| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1048549982.1441.9.camel@syd0137.fujitsu.com.au> From: kluge at fujitsu.com.au (Steffen Kluge) Subject: [RHSA-2003:088-01] New kernel 2.2 packages fix vulnerabilities # uname -mrs Linux 2.2.19 sparc # cat /etc/redhat-release Red Hat Linux release 6.2 (Zoot) # rpmbuild --rebuild kernel-2.2.24-6.2.3.src.rpm Installing kernel-2.2.24-6.2.3.src.rpm error: Architecture is not included: sparc What gives? Last time I checked RH6.2 supported sparc. Has that been silently dropped now as well? Did I miss something...? Cheers Steffen. On Thu, 2003-03-20 at 19:59, bugzilla@...hat.com wrote: > --------------------------------------------------------------------- > Red Hat Security Advisory > > Synopsis: New kernel 2.2 packages fix vulnerabilities > Advisory ID: RHSA-2003:088-01 > Issue date: 2003-03-20 > Updated on: 2003-03-20 > Product: Red Hat Linux > Keywords: ethernet frame padding /proc/pid/mem > Cross references: > Obsoletes: RHSA-2002:264 > CVE Names: CAN-2003-0001 CAN-2003-1380 CAN-2003-0127 > --------------------------------------------------------------------- > > 1. Topic: > > Updated kernel packages for Red Hat Linux 6.2 and 7.0 are now available > that fix several security vulnerabilities. > > 2. Relevant releases/architectures: > > Red Hat Linux 6.2 - i386, i586, i686 > Red Hat Linux 7.0 - i386, i586, i686 > > 3. Problem description: > > The Linux kernel handles the basic functions of the operating system. > > A bug in the kernel module loader code allows a local user to gain root > privileges. The Common Vulnerabilities and Exposures project > (cve.mitre.org) has assigned the name CAN-2003-0127 to this issue. > > Multiple ethernet Network Interface Card (NIC) device drivers do not pad > frames with null bytes, which allows remote attackers to obtain information > from previous packets or kernel memory by using malformed packets. The > Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned > the name CAN-2003-0001 to this issue. > > The Linux 2.2 kernel allows local users to cause a denial of service > (crash) by using the mmap() function with a PROT_READ parameter to access > non-readable memory pages through the /proc/pid/mem interface. The > Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned > the name CAN-2002-1380 to this issue. > > All users of Red Hat Linux 6.2 and 7 should upgrade to these errata > packages, which contain version 2.2.24 of the Linux kernel with patches and > are not vulnerable to these issues. > > 4. Solution: > > Before applying this update, make sure all previously released errata > relevant to your system have been applied. > > The procedure for upgrading the kernel is documented at: > > http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html > > Please read the directions for your architecture carefully before > proceeding with the kernel upgrade. > > Please note that this update is also available via Red Hat Network. Many > people find this to be an easier way to apply updates. To use Red Hat > Network, launch the Red Hat Update Agent with the following command: > > up2date > > This will start an interactive process that will result in the appropriate > RPMs being upgraded on your system. Note that you need to select the kernel > explicitly on default configurations of up2date. > > 5. RPMs required: > > Red Hat Linux 6.2: > > SRPMS: > ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.24-6.2.3.src.rpm > > i386: > ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.24-6.2.3.i386.rpm > ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.24-6.2.3.i386.rpm > > i586: > ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.24-6.2.3.i586.rpm > ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.24-6.2.3.i586.rpm > > i686: > ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.24-6.2.3.i686.rpm > ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.24-6.2.3.i686.rpm > ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.24-6.2.3.i686.rpm > > Red Hat Linux 7.0: > > SRPMS: > ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.24-7.0.3.src.rpm > > i386: > ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.24-7.0.3.i386.rpm > ftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.24-7.0.3.i386.rpm > > i586: > ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.24-7.0.3.i586.rpm > ftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.24-7.0.3.i586.rpm > > i686: > ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.24-7.0.3.i686.rpm > ftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.24-7.0.3.i686.rpm > ftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.24-7.0.3.i686.rpm > > > > 6. Verification: > > MD5 sum Package Name > -------------------------------------------------------------------------- > e75a158ad3428385d80db17358c01d72 6.2/en/os/SRPMS/kernel-2.2.24-6.2.3.src.rpm > 7c8137e737a20ce12528264742f1cf29 6.2/en/os/i386/kernel-2.2.24-6.2.3.i386.rpm > 4d98b8669950a871a4f604955b8fdcd2 6.2/en/os/i386/kernel-BOOT-2.2.24-6.2.3.i386.rpm > 169d7580f048e5ac4f97b60794182234 6.2/en/os/i386/kernel-doc-2.2.24-6.2.3.i386.rpm > c0ad13a3bd0f5c97cd6c776c8c4d2506 6.2/en/os/i386/kernel-headers-2.2.24-6.2.3.i386.rpm > 4a7ac11d656242c86cb5c1a4630f1b7a 6.2/en/os/i386/kernel-ibcs-2.2.24-6.2.3.i386.rpm > 3c99049af4f8807ea107cbf5eb3a1838 6.2/en/os/i386/kernel-pcmcia-cs-2.2.24-6.2.3.i386.rpm > da7c86e906fe8a5dfdccd5472e4b7264 6.2/en/os/i386/kernel-smp-2.2.24-6.2.3.i386.rpm > 826eb077660afb473e46d88a660a6f1c 6.2/en/os/i386/kernel-source-2.2.24-6.2.3.i386.rpm > d069a463fe21bab5f76f02a31502123e 6.2/en/os/i386/kernel-utils-2.2.24-6.2.3.i386.rpm > eb349334ef125e741a85a8e869e7b523 6.2/en/os/i586/kernel-2.2.24-6.2.3.i586.rpm > adc808ed4014edaa4d4b010ddac4309c 6.2/en/os/i586/kernel-smp-2.2.24-6.2.3.i586.rpm > 321dbf853a0cb81c8170459f8fc97893 6.2/en/os/i686/kernel-2.2.24-6.2.3.i686.rpm > e1750055ee17c7d57816f7ca8f3ccd2d 6.2/en/os/i686/kernel-enterprise-2.2.24-6.2.3.i686.rpm > 76e6f3fe66df3ed6860264abe5a18de8 6.2/en/os/i686/kernel-smp-2.2.24-6.2.3.i686.rpm > 49e5f301b4cddb0ede8e4debf749d284 7.0/en/os/SRPMS/kernel-2.2.24-7.0.3.src.rpm > 7848dce7df9d50b7b4559f9e3f6cf9a1 7.0/en/os/i386/kernel-2.2.24-7.0.3.i386.rpm > 3e16df51fe2cb5d4d2d452f48a8467f1 7.0/en/os/i386/kernel-BOOT-2.2.24-7.0.3.i386.rpm > 5868fb09b963014bb7d6af0b0f07b6c0 7.0/en/os/i386/kernel-doc-2.2.24-7.0.3.i386.rpm > 511ca20d6c01b4c631b8878bfc4cc76e 7.0/en/os/i386/kernel-ibcs-2.2.24-7.0.3.i386.rpm > e05486b8be3252fa24dbfbccae7c539e 7.0/en/os/i386/kernel-pcmcia-cs-2.2.24-7.0.3.i386.rpm > 98b15116f2e5d623357e6f008118fcd5 7.0/en/os/i386/kernel-smp-2.2.24-7.0.3.i386.rpm > 837c9b0986e9762a01756d169d96705d 7.0/en/os/i386/kernel-source-2.2.24-7.0.3.i386.rpm > 1086439f7e649ca231a7074aa1273a80 7.0/en/os/i386/kernel-utils-2.2.24-7.0.3.i386.rpm > f0e5f6db3bfd8852c1869b70b9b1229f 7.0/en/os/i586/kernel-2.2.24-7.0.3.i586.rpm > 72def97b1db6f807bd98bc2513807de9 7.0/en/os/i586/kernel-smp-2.2.24-7.0.3.i586.rpm > a134b4ed1db1733842e1206ace192825 7.0/en/os/i686/kernel-2.2.24-7.0.3.i686.rpm > 5adeaf42c35a3b350623667e4026980e 7.0/en/os/i686/kernel-enterprise-2.2.24-7.0.3.i686.rpm > ef79dfd39815de20ae4a435341ec195c 7.0/en/os/i686/kernel-smp-2.2.24-7.0.3.i686.rpm > > > These packages are GPG signed by Red Hat, Inc. for security. Our key > is available at http://www.redhat.com/about/contact/pgpkey.html > > You can verify each package with the following command: > > rpm --checksig -v <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the md5sum with the following command: > > md5sum <filename> > > > 7. References: > > http://www.atstake.com/research/advisories/2003/a010603-1.txt > http://marc.theaimsgroup.com/?l=bugtraq&m=104033054204316 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1380 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127 > > 8. Contact: > > The Red Hat security contact is <security@...hat.com>. More contact > details at http://www.redhat.com/solutions/security/news/contact.html > > Copyright 2003 Red Hat, Inc. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists