--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated kernel packages fix security issues Advisory ID: FLSA:157459-3 Issue date: 2006-03-16 Product: Fedora Core Keywords: Bugfix CVE Names: CVE-2002-2185 CVE-2005-0756 CVE-2005-1761 CVE-2005-1762 CVE-2005-1763 CVE-2005-0839 CVE-2005-0867 CVE-2005-0937 CVE-2005-0977 CVE-2005-1041 CVE-2005-1263 CVE-2005-1264 CVE-2005-1265 CVE-2005-1368 CVE-2005-1369 CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2555 CVE-2005-2458 CVE-2005-2490 CVE-2005-2492 CVE-2005-2709 CVE-2005-2800 CVE-2005-2801 CVE-2005-2872 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3106 CVE-2005-3109 CVE-2005-3110 CVE-2005-3180 CVE-2005-3181 CVE-2005-3274 CVE-2005-3275 CVE-2005-3276 CVE-2005-3356 CVE-2005-3358 CVE-2005-3784 CVE-2005-3805 CVE-2005-3806 CVE-2005-3807 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2006-0095 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated kernel packages that fix several security issues are now available. The Linux kernel handles the basic functions of the operating system. 2. Relevant releases/architectures: Fedora Core 2 - i386 3. Problem description: These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185) - flaws in ptrace() syscall handling on 64-bit systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763) - a flaw when setting the line discipline on a serial tty that allowed a local user to inject mouse movements or keystrokes when another user is logged in. (CVE-2005-0839) - an integer overflow flaw when writing to a sysfs file that allowed a local user to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CVE-2005-0867) - a flaw in the futex functions that allowed a local user to cause a denial of service (system crash). (CVE-2005-0937) - a flaw in the tmpfs file system that allowed a local user to cause a denial of service (system crash). (CVE-2005-0977) - a flaw in the fib_seq_start function that allowed a local user to cause a denial of service (system crash) via /proc/net/route. (CVE-2005-1041) - a flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges (CVE-2005-1263) - a flaw in the servicing of a raw device ioctl that allowed a local user who has access to raw devices to write to kernel memory and cause a denial of service or potentially gain privileges (CVE-2005-1264) - a flaw that prevented the topdown allocator from allocating mmap areas all the way down to address zero (CVE-2005-1265) - a flaw in the key_user_lookup function in security/keys/key.c that allowed a user to cause a denial of service (crash) (CVE-2005-1368) - a flaw in the it87 and via686a drivers in I2C that allowed a locl user to cause a denial of service (crash) (CVE-2005-1369) - flaws dealing with keyrings that could cause a local denial of service (CVE-2005-2098, CVE-2005-2099) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - a flaw in sendmsg() syscall handling that allowed a local user to cause a denial of service by altering hardware state (CVE-2005-2492) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800) - a xattr sharing bug in the ext2 and ext3 file systems that could cause default ACLs to disappear (CVE-2005-2801) - a flaw in the ipt_recent module on 64-bit architectures which could allow a remote denial of service (CVE-2005-2872) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044) - a flaw in the set_mempolicy system call that allowed a local user to cause a denial of service (system panic). (CVE-2005-3053) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109) - a race condition in the ebtables netfilter module that may allow remote attackers to cause a denial of service (crash) on a SMP system that is operating under a heavy load (CVE-2005-3110) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180) - a memory leak was found in the audit system that allowed an unprivileged local user to cause a denial of service. (CVE-2005-3181) - a race condition in ip_vs_conn_flush that allowed a local user to cause a denial of service (CVE-2005-3274) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784) - a flaw in the POSIX timer cleanup handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3805) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806) - a memory leak in the VFS file lease handling that allowed a local user to cause a denial of service (CVE-2005-3807) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605) - a memory disclosure flaw in dm-crypt that allowed a local user to obtain sensitive information about a cryptographic key (CVE-2006-0095) All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo) Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459 6. RPMs required: Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/kernel-2.6.10-2.3.legacy_FC2.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-doc-2.6.10-2.3.legacy_FC2.noarch.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-sourcecode-2.6.10-2.3.legacy_FC2.noarch.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i586.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i586.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i686.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i686.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 68999cdecf0bb3c6cda09edbe2cedd57fff709ad fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i586.rpm 85de0ac6c22acb127c7bfae0c8b6e8067fd60442 fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i686.rpm 631a71b16611758af3db18da17205422deb41c30 fedora/2/updates/i386/kernel-doc-2.6.10-2.3.legacy_FC2.noarch.rpm 6f5010188ca24a79d5fb6323a687c5cdc9611d24 fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i586.rpm 4beec907750088ff917855a7e5ec8a31bb752358 fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i686.rpm 1a33e38fa69b09fb80e6a5d334aad72e963820eb fedora/2/updates/i386/kernel-sourcecode-2.6.10-2.3.legacy_FC2.noarch.rpm 85eee44769a3a0ca55221b93d9386563798961a7 fedora/2/updates/SRPMS/kernel-2.6.10-2.3.legacy_FC2.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0977 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1265 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1369 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0095 9. Contact: The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature