RedHat: Important: kernel security update RHSA-2005:293-01
Summary
Summary
The following security issues were fixed: The Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CAN-2004-0075) The ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CAN-2004-0177) The terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CAN-2004-0814) A race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CAN-2004-1058) A flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CAN-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update. Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CAN-2005-0135) A missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CAN-2005-0137) A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CAN-2005-0204) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384) A flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CAN-2005-0403) A flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CAN-2005-0449) Missing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CAN-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CAN-2005-0749) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) In addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()'ed data for file system update. (BZ 147969) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures/configurations Please note that the fix for CAN-2005-0449 required changing the external symbol linkages (kernel module ABI) for the ip_defrag() and ip_ct_gather_frags() functions. Any third-party module using either of these would also need to be fixed.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
121032 - CAN-2004-0177 ext3 infoleak
126407 - CAN-2004-0075 Vicam USB user/kernel copying
130774 - oops in drivers/char/tty_io.c:init_dev()
131674 - CAN-2004-0814 potential race condition in RHEL 2.1/3 tty layer
133108 - CAN-2004-0814 input/serio local DOS
133113 - CAN-2004-1058 /proc/
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm
i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm
ia64:
9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm
fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm
b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm
0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm
ppc:
7741e86ffde8e3b811eaa10b88ff3719 kernel-2.4.21-27.0.4.EL.ppc64iseries.rpm
50ca9beed2cab6c982d7551b9a9da883 kernel-2.4.21-27.0.4.EL.ppc64pseries.rpm
eb5f512c6fe2bdb321dee28461c7ef0c kernel-doc-2.4.21-27.0.4.EL.ppc64.rpm
0e287838ad66535182c633332e183d36 kernel-source-2.4.21-27.0.4.EL.ppc64.rpm
47e6f0f318afb7c96817444606feb815 kernel-unsupported-2.4.21-27.0.4.EL.ppc64iseries.rpm
d43b29927d2bad0a1958f76993609d9b kernel-unsupported-2.4.21-27.0.4.EL.ppc64pseries.rpm
s390:
c9d699236207e0f1e66fd422a1a93096 kernel-2.4.21-27.0.4.EL.s390.rpm
e436e4e5457db03aae0cfc2993463352 kernel-doc-2.4.21-27.0.4.EL.s390.rpm
1e0d2dbfff8e909d634349d0ba8f4e7f kernel-source-2.4.21-27.0.4.EL.s390.rpm
211363ee1e02f3aa10f54fbecd8c1ba1 kernel-unsupported-2.4.21-27.0.4.EL.s390.rpm
s390x:
e3f5671361bfa5ffd86d7b3d90053fcb kernel-2.4.21-27.0.4.EL.s390x.rpm
af836330d8aa58c823e64028445cc307 kernel-doc-2.4.21-27.0.4.EL.s390x.rpm
c7ab3b59c9eae8dc861162a7b57ce8cb kernel-source-2.4.21-27.0.4.EL.s390x.rpm
5950fb528167eba2d3eed49f3a7f5aef kernel-unsupported-2.4.21-27.0.4.EL.s390x.rpm
x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm
Red Hat Desktop version 3:
SRPMS:
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm
i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm
x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm
i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm
ia64:
9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm
fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm
b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm
0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm
x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm
i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm
ia64:
9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm
fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm
b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm
0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm
x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Bugs Fixed