RHSA-2006:0140-01 Important: kernel security update
Posted on: 01/19/2006 07:12 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2006:0140-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0140.html
Issue date: 2006-01-19
Updated on: 2006-01-19
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2005:663
CVE Names: CVE-2002-2185 CVE-2004-1057 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3044 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- - a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast reports)
if the system is running multicast applications (CVE-2002-2185, moderate)

- - a flaw in remap_page_range() with O_DIRECT writes that allowed a local
user to cause a denial of service (crash) (CVE-2004-1057, important)

- - a flaw in exec() handling on some 64-bit architectures that allowed
a local user to cause a denial of service (crash) (CVE-2005-2708, important)

- - a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709, moderate)

- - a flaw in IPv6 network UDP port hash table lookups that allowed a local
user to cause a denial of service (hang) (CVE-2005-2973, important)

- - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044, important)

- - a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180, important)

- - a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275, important)

- - a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806, important)

- - a flaw in network ICMP processing that allowed a local user to cause
a denial of service (memory exhaustion) (CVE-2005-3848, important)

- - a flaw in file lease time-out handling that allowed a local user to cause
a denial of service (log file overflow) (CVE-2005-3857, moderate)

- - a flaw in network IPv6 xfrm handling that allowed a local user to
cause a denial of service (memory exhaustion) (CVE-2005-3858, important)

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

137820 - CVE-2004-1057 VM_IO refcount issue
161925 - CVE-2005-2708 user code panics kernel in exec.c
168661 - CVE-2005-3044 lost fput could lead to DoS
168925 - CVE-2005-2709 More sysctl flaws
170278 - CVE-2005-3180 orinoco driver information leakage
170774 - CVE-2005-2973 ipv6 infinite loop
171386 - CVE-2005-3275 NAT DoS
174082 - CVE-2005-3806 ipv6 DOS
174338 - CVE-2005-3857 lease printk DoS
174344 - CVE-2005-3858 ip6_input_finish DoS
174347 - CVE-2005-3848 dst_entry leak DoS
174808 - CVE-2002-2185 IGMP DoS


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm
8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

ia64:
08e68cea214530406cac348d2f9263f7 kernel-2.4.21-37.0.1.EL.ia64.rpm
8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm
5d93447ebf637cb3ce59ed6a860f3913 kernel-source-2.4.21-37.0.1.EL.ia64.rpm
df5ef4f8aed639e36b1c306aa1818eb2 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm

ppc:
a0cf3be5ad486a13a925b0e06730e8cd kernel-2.4.21-37.0.1.EL.ppc64iseries.rpm
0e64cd084da06531c4e9b1d1b3ced207 kernel-2.4.21-37.0.1.EL.ppc64pseries.rpm
d21d3acee3e6cbcde9c62454336f5f5f kernel-doc-2.4.21-37.0.1.EL.ppc64.rpm
8044137f4adbe9d0c93919af49839e01 kernel-source-2.4.21-37.0.1.EL.ppc64.rpm
1d19870581d879f9d0d4c9978091c6c3 kernel-unsupported-2.4.21-37.0.1.EL.ppc64iseries.rpm
a0250e2b0f9ac93a7c568e7389f53457 kernel-unsupported-2.4.21-37.0.1.EL.ppc64pseries.rpm

s390:
ca591a86b393f36885041d4a3cd82a53 kernel-2.4.21-37.0.1.EL.s390.rpm
3788cd512b7fa6b577e500a2ee4d1fef kernel-doc-2.4.21-37.0.1.EL.s390.rpm
44beedbe1d9e82aed2f73d6f814ec653 kernel-source-2.4.21-37.0.1.EL.s390.rpm
7ced947293d4682682b067b61c387e7c kernel-unsupported-2.4.21-37.0.1.EL.s390.rpm

s390x:
bacb4aab55a2166d2c9ea53a3512a646 kernel-2.4.21-37.0.1.EL.s390x.rpm
9cadb9c025c5d1c43c4b52bd7c3cdd62 kernel-doc-2.4.21-37.0.1.EL.s390x.rpm
dea19dae65c362aa5f811f32ee00763e kernel-source-2.4.21-37.0.1.EL.s390x.rpm
f16374ee1d14e8002225d84ae462dba1 kernel-unsupported-2.4.21-37.0.1.EL.s390x.rpm

x86_64:
fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm
8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

x86_64:
fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm
8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

ia64:
08e68cea214530406cac348d2f9263f7 kernel-2.4.21-37.0.1.EL.ia64.rpm
8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm
5d93447ebf637cb3ce59ed6a860f3913 kernel-source-2.4.21-37.0.1.EL.ia64.rpm
df5ef4f8aed639e36b1c306aa1818eb2 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm

x86_64:
fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm
8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm

i386:
c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm
c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm
29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm
d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm
8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm
c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm
61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm
1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm
fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm

ia64:
08e68cea214530406cac348d2f9263f7 kernel-2.4.21-37.0.1.EL.ia64.rpm
8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm
5d93447ebf637cb3ce59ed6a860f3913 kernel-source-2.4.21-37.0.1.EL.ia64.rpm
df5ef4f8aed639e36b1c306aa1818eb2 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm

x86_64:
fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm
3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm
9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm
2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm
4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm
3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm
471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm
6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDz7vBXlSAg2UNWIIRAr2zAJ9CBtvW3d8n7U5/Sc1f4s4twEHfTACcDN+w
q9igH2/tHH+WYLqhm5aamTw=
£fb
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060140_01_important_kernel_security_update.html)