Fedora Legacy Test Update Notification: kernel

Jim Popovitch jimpop at yahoo.com
Mon Feb 21 15:58:29 UTC 2005 

Yikes.  What a mess.  Any ideas on how to test this?  Simply installing
and just putting it though normal paces seems short-sighted.

-Jim P.

On Sun, 2005-02-20 at 22:17 -0500, Marc Deslauriers wrote:
> ---------------------------------------------------------------------
> Fedora Legacy Test Update Notification
> FEDORALEGACY-2005-2336
> Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2336
> 2005-02-20
> ---------------------------------------------------------------------
> 
> Name        : kernel
> Versions    : rh7.3: kernel-2.4.20-42.7.legacy
> Versions    : rh9: kernel-2.4.20-42.9.legacy
> Versions    : fc1: kernel-2.4.22-1.2199.4.legacy
> Summary     : The Linux kernel (the core of the Linux operating system).
> Description :
> The kernel package contains the Linux kernel (vmlinuz), the core of
> the Red Hat Linux operating system. The kernel handles the basic
> functions of the operating system: memory allocation, process
> allocation, device input and output, etc.
> 
> ---------------------------------------------------------------------
> Update Information:
> 
> Updated kernel packages that fix several security issues are now
> available.
> 
> The Linux kernel handles the basic functions of the operating system.
> 
> This update includes fixes for several security issues:
> 
> The ext3 code in kernels before 2.4.26 did not properly initialize
> journal descriptor blocks. A privileged local user could read portions
> of kernel memory. The Common Vulnerabilities and Exposures project
> (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue.
> 
> Conectiva discovered flaws in certain USB drivers affecting kernels
> prior to 2.4.27 which used the copy_to_user function on uninitialized
> structures. These flaws could allow local users to read small amounts
> of kernel memory. (CAN-2004-0685)
> 
> Multiple race conditions in the terminal layer could allow local users
> to obtain portions of kernel data via a TIOCSETD ioctl call to a
> terminal interface that is being accessed by another thread. This could
> also allow remote attackers to cause a denial of service (panic) by
> switching from console to PPP line discipline, then quickly sending data
> that is received during the switch. (CAN-2004-0814)
> 
> Stefan Esser discovered various flaws including buffer overflows in
> the smbfs driver affecting kernels prior to 2.4.28. A local user may be
> able to cause a denial of service (crash) or possibly gain privileges.
> In order to exploit these flaws the user would require control of
> a connected Samba server. (CAN-2004-0883, CAN-2004-0949)
> 
> ISEC security research and Georgi Guninski independantly discovered a
> flaw in the scm_send function in the auxiliary message layer. A local
> user could create a carefully crafted auxiliary message which could
> cause a denial of service (system hang). (CAN-2004-1016)
> 
> Multiple overflows were discovered and corrected in the io_edgeport
> driver. (CAN-2004-1017)
> 
> The Direct Rendering Manager (DRM) driver does not properly check the
> DMA lock, which could allow remote attackers or local users to cause a
> denial of service (X Server crash) and possibly modify the video output.
> (CAN-2004-1056)
> 
> A missing serialization flaw in unix_dgram_recvmsg was discovered that
> affects kernels prior to 2.4.28. A local user could potentially make
> use of a race condition in order to gain privileges. (CAN-2004-1068)
> 
> Paul Starzetz of iSEC discovered various flaws in the ELF binary loader
> affecting kernels prior to 2.4.28. A local user could use these flaws to
> gain read access to executable-only binaries or possibly gain
> privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073,
> CAN-2004-1074)
> 
> ISEC security research discovered multiple vulnerabilities in the IGMP
> functionality of the kernels. These flaws could allow a local user to
> cause a denial of service (crash) or potentially gain privileges. Where
> multicast applications are being used on a system, these flaws may also
> allow remote users to cause a denial of service. (CAN-2004-1137)
> 
> Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior
> to 2.4.26. A local user could create a carefully crafted binary in such
> a way that it would cause a denial of service (system crash).
> (CAN-2004-1234)
> 
> iSEC Security Research discovered a VMA handling flaw in the uselib(2)
> system call of the Linux kernel. A local user could make use of this
> flaw to gain elevated (root) privileges. (CAN-2004-1235)
> 
> iSEC Security Research discovered a flaw in the page fault handler code
> that could lead to local users gaining elevated (root) privileges on
> multiprocessor machines. (CAN-2005-0001)
> 
> All users are advised to upgrade their kernels to the packages
> associated with their machine architectures and configurations as listed
> in this erratum.
> 
> ---------------------------------------------------------------------
> Changelogs
> 
> rh73:
> * Wed Feb 02 2005 Martin Siegert <siegert at sfu.ca>
> - replace patch for CAN-2004-0814 with patch extracted from the official
>    kernel patch-2.4.29 (including previously missing patch for proc_fs.h).
> 
> * Sun Jan 16 2005 Simon Weller <simon at potelweller.com>
> - Back ported CAN-2005-0001 expand_stack patch based on Dave Botsch's patch
> - void changes to int in CAN-2004-1245 patch set_brk function - thanks 
> to Martin Siegert
> 
> * Fri Jan 07 2005 Simon Weller <simon at potelweller.com>
> - back ported 2.4.29 sys_uselib-race-CAN-2004-1235 patch
> 
> * Mon Jan 03 2005 Martin Siegert <siegert at sfu.ca>
> - replace patch for CAN-2004-0814 with slightly modified version of the
>    gentoo-sources-2.4.20-CAN-2004-0814 patch.
>    (http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/)
> - include drm_lock patch (CAN-2004-1056); modified version of
>    patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534
> - include elf-loader-setuid patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1070,CAN-2004-1071,CAN-2004-1072, and CAN-2004-1073)
>    modified to apply after patch 11032
> - include smbfs-overflows.patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-0883 and CAN-2004-0949)
> - include aout-leak patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1074)
> - include linux-2.4.20-nfsd-signed and linux-2.4.20-nfsd-xdr-write-wrap
>    patches from kernel-source-2.4.20.SuSE-127
> - include cmsg-signedness patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1016)
> - include dgram_recvmsg patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1068)
> - include linux-2.4.20-ip-options-leak.patch from 
> kernel-source-2.4.20.SuSE-127
> - include binfmt_elf patch from 
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4076466d_SqUm4azg4_v3FIG2-X6XQ
>    (CAN-2004-1234)
> - include linux-2.4.21-CAN-2004-1017-io_edgeport.patch from the
>    linux-2.4.21-usb-update.patch from RedHat's kernel-2.4.21-27.0.1.EL
>    (CAN-2004-1017)
> 
> * Sat Oct 23 2004 Martin Siegert <siegert at sfu.ca>
> - include tty-ldisc patch from Jason Baron, CAN-2004-0814
>    (http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/0201.html,
>    http://www.securityfocus.com/archive/1/379005).
> 
> rh9:
> * Wed Feb 02 2005 Martin Siegert <siegert at sfu.ca>
> - replace patch for CAN-2004-0814 with patch extracted from the official
>    kernel patch-2.4.29 (including previously missing patch for proc_fs.h).
> 
> * Sun Jan 16 2005 Simon Weller <simon at potelweller.com>
> - Back ported CAN-2005-0001 expand_stack patch based on Dave Botsch's patch
> - void changes to int in CAN-2004-1245 patch set_brk function - thanks 
> to Martin Siegert
> 
> * Fri Jan 07 2005 Simon Weller <simon at potelweller.com>
> - back ported 2.4.29 sys_uselib-race-CAN-2004-1235 patch
> 
> * Mon Jan 03 2005 Martin Siegert <siegert at sfu.ca>
> - replace patch for CAN-2004-0814 with slightly modified version of the
>    gentoo-sources-2.4.20-CAN-2004-0814 patch.
>    (http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/)
> - include drm_lock patch (CAN-2004-1056); modified version of
>    patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534
> - include elf-loader-setuid patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1070,CAN-2004-1071,CAN-2004-1072, and CAN-2004-1073)
>    modified to apply after patch 11032
> - include smbfs-overflows.patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-0883 and CAN-2004-0949)
> - include aout-leak patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1074)
> - include linux-2.4.20-nfsd-signed and linux-2.4.20-nfsd-xdr-write-wrap
>    patches from kernel-source-2.4.20.SuSE-127
> - include cmsg-signedness patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1016)
> - include dgram_recvmsg patch from kernel-source-2.4.20.SuSE-127
>    (CAN-2004-1068)
> - include linux-2.4.20-ip-options-leak.patch from 
> kernel-source-2.4.20.SuSE-127
> - include binfmt_elf patch from 
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4076466d_SqUm4azg4_v3FIG2-X6XQ
>    (CAN-2004-1234)
> - include linux-2.4.21-CAN-2004-1017-io_edgeport.patch from the
>    linux-2.4.21-usb-update.patch from RedHat's kernel-2.4.21-27.0.1.EL
>    (CAN-2004-1017)
> 
> * Sat Oct 23 2004 Martin Siegert <siegert at sfu.ca>
> - include tty-ldisc patch from Jason Baron, CAN-2004-0814
>    (http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/0201.html,
>    http://www.securityfocus.com/archive/1/379005).
> 
> fc1:
> * Fri Jan 14 2005 Rob Myers <rob.myers at gtri.gatech.edu> 
> 2.4.22-1.2199.4.legacy.nptl
> - patch for expand_stack SMP race CAN-2005-0001
> - patch for RLIMIT_MEMLOCK bypass NO-CAN-ASSIGNED
> - patch for random poolsize sysctl handler integer overflow NO-CAN-ASSIGNED
> - patch for moxa serial driver bss overflow NO-CAN-ASSIGNED
> - patch for xfs misc fixes - NO-CAN-ASSIGNED
> - patch for rose_rt_ioctl - lack of bounds checking NO-CAN-ASSIGNED
> - patch for sdla_xfer - lack of bounds checking NO-CAN-ASSIGNED
> - patch for coda - add bounds checking for tainted scalars NO-CAN-ASSIGNED
> 
> * Fri Jan 07 2005 Rob Myers <rob.myers at gtri.gatech.edu> 
> 2.4.22-1.2199.3.legacy.nptl
> - add patches for CAN-2004-1235 CAN-2004-1017
> - add patch for ip options leak
> 
> * Fri Jan 07 2005 Rob Myers <rob.myers at gtri.gatech.edu> 
> 2.4.22-1.2199.2.legacy.nptl
> - clean up spec, rebuild
> 
> * Thu Jan 06 2005 Rob Myers <rob.myers at gtri.gatech.edu> 
> 2.4.22-1.2199.1.legacy.nptl
> - patch CAN-2004-0685 CAN-2004-0814 CAN-2004-0883 CAN-2004-0949
>    CAN-2004-1016 CAN-2004-1056 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071
>    CAN-2004-1072 CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 CAN-2004-1234
> 
> ---------------------------------------------------------------------
> This update can be downloaded from:
>    http://download.fedoralegacy.org/
> (sha1sums)
> 
> rh7.3:
> 7900b4d4608f6f23f1b19f8545a67bd733493c65 
> redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.athlon.rpm
> dad7ced597c96a258e11d0de8437356ac82e40f3 
> redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i386.rpm
> caea6cb5c96897341c71e023e71d90b1b01bdde9 
> redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i586.rpm
> ffe552201b6bfdc5359596ae901bc249a365cec6 
> redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i686.rpm
> 4be06cfe9783c4d045fbfff4774e50f308fa6934 
> redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm
> 7d4b1b49e292ade40eb1f14e89338ae8df014981 
> redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm
> 6a17058770d6e6c2b8706232d1ceb60866b36ab0 
> redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm
> b8e1b78b834e48ec35906b3924eb2bd12a33e4d6 
> redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm
> 55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0 
> redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm
> c923851d4e460a672891db11bbc98089189a5a93 
> redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm
> dfcf9626635256e898e9696b7c8e58d826069be4 
> redhat/7.3/updates-testing/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm
> f4620b08ec8e2ae3973d5b3e555893ab3a7ce340 
> redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm
> 
> rh9:
> 2d6d73763d1d7631b61c40b8093757466dd24cd7 
> redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.athlon.rpm
> 7b1f8f93eb586ae3fbe834670801d45b999700c2 
> redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i386.rpm
> 8d472f8c69a624b310758472c7f387c258f73c02 
> redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i586.rpm
> 618c079b5c9336a0bf0c4e7342616c001eea5f15 
> redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i686.rpm
> dcc66fd50b44cdb55c543d2d0496de595e627d7a 
> redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm
> d092d4efcc10b605fdf9724c5bd65560811063c4 
> redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm
> d99388a8d0f9b0b7e19aa61d25399dc4e5489427 
> redhat/9/updates-testing/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm
> ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4 
> redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm
> 75e49f1b57037546407f3631a3c5f75fb2d671ee 
> redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm
> c7b63e8f26ccb8a237a5918d50e04b112e13f700 
> redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm
> f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11 
> redhat/9/updates-testing/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm
> d11209f3d111ed3e633662c5f651772f11282f8e 
> redhat/9/updates-testing/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm
> 
> fc1:
> 91df569f7f98a976f2686628c9a45160c8f730c6 
> fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
> 1ef2868a7a990521a080925ca81981cafa676258 
> fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm
> 5b093d72e5f7398f3b829c6ce557eb9817042732 
> fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm
> b66170a9431426138e454ddec7f3b98ec45a10fb 
> fedora/1/updates-testing/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm
> 4c5895f14271a8b5bc6e5489c053fba1f96e71f8 
> fedora/1/updates-testing/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm
> a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb 
> fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
> c16b6217ac2ade811576e303a7eb1ddc0214d692 
> fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm
> d307317b04336c289cddde005e11c30b188119cb 
> fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm
> 3b0301c812ad4379c6eb7bbd7970ab4f9602b37c 
> fedora/1/updates-testing/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm
> d14e7971299e22a38cdeee145028d797ea477a1c 
> fedora/1/updates-testing/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm
> 
> ---------------------------------------------------------------------
> 
> Please test and comment in bugzilla.
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list

More information about the fedora-legacy-list mailing list