[UCI-Linux] Jesse Keating: [FLSA-2004:1284] Updated kernel resolves security vulnerabilities

Mike IGLESIAS IGLESIAS@uci.edu
Tue, 02 Mar 2004 11:07:36 -0800


------- Forwarded Message

Return-Path: bugtraq-return-13406-iglesias=draco.acs.uci.edu@securityfocus.com
Delivery-Date: Tue Mar  2 11:06:04 2004
Received: from outgoing2.securityfocus.com (outgoing2.securityfocus.com [205.206.231.26])
	by draco.acs.uci.edu (8.12.8/8.12.8) with ESMTP id i22J61Xr012909
	for <iglesias@draco.acs.uci.edu>; Tue, 2 Mar 2004 11:06:01 -0800
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
	by outgoing2.securityfocus.com (Postfix) with QMQP
	id 38359905B3; Tue,  2 Mar 2004 07:05:53 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21355 invoked from network); 2 Mar 2004 12:49:19 -0000
From: Jesse Keating <jkeating@j2solutions.net>
Organization: j2Solutions
To: fedora-legacy-announce@redhat.com
Subject: [FLSA-2004:1284] Updated kernel resolves security vulnerabilities
Date: Tue, 2 Mar 2004 10:57:16 -0800
User-Agent: KMail/1.5.4
Cc: bugtraq@securityfocus.com
MIME-Version: 1.0
X-UID: 20
Content-Type: multipart/signed;
  protocol="application/pgp-signature";
  micalg=pgp-sha1;
  boundary="Boundary-02=_QkNRArhR0rRuNlX";
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <200403021057.20696.jkeating@j2solutions.net>
X-DRACO-MailScanner: Not checked for viruses

- --Boundary-02=_QkNRArhR0rRuNlX
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

=2D----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated kernel resolves security vulnerabilities
Advisory ID:       FLSA:1284
Issue date:        2004-03-02
Product:           Red Hat Linux
Keywords:          Security
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=3D1284
CVE Names:         CAN-2004-0077, CAN-2004-0075, CAN-2004-0010,=20
CAN-2004-0003
=2D----------------------------------------------------------------------


=2D--------------------------------------------------------------------
1. Topic:

Updated kernel packages that fix security vulnerabilities which may=20
allow local users to gain root privileges are now available. These=20
packages also resolve other minor issues.

2. Relevent releases/architectures:

Red Hat Linux 7.2 - i386, i586, i686, athlon
Red Hat Linux 7.3 - i386, i586, i686, athlon
Red Hat Linux 8.0 - i386, i586, i686, athlon

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in return value checking in mremap() in=20
the Linux kernel versions 2.4.24 and previous that may allow a local=20
attacker to gain root privileges. No exploit is currently available;=20
however this issue is exploitable. The Common Vulnerabilities and=20
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0077=20
to this issue.

The Vicam USB driver in kernel versions prior to 2.4.25 does not use the=20
copy_from_user function to access userspace, which crosses security=20
boundaries. The Common Vulnerabilities and Exposures project=20
(cve.mitre.org) has assigned the name CAN-2004-0075 to this issue.

Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could
allow local privilege escalation. ncpfs is only used to allow a system=20
to mount volumes of NetWare servers or print to NetWare printers. The=20
Common Vulnerabilities and Exposures project (cve.mitre.org) has=20
assigned the name CAN-2004-0010 to this issue.

Alan Cox found issues in the R128 Direct Render Infrastructure that=20
could allow local privilege escalation. The Common Vulnerabilities and=20
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003=20
to this issue.

All users are advised to upgrade to these errata packages, which contain
backported security patches that correct these issues.

=46edora Legacy would like to thank Paul Starzetz from ISEC for reporting=20
the issue CAN-2004-0077, and Dominic Hargreaves for providing=20
backported rpms for all issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which=20
are not installed but included in the list will not be updated.  Note=20
that you can also use wildcards (*.rpm) if your current directory=20
*only* contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the=20
appropriate RPMs being upgraded on your system.  This assumes that you=20
have yum or apt-get configured for obtaining Fedora Legacy content.=20
Please visit http://www.fedoralegacy.org/download for directions on how=20
to configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 1284 - KERNEL: r128 dri AND do_mremap VMA=20
limit local privilege escalation vulnerability

6. RPMs required:

Red Hat Linux 7.2:

SRPM:
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/kernel-2.4.20-30.=
7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-BOOT-2.4.20=
=2D30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-doc-2.4.20-=
30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-source-2.4.=
20-30.7.legacy.i386.rpm

i568:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-bigmem-2.4.=
20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.athlon.rpm

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-30.=
7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20=
=2D30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-=
30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.=
20-30.7.legacy.i386.rpm

i568:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.=
20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7=
=2Elegacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-=
30.7.legacy.athlon.rpm

Red Hat Linux 8.0:

SRPM:
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/kernel-2.4.20-30.=
8.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-BOOT-2.4.20=
=2D30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-doc-2.4.20-=
30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-source-2.4.=
20-30.8.legacy.i386.rpm

i568:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.i586.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-=
30.8.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.i686.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-bigmem-2.4.=
20-30.8.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-=
30.8.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8=
=2Elegacy.athlon.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-=
30.8.legacy.athlon.rpm

7. Verification:

SHA1 sum                                 Package Name
=2D------------------------------------------------------------------------=
=2D-

4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 =20
7.2/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c =20
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4 =20
7.2/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358 =20
7.2/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599 =20
7.2/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd =20
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f =20
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77 =20
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322 =20
7.2/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 =20
7.3/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c =20
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4 =20
7.3/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358 =20
7.3/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599 =20
7.3/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd =20
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f =20
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77 =20
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322 =20
7.3/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

8eea381f80412a9421d25b1466d084cbbf5e1cee =20
8.0/updates/SRPMS/kernel-2.4.20-30.8.legacy.src.rpm
77ee4d29f593a4746e70a6ac55f9791d3183803e =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.athlon.rpm
b1ba3b73d03294d4b31756eb6086bfffd4ef9958 =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i386.rpm
cd49df62f704ed4e11be197fdae0920de1e1c584 =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i586.rpm
467c2613862985f16e07db103d7d88ab914ea73c =20
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i686.rpm
63e243113b85a57ccaaaf0bcdf1468d7f8290001 =20
8.0/updates/i386/kernel-BOOT-2.4.20-30.8.legacy.i386.rpm
ea960ffbacd83cdb2b0ae78e612da5099121f77c =20
8.0/updates/i386/kernel-bigmem-2.4.20-30.8.legacy.i686.rpm
842cea04dad3976173afb6609c19615eff88aa8a =20
8.0/updates/i386/kernel-doc-2.4.20-30.8.legacy.i386.rpm
e07e04ffef20d0f3fd66cd8cc46d7f2d7d1c2af0 =20
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.athlon.rpm
a2a81a0ebe3e7433e339881bd1ba6177f75599c8 =20
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i586.rpm
8625244b0dca1a71fe9b74769f6376af9495b333 =20
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i686.rpm
4f6b05bc2296a0b37bc9528fd0e36d4e8f69ff67 =20
8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0077
https://rhn.redhat.com/errata/RHSA-2004-065.html
https://bugzilla.fedora.us/show_bug.cgi?id=3D1284


9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

10. Special Notes:

If you use lilo, you will have to edit your lilo.conf file and shorten=20
the label of this kernel.  The label is too long for lilo, but not for=20
grub.

=2D--------------------------------------------------------------------

=2D-
Jesse Keating RHCE	(http://geek.j2solutions.net)
=46edora Legacy Team	(http://www.fedoralegacy.org)

- --Boundary-02=_QkNRArhR0rRuNlX
Content-Type: application/pgp-signature
Content-Description: signature

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQBARNkQ4v2HLvE71NURAhaqAJ42xouxNwANrFrG/awWDSxUoV2SKACfXh1i
UrkZEyuRnazEuOzGptx1OeU=
=G0/r
- -----END PGP SIGNATURE-----

- --Boundary-02=_QkNRArhR0rRuNlX--

------- End of Forwarded Message