Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0434 -- FLSA:152532
Updated kernel packages fix security issues
14 June 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: The Fedora Legacy Project
Operating System: Fedora Core 1
Red Hat Linux 9
Red Hat Linux 7.3
Linux variants
Impact: Root Compromise (Existing Account)
Execute Arbitrary Code/Commands
Denial of Service
Access Privileged Data
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0815 CAN-2005-0750 CAN-2005-0749
CAN-2005-0504 CAN-2005-0449 CAN-2005-0400
CAN-2005-0384 CAN-2004-1333 CAN-2004-1058
Original Bulletin: http://www.fedoralegacy.org/updates/
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:152532
Issue date: 2005-06-04
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-1058 CAN-2004-1333 CAN-2005-0384
CAN-2005-0400 CAN-2005-0449 CAN-2005-0504
CAN-2005-0749 CAN-2005-0750 CAN-2005-0815
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated kernel packages that fix several security issues are now
available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
This update includes fixes for several security issues:
A race condition was discovered. Local users could use this flaw to read
the environment variables of another process that is still spawning via
/proc/.../cmdline. (CAN-2004-1058)
An integer overflow was discovered in the vc_resize function. A local
user could cause a denial of service (kernel crash) via a short new
screen value, which leads to a buffer overflow. (CAN-2004-1333)
A flaw was discovered in the Linux PPP driver. On systems allowing
remote users to connect to a server using ppp, a remote client could
cause a denial of service (system crash). (CAN-2005-0384)
A flaw was discovered in ext2 filesystem support. When a new directory
is created, the ext2 block written to disk is not initialized, leading
to an information leak. (CAN-2005-0400)
A flaw in fragment queuing was discovered affecting the netfilter
subsystem. On systems configured to filter or process network packets
(for example those configured to do firewalling), a remote attacker
could send a carefully crafted set of fragmented packets to a machine
and cause a denial of service (system crash). In order to sucessfully
exploit this flaw, the attacker would need to know (or guess) some
aspects of the firewall ruleset in place on the target system to be able
to craft the right fragmented packets. (CAN-2005-0449)
The moxa char driver was missing a CAP_SYS_RAWIO check which could allow
a local user the ability to do things like replace the firmware.
(CAN-2005-0504)
A flaw when freeing a pointer in load_elf_library was discovered. A
local user could potentially use this flaw to cause a denial of service
(system crash). (CAN-2005-0749)
A flaw was discovered in the bluetooth driver system. On system where
the bluetooth modules are loaded, a local user could use this flaw to
gain elevated (root) privileges. (CAN-2005-0750)
Michal Zalewski discovered some flaws in the iso9660 filesystem. These
flaws could allow a malicious iso filesystem to cause a DoS or
potentially execute arbitrary code if mounted/examined. (CAN-2005-0815)
All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.
Please note that the fix for CAN-2005-0449 required changing the
external symbol linkages (kernel module ABI) for the ip_defrag()
and ip_ct_gather_frags() functions. Any third-party module using either
of these would also need to be fixed.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh <package>" and modify
system settings to boot the kernel you have installed. To do this, edit
/boot/grub/grub.conf and change the default entry to "default=0" (or, if
you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and
run lilo)
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have
configured apt/yum to ignore kernels. If so, follow the manual
instructions above.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-43.7.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-43.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-43.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-43.7.legacy.i386.rpm
i586:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-43.7.legacy.i586.rpm
i686:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-43.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-43.7.legacy.i686.rpm
athlon:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-43.7.legacy.athlon.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-43.9.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-43.9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-43.9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-43.9.legacy.i386.rpm
i586:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-43.9.legacy.i586.rpm
i686:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-43.9.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-43.9.legacy.i686.rpm
athlon:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-43.9.legacy.athlon.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.5.legacy.nptl.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.5.legacy.nptl.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.5.legacy.nptl.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.5.legacy.nptl.i386.rpm
i586:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.5.legacy.nptl.i586.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.i586.rpm
i686:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.5.legacy.nptl.i686.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.i686.rpm
athlon:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
33794472a5fa20539f29eb7cc4a1d2e6ce769b06
redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.athlon.rpm
230a9443c30eb7d9733c16568a4d937ea2276bd4
redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.i386.rpm
17d0026c8cf717ed74be70b25b13da6063ec7e30
redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.i586.rpm
5dc8f0385fd068bd2274337989faebc7c6ec1726
redhat/7.3/updates/i386/kernel-2.4.20-43.7.legacy.i686.rpm
f286d3c08cf28c9c4a20c950d2eb795c5b5737ff
redhat/7.3/updates/i386/kernel-bigmem-2.4.20-43.7.legacy.i686.rpm
ddb00a518b2426230fe5e1da5e115691e39f09c8
redhat/7.3/updates/i386/kernel-BOOT-2.4.20-43.7.legacy.i386.rpm
904f2b51aaed8aa96583b7e2bd40365b75cb6faa
redhat/7.3/updates/i386/kernel-doc-2.4.20-43.7.legacy.i386.rpm
b332b272d0a4854af3131693708c05f39797e9af
redhat/7.3/updates/i386/kernel-smp-2.4.20-43.7.legacy.athlon.rpm
933b9cb0ca14334c320c7458f61a700a8e002abd
redhat/7.3/updates/i386/kernel-smp-2.4.20-43.7.legacy.i586.rpm
95339a7d9b57381d6a967d7fa0c70675b1c2e34a
redhat/7.3/updates/i386/kernel-smp-2.4.20-43.7.legacy.i686.rpm
c054c08870c77ce47030511ebfc35566fcd216f5
redhat/7.3/updates/i386/kernel-source-2.4.20-43.7.legacy.i386.rpm
c7b8495a1c84cdcf22bf99748e1346614777cdba
redhat/7.3/updates/SRPMS/kernel-2.4.20-43.7.legacy.src.rpm
06664b11750a20c552ef4f9f391976429335516e
redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.athlon.rpm
523c7336e869cc3aac6356b838eb3e7458f7b471
redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.i386.rpm
66a5186361dcdb4cb4c8c1dccb63e56d11a14f58
redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.i586.rpm
a138ce79569e85745c9cc2e352ec03c32d048de5
redhat/9/updates/i386/kernel-2.4.20-43.9.legacy.i686.rpm
e595403bc87b08c1dd4090de032bf7d9b4400a67
redhat/9/updates/i386/kernel-bigmem-2.4.20-43.9.legacy.i686.rpm
ec99c85958ab259128855cc1b0be74c83e6e3f0e
redhat/9/updates/i386/kernel-BOOT-2.4.20-43.9.legacy.i386.rpm
536fa79aa0a5f02e9f8b54c5c88e5a429dbdb114
redhat/9/updates/i386/kernel-doc-2.4.20-43.9.legacy.i386.rpm
b16cc40913f423d5c8adbcf755c07621d42b1df0
redhat/9/updates/i386/kernel-smp-2.4.20-43.9.legacy.athlon.rpm
8db2f89803e02ee40af386e192813c3441d9ef12
redhat/9/updates/i386/kernel-smp-2.4.20-43.9.legacy.i586.rpm
9665eda39738126699e2e999c5563e47826270c8
redhat/9/updates/i386/kernel-smp-2.4.20-43.9.legacy.i686.rpm
6a61f8971a1ba0f51399956aed24789065ece2b4
redhat/9/updates/i386/kernel-source-2.4.20-43.9.legacy.i386.rpm
35d0fc7714b2c0274b6af35996c26335ea8d3555
redhat/9/updates/SRPMS/kernel-2.4.20-43.9.legacy.src.rpm
e1dd5d1ee6ba69871dd06ce679734eadf5c4c9ed
fedora/1/updates/i386/kernel-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
23a4afe07cd72f23b429730c32f88f5fe92e8f6f
fedora/1/updates/i386/kernel-2.4.22-1.2199.5.legacy.nptl.i586.rpm
5da916582b12a4625e54eb0cfb3d200dbeb5360b
fedora/1/updates/i386/kernel-2.4.22-1.2199.5.legacy.nptl.i686.rpm
fbdf463056180fd41abe4d8afc165d187163390d
fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.5.legacy.nptl.i386.rpm
03298f9d3057661b2912fefa73cde94c42d2377e
fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.5.legacy.nptl.i386.rpm
2419d19c66420c55a50ca82d0ef41aaab7992136
fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.athlon.rpm
8dcd88461c7922a07b7c1bad054b480a997828ea
fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.i586.rpm
c95bddfc477c11c46d562c3bd28f407ebdcd8ae3
fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.i686.rpm
0fe3402917235049865cedc80ad5eb72c1984df2
fedora/1/updates/i386/kernel-source-2.4.22-1.2199.5.legacy.nptl.i386.rpm
cfb0d7b297116b99ef08a30d7d9fef0c9e24a490
fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.5.legacy.nptl.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0815
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
- ---------------------------------------------------------------------
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQq5K4yh9+71yA2DNAQJC4QP9FHUQMfI9a4LdGJAzvd4Z2hFxvM4+5Hf9
g3mve/Fqp1iNhWyV9eGk2QPYchpiZ+gsODZY0utp8UJrz7NlDQCZiYN+9R+G0mAp
LU/BPBcjV3a2+9S48cNOtS3eUaXqtvOycNMzIXHes7+GPV0E5sNX5dHVifQI4IxT
GEAWNx1ba7Q=
=R2ND
-----END PGP SIGNATURE-----