Updated kernel packages that fix several security issues are now available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386
3. Problem description:
These new kernel packages contain fixes for the security issues described below:
- a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185)
- a recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. (CVE-2004-0791)
- flaws in the coda module that allowed denial-of-service attacks (crashes) or local privilege escalations (CVE-2005-0124)
- a flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges (CVE-2005-1263)
- a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458)
- a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490)
- a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708)
- a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709)
- a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973)
- a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180)
- a flaw in the packet radio ROSE protocol that allowed a user to trigger out-of-bounds errors. (CVE-2005-3273)
- a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275)
- a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276)
- a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806)
- a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857)
All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh lt;packagegt;" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above.