Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0420 -- RHSA-2004:255-01 and RHSA-2004:260-01 Updated kernel packages fix security 21 June 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 3 Red Hat Desktop version 3 Red Hat Enterprise Linux AS/ES/WS 2.1 Linux variants Impact: Denial of Service Increased Privileges Access Required: Existing Account CVE Names: CAN-2004-0427 CAN-2004-0495 CAN-2004-0554 Ref: ESB-2004.0339 Comment: This External Security Bulletin (ESB) contains two Red Hat Security Advisories, detailing similar patches for Enterprise Linux versions 3 and 2.1 respectively. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kernel packages fix security vulnerabilities Advisory ID: RHSA-2004:255-01 Issue date: 2004-06-17 Updated on: 2004-06-17 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:188 CVE Names: CAN-2004-0427 CAN-2004-0495 CAN-2004-0554 - - --------------------------------------------------------------------- 1. Topic: Updated kernel packages for Red Hat Enterprise Linux 3 that fix security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Another flaw was discovered in an error path supporting the clone() system call that allowed local users to cause a denial of service (memory leak) by passing invalid arguments to clone() running in an infinite loop of a user's program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0427 to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. Although the majority of these resides in drivers unsupported in Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. These packages contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 125794 - CAN-2004-0554 local user can get the kernel to hang 125901 - [PATCH] CAN-2004-0554: FPU exception handling local DoS 125968 - last RH kernel affected bug 126121 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm ppc64: Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ppc64.rpm ppc64iseries: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm ppc64pseries: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm s390: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm s390x: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390x.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390x.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390x.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 7. Verification: MD5 sum Package Name - - -------------------------------------------------------------------------- 05b0bcb454ac5454479481d0288fbf20 kernel-2.4.21-15.0.2.EL.athlon.rpm a3073219b60cbb7ce447a22e5103e097 kernel-2.4.21-15.0.2.EL.i686.rpm 90dabcf0bb591756e5f04f397cf8a156 kernel-2.4.21-15.0.2.EL.ia32e.rpm 24ddfb9f957028d3bbc5cfff2b25bc67 kernel-2.4.21-15.0.2.EL.ia64.rpm 495a1c8f85e0e237643fd2e3f89ddaed kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm 6ad188ae0c61a077dede364c59448f61 kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm 1b9d329e2b074616239a91fd967871c8 kernel-2.4.21-15.0.2.EL.s390.rpm a8bab06e561ac8b6ab473b4e722a570b kernel-2.4.21-15.0.2.EL.s390x.rpm 669d77609b1c47ff49c939c1ea7bbc45 kernel-2.4.21-15.0.2.EL.src.rpm 13aabc1c96dfee65f73246051a955ba8 kernel-2.4.21-15.0.2.EL.x86_64.rpm 4635f8c6555f3b3e52feb9444b2e230d kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm 6cf6c39a83dfe7cca9c9a79f02dc3fa8 kernel-doc-2.4.21-15.0.2.EL.i386.rpm cc60f06bdd3ad6a05040df8ba40d41a1 kernel-doc-2.4.21-15.0.2.EL.ia64.rpm 3f21dd578af78ed576c7cbf6e17a3f16 kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm 5e27cc65020dbb1c92368e79c3edcbe6 kernel-doc-2.4.21-15.0.2.EL.s390.rpm 860944b6a4e8384a0b344dc96ea48b6d kernel-doc-2.4.21-15.0.2.EL.s390x.rpm 608d072210521af17c455f7754a6e352 kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm 6c8dad84abc4dd1892c9dc862c329273 kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm 426c517d35a53546138b0d72a0515909 kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm 96eb477ac938da01b729b5ac5ed36e3b kernel-smp-2.4.21-15.0.2.EL.athlon.rpm bece09ba4a651196758380372dc4c593 kernel-smp-2.4.21-15.0.2.EL.i686.rpm 82154d7551d6e4947af70b3044c9d4d2 kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm 9d24273cc70bb6be810984cb3f3d0a36 kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm 775338e099c3bdf36a586d29e55dbd3e kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm 8fde60be45154b7722893feb65506f42 kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 3c690c54909996d3bba3da7c8d8f894a kernel-source-2.4.21-15.0.2.EL.i386.rpm a8fc2a1042ee3e580881b50c97a3241d kernel-source-2.4.21-15.0.2.EL.ia64.rpm 937a05a7666f14f95d20be19fc461f05 kernel-source-2.4.21-15.0.2.EL.ppc64.rpm 282bb4f0e5bfbec228a742ab6666665d kernel-source-2.4.21-15.0.2.EL.s390.rpm 6e9628389fa69aafc9c910e4b37a425a kernel-source-2.4.21-15.0.2.EL.s390x.rpm 44be30f820be806621b47786ebff1844 kernel-source-2.4.21-15.0.2.EL.x86_64.rpm 17f10f04cffc9751afb1499aaff00fdc kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm 89ee51cb60f7a1f34e66cbb16abcba07 kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm 144943d76b23470572326c84b57c0dd9 kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm 60e5c1f1efa438a658b12e16543214cd kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm 57f0111e6443fd5a39099731cc0856e8 kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm 22f38c0c1abee45e0ac24caa19e06311 kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm 8f67e244ba867a103e6b211d3d0d1fba kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm 3522c33c18eb876b5033ef12398707fe kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm aa060423c3136a26ca31a7aafa337380 kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA0pQzXlSAg2UNWIIRAnebAJ92x5UDw32uwjVFVe9Eat4cQQqXAwCgkRtl OG3QYv33e4XJlyE9npuygvs= =Joca - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kernel packages fix security vulnerabilities Advisory ID: RHSA-2004:260-01 Issue date: 2004-06-18 Updated on: 2004-06-18 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:188 CVE Names: CAN-2004-0495 CAN-2004-0554 - - --------------------------------------------------------------------- 1. Topic: Updated kernel packages for Red Hat Enterprise Linux 2.1 that fix security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686 Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686 Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. These flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. These packages contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 126122 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel 126031 - CAN-2004-0554 local user can get the kernel to hang 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-summit-2.4.9-e.41.i686.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm 7. Verification: MD5 sum Package Name - - -------------------------------------------------------------------------- e8a6f83bc24e92297315f751559a251a kernel-2.4.9-e.41.athlon.rpm 3e0d87495a7c6b7bef7e02f55ef6d24a kernel-2.4.9-e.41.i686.rpm 3958537aa5fd88aebb95864351f824c8 kernel-2.4.9-e.41.src.rpm fdf9aa6832ac6faeb301988d98e7a31b kernel-BOOT-2.4.9-e.41.i386.rpm 8aa5eb290f69829b5284c90705b6061f kernel-debug-2.4.9-e.41.i686.rpm 4af5cd44eb2fa282c0d743927478738c kernel-doc-2.4.9-e.41.i386.rpm 703fec744138ab5ca5118e266e5b75f1 kernel-enterprise-2.4.9-e.41.i686.rpm 55f2acc05244bf82043d85920aeab3e4 kernel-headers-2.4.9-e.41.i386.rpm 04ab73b3bca23210c7643a74a7602b49 kernel-smp-2.4.9-e.41.athlon.rpm b2186df6f7d6c688a30365a17dc9a4b4 kernel-smp-2.4.9-e.41.i686.rpm e6b5c0f91e0808d6c1ba5de86b600c17 kernel-source-2.4.9-e.41.i386.rpm e05538bec3d7e58542c34f222890facf kernel-summit-2.4.9-e.41.i686.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA012sXlSAg2UNWIIRApqaAJ9Nuz1XLmQCLCw1ieJIqA7dXpEZngCfSUGf kKnzkP/NlgcdhMGvZQK682k= =k/N4 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQNZDRih9+71yA2DNAQI7AAP+KjoxrsxPgCg83Uc9C2i7ElUlNttNjEz5 S1cAidqyiOUkwUmyDv+1FdulP4EM/7rYsgi0HFOd8C8j46HqLVZKz4W3/ga2hhuz prsLo0e33E2WL6H872smLT6Ai2OHzGw0MC8DfkSdZSMEyiGlpo0R6qQfKqFR2ebe bH+tCVwXvzg= =HYcI -----END PGP SIGNATURE-----