug status to TEST_REQUEST and Severity to normal.
changing resolution to FIXED
