[SECURITY] Updated kernel resolves security vulnerability

Dave Jones davej at redhat.com
Wed Jan 7 17:37:26 UTC 2004 

---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-047
2004-01-07
---------------------------------------------------------------------

Name        : kernel
Version     : 2.4.22                      
Release     : 1.2140.nptl                  
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Red Hat Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

---------------------------------------------------------------------

Various RTC drivers had the potential to leak small amounts of kernel
memory to userspace through IOCTL's. 

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0984 to this issue.

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

69a643e061b0e3a56d07eccf8b142b26  SRPMS/kernel-2.4.22-1.2140.nptl.src.rpm
ff15774cedef09fbfe59c25ece1f6ed2  i386/kernel-source-2.4.22-1.2140.nptl.i386.rpm
9eba879575a930ee4c3ed392cd57ab6b  i386/kernel-doc-2.4.22-1.2140.nptl.i386.rpm
3a8bccb684dd6dfcea88f5dce35cdab0  i386/kernel-BOOT-2.4.22-1.2140.nptl.i386.rpm
567c39348a31b964187354a71f2e5a5e  i386/debug/kernel-debuginfo-2.4.22-1.2140.nptl.i386.rpm
9a99f90d73034bc06bc75b1f8ca5939c  i386/kernel-2.4.22-1.2140.nptl.i586.rpm
0043651e9f2a8781d86a48fc416008b7  i386/debug/kernel-debuginfo-2.4.22-1.2140.nptl.i586.rpm
2058a8d4276508f91c5d8e91b5552fec  i386/kernel-2.4.22-1.2140.nptl.i686.rpm
de785e229eb62997287c9ba3c4d35164  i386/kernel-smp-2.4.22-1.2140.nptl.i686.rpm
cb85e72a2437356068cb5f498b4199c5  i386/debug/kernel-debuginfo-2.4.22-1.2140.nptl.i686.rpm
86056e2e9770d38a8dc99ca01f8e1881  i386/kernel-2.4.22-1.2140.nptl.athlon.rpm
e58efa41da0cbd119ade33bf39c3763c  i386/kernel-smp-2.4.22-1.2140.nptl.athlon.rpm
ceeb465c728f5ed0e2656d943eba42ff  i386/debug/kernel-debuginfo-2.4.22-1.2140.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984

More information about the fedora-announce-list mailing list