Updated kernel packages that fix several security issues are now available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386
3. Problem description:
These new kernel packages contain fixes for the security issues described below:
- a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185)
- a recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. (CVE-2004-0791)
- flaws in the coda module that allowed denial-of-service attacks (crashes) or local privilege escalations (CVE-2005-0124)
- a flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges (CVE-2005-1263)
- a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458)
- a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490)
- a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708)
- a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709)
- a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973)
- a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180)
- a flaw in the packet radio ROSE protocol that allowed a user to trigger out-of-bounds errors. (CVE-2005-3273)
- a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275)
- a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276)
- a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806)
- a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857)
All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh lt;packagegt;" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above.