RHSA-2006:0710-01 Important: kernel security update
Posted on: 10/19/2006 01:55 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2006:0710-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0710.html
Issue date: 2006-10-19
Updated on: 2006-10-19
Product: Red Hat Enterprise Linux
Keywords: taroon kernel security errata
Obsoletes: RHSA-2006:0437
CVE Names: CVE-2006-1864 CVE-2006-2071 CVE-2006-2935
CVE-2006-4342 CVE-2006-4997 CVE-2006-5174
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

* a flaw in the IPC shared-memory implementation that allowed a local user
to cause a denial of service (deadlock) that resulted in freezing the
system (CVE-2006-4342, Important)

* an information leak in the copy_from_user() implementation on s390 and
s390x platforms that allowed a local user to read arbitrary kernel memory
(CVE-2006-5174, Important)

* a flaw in the ATM subsystem affecting systems with installed ATM
hardware and configured ATM support that allowed a remote user to cause
a denial of service (panic) by accessing socket buffer memory after it
has been freed (CVE-2006-4997, Moderate)

* a directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via "..\\"
sequences (CVE-2006-1864, Moderate)

* a flaw in the mprotect system call that allowed enabling write permission
for a read-only attachment of shared memory (CVE-2006-2071, Moderate)

* a flaw in the DVD handling of the CDROM driver that could be used
together with a custom built USB device to gain root privileges
(CVE-2006-2935, Moderate)

In addition to the security issues described above, a bug fix for a clock
skew problem (which could lead to unintended keyboard repeat under X11)
was also included. The problem only occurred when running the 32-bit x86
kernel on 64-bit dual-core x86_64 hardware.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

169428 - repetitive keystroke issue on both RH3 U5 32bit and RH4 U1 32bit.
189436 - CVE-2006-1864 smbfs chroot issue
190074 - CVE-2006-2071 mprotect gives write permission to a readonly attachment
197672 - CVE-2006-2935 Possible buffer overflow in DVD handling
205618 - CVE-2006-4342 shmat hangs by simultaneous shmctl(IPC_RMID)
206270 - CVE-2006-4997 IP over ATM clip_mkip dereference freed pointer
209436 - CVE-2006-5174 copy_from_user information leak on s390

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-47.0.1.EL.src.rpm
fe57bb5ba14c1f2410b158ed5900f8af kernel-2.4.21-47.0.1.EL.src.rpm

i386:
0f313988a3b5ee1c13eef6ac33f90366 kernel-2.4.21-47.0.1.EL.athlon.rpm
69feb474be6b1bee161180ccc07891b6 kernel-2.4.21-47.0.1.EL.i686.rpm
cfeeab04ef806f0f067975b6d652053f kernel-BOOT-2.4.21-47.0.1.EL.i386.rpm
0b580ecfd116199f4dd8c92111e7af2d kernel-debuginfo-2.4.21-47.0.1.EL.athlon.rpm
584ac1201581a453f48da2d6bcb78e7c kernel-debuginfo-2.4.21-47.0.1.EL.i386.rpm
d72dca6f97c717b4ce0e7698016fcad4 kernel-debuginfo-2.4.21-47.0.1.EL.i686.rpm
6792b74295d0ece09cd1c108c9d8f23e kernel-doc-2.4.21-47.0.1.EL.i386.rpm
4ec2c0fa1fbf3017bdaf36c6ae8f75a3 kernel-hugemem-2.4.21-47.0.1.EL.i686.rpm
3617b38352971c71c64d5560db52b3ad kernel-hugemem-unsupported-2.4.21-47.0.1.EL.i686.rpm
51ae45ba954b3ff40f4f162c369fefbe kernel-smp-2.4.21-47.0.1.EL.athlon.rpm
e4cf369455f6ae40d67e29711bee6519 kernel-smp-2.4.21-47.0.1.EL.i686.rpm
91abcffc492b21a8953a2745ddbed3e2 kernel-smp-unsupported-2.4.21-47.0.1.EL.athlon.rpm
40510c2d3066d9b789ec669be6d70dfb kernel-smp-unsupported-2.4.21-47.0.1.EL.i686.rpm
cef35a37a7bc657f5e6989fa5e1b5d47 kernel-source-2.4.21-47.0.1.EL.i386.rpm
b0c04546c3d59e4d6646123d41ecdc35 kernel-unsupported-2.4.21-47.0.1.EL.athlon.rpm
49b1c869f5e57f0e4996d65f2af6abba kernel-unsupported-2.4.21-47.0.1.EL.i686.rpm

ia64:
47f0a4f327831bc6410334a6a4455e21 kernel-2.4.21-47.0.1.EL.ia64.rpm
0d06dd40f1920fc487a9f85e57de6234 kernel-debuginfo-2.4.21-47.0.1.EL.ia64.rpm
5c292c4491643ee45a1b97dcdbdd2847 kernel-doc-2.4.21-47.0.1.EL.ia64.rpm
bec034502e425f71d4283caffbce0b1b kernel-source-2.4.21-47.0.1.EL.ia64.rpm
1ba8b8f6b004e84ff7c14cdd240fa4bc kernel-unsupported-2.4.21-47.0.1.EL.ia64.rpm

ppc:
2f96672418b277c5e3a58dff0d68b029 kernel-2.4.21-47.0.1.EL.ppc64iseries.rpm
e85ec012314131b50d8fe46c682d358f kernel-2.4.21-47.0.1.EL.ppc64pseries.rpm
fbbfbb2d1a2527058dfae7b75f553c1c kernel-debuginfo-2.4.21-47.0.1.EL.ppc64.rpm
069b9d978dcf771836d6a779b0a1fe70 kernel-debuginfo-2.4.21-47.0.1.EL.ppc64iseries.rpm
b10dd5d39b92aa8a88e57f24c6f024af kernel-debuginfo-2.4.21-47.0.1.EL.ppc64pseries.rpm
2698e18f678563138bef3261dea9759f kernel-doc-2.4.21-47.0.1.EL.ppc64.rpm
9eab3900eb6956ae11be1ed1548d3153 kernel-source-2.4.21-47.0.1.EL.ppc64.rpm
157ccc0bdf87ed876355e55e94e3d43b kernel-unsupported-2.4.21-47.0.1.EL.ppc64iseries.rpm
782224ea0019ca9cef8a21540f5227d7 kernel-unsupported-2.4.21-47.0.1.EL.ppc64pseries.rpm

s390:
80aad86ed64d189d9ba16d2ec37c61d1 kernel-2.4.21-47.0.1.EL.s390.rpm
a256d51fa8ed3d633638717d86973351 kernel-debuginfo-2.4.21-47.0.1.EL.s390.rpm
0981d57893d93eb7c47dd52c4e5695b6 kernel-doc-2.4.21-47.0.1.EL.s390.rpm
d2d86901a3bb6ec15a5b52cdfefcb697 kernel-source-2.4.21-47.0.1.EL.s390.rpm
e0c0c89de07cf2e0958247eea2d7a6ec kernel-unsupported-2.4.21-47.0.1.EL.s390.rpm

s390x:
3b4e35b36335ff8464bd355c3e215c62 kernel-2.4.21-47.0.1.EL.s390x.rpm
98256fe095ed60fac7acb95786f2f825 kernel-debuginfo-2.4.21-47.0.1.EL.s390x.rpm
46853dab961b6f0259847c313bc2c74c kernel-doc-2.4.21-47.0.1.EL.s390x.rpm
f88b41322834d7de02030a79607748e8 kernel-source-2.4.21-47.0.1.EL.s390x.rpm
adfcb3d2981bf71d5684828d5c4bcdbe kernel-unsupported-2.4.21-47.0.1.EL.s390x.rpm

x86_64:
ff59e82c378d27a85273dfe2c2ecf198 kernel-2.4.21-47.0.1.EL.ia32e.rpm
3eac97481cabbf31b26b658d77ef3145 kernel-2.4.21-47.0.1.EL.x86_64.rpm
a7238213f3d21fedc7119cda744b5840 kernel-debuginfo-2.4.21-47.0.1.EL.ia32e.rpm
383b6deb766f4193d01f227486ff73bc kernel-debuginfo-2.4.21-47.0.1.EL.x86_64.rpm
66af96af71704aaaa39ad359dd641cd2 kernel-doc-2.4.21-47.0.1.EL.x86_64.rpm
95823cfe05beddc2de47ea0ddb87f2aa kernel-smp-2.4.21-47.0.1.EL.x86_64.rpm
502f7c42a96d3b40c09f4e708a326ca4 kernel-smp-unsupported-2.4.21-47.0.1.EL.x86_64.rpm
f76a70595a8cbbff038fdc83e8eb818a kernel-source-2.4.21-47.0.1.EL.x86_64.rpm
8e2e4813caec5884256374c62f823f7d kernel-unsupported-2.4.21-47.0.1.EL.ia32e.rpm
d0b7dda546e145208f4193b0e0d901bb kernel-unsupported-2.4.21-47.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-47.0.1.EL.src.rpm
fe57bb5ba14c1f2410b158ed5900f8af kernel-2.4.21-47.0.1.EL.src.rpm

i386:
0f313988a3b5ee1c13eef6ac33f90366 kernel-2.4.21-47.0.1.EL.athlon.rpm
69feb474be6b1bee161180ccc07891b6 kernel-2.4.21-47.0.1.EL.i686.rpm
cfeeab04ef806f0f067975b6d652053f kernel-BOOT-2.4.21-47.0.1.EL.i386.rpm
0b580ecfd116199f4dd8c92111e7af2d kernel-debuginfo-2.4.21-47.0.1.EL.athlon.rpm
584ac1201581a453f48da2d6bcb78e7c kernel-debuginfo-2.4.21-47.0.1.EL.i386.rpm
d72dca6f97c717b4ce0e7698016fcad4 kernel-debuginfo-2.4.21-47.0.1.EL.i686.rpm
6792b74295d0ece09cd1c108c9d8f23e kernel-doc-2.4.21-47.0.1.EL.i386.rpm
4ec2c0fa1fbf3017bdaf36c6ae8f75a3 kernel-hugemem-2.4.21-47.0.1.EL.i686.rpm
3617b38352971c71c64d5560db52b3ad kernel-hugemem-unsupported-2.4.21-47.0.1.EL.i686.rpm
51ae45ba954b3ff40f4f162c369fefbe kernel-smp-2.4.21-47.0.1.EL.athlon.rpm
e4cf369455f6ae40d67e29711bee6519 kernel-smp-2.4.21-47.0.1.EL.i686.rpm
91abcffc492b21a8953a2745ddbed3e2 kernel-smp-unsupported-2.4.21-47.0.1.EL.athlon.rpm
40510c2d3066d9b789ec669be6d70dfb kernel-smp-unsupported-2.4.21-47.0.1.EL.i686.rpm
cef35a37a7bc657f5e6989fa5e1b5d47 kernel-source-2.4.21-47.0.1.EL.i386.rpm
b0c04546c3d59e4d6646123d41ecdc35 kernel-unsupported-2.4.21-47.0.1.EL.athlon.rpm
49b1c869f5e57f0e4996d65f2af6abba kernel-unsupported-2.4.21-47.0.1.EL.i686.rpm

x86_64:
ff59e82c378d27a85273dfe2c2ecf198 kernel-2.4.21-47.0.1.EL.ia32e.rpm
3eac97481cabbf31b26b658d77ef3145 kernel-2.4.21-47.0.1.EL.x86_64.rpm
a7238213f3d21fedc7119cda744b5840 kernel-debuginfo-2.4.21-47.0.1.EL.ia32e.rpm
383b6deb766f4193d01f227486ff73bc kernel-debuginfo-2.4.21-47.0.1.EL.x86_64.rpm
66af96af71704aaaa39ad359dd641cd2 kernel-doc-2.4.21-47.0.1.EL.x86_64.rpm
95823cfe05beddc2de47ea0ddb87f2aa kernel-smp-2.4.21-47.0.1.EL.x86_64.rpm
502f7c42a96d3b40c09f4e708a326ca4 kernel-smp-unsupported-2.4.21-47.0.1.EL.x86_64.rpm
f76a70595a8cbbff038fdc83e8eb818a kernel-source-2.4.21-47.0.1.EL.x86_64.rpm
8e2e4813caec5884256374c62f823f7d kernel-unsupported-2.4.21-47.0.1.EL.ia32e.rpm
d0b7dda546e145208f4193b0e0d901bb kernel-unsupported-2.4.21-47.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-47.0.1.EL.src.rpm
fe57bb5ba14c1f2410b158ed5900f8af kernel-2.4.21-47.0.1.EL.src.rpm

i386:
0f313988a3b5ee1c13eef6ac33f90366 kernel-2.4.21-47.0.1.EL.athlon.rpm
69feb474be6b1bee161180ccc07891b6 kernel-2.4.21-47.0.1.EL.i686.rpm
cfeeab04ef806f0f067975b6d652053f kernel-BOOT-2.4.21-47.0.1.EL.i386.rpm
0b580ecfd116199f4dd8c92111e7af2d kernel-debuginfo-2.4.21-47.0.1.EL.athlon.rpm
584ac1201581a453f48da2d6bcb78e7c kernel-debuginfo-2.4.21-47.0.1.EL.i386.rpm
d72dca6f97c717b4ce0e7698016fcad4 kernel-debuginfo-2.4.21-47.0.1.EL.i686.rpm
6792b74295d0ece09cd1c108c9d8f23e kernel-doc-2.4.21-47.0.1.EL.i386.rpm
4ec2c0fa1fbf3017bdaf36c6ae8f75a3 kernel-hugemem-2.4.21-47.0.1.EL.i686.rpm
3617b38352971c71c64d5560db52b3ad kernel-hugemem-unsupported-2.4.21-47.0.1.EL.i686.rpm
51ae45ba954b3ff40f4f162c369fefbe kernel-smp-2.4.21-47.0.1.EL.athlon.rpm
e4cf369455f6ae40d67e29711bee6519 kernel-smp-2.4.21-47.0.1.EL.i686.rpm
91abcffc492b21a8953a2745ddbed3e2 kernel-smp-unsupported-2.4.21-47.0.1.EL.athlon.rpm
40510c2d3066d9b789ec669be6d70dfb kernel-smp-unsupported-2.4.21-47.0.1.EL.i686.rpm
cef35a37a7bc657f5e6989fa5e1b5d47 kernel-source-2.4.21-47.0.1.EL.i386.rpm
b0c04546c3d59e4d6646123d41ecdc35 kernel-unsupported-2.4.21-47.0.1.EL.athlon.rpm
49b1c869f5e57f0e4996d65f2af6abba kernel-unsupported-2.4.21-47.0.1.EL.i686.rpm

ia64:
47f0a4f327831bc6410334a6a4455e21 kernel-2.4.21-47.0.1.EL.ia64.rpm
0d06dd40f1920fc487a9f85e57de6234 kernel-debuginfo-2.4.21-47.0.1.EL.ia64.rpm
5c292c4491643ee45a1b97dcdbdd2847 kernel-doc-2.4.21-47.0.1.EL.ia64.rpm
bec034502e425f71d4283caffbce0b1b kernel-source-2.4.21-47.0.1.EL.ia64.rpm
1ba8b8f6b004e84ff7c14cdd240fa4bc kernel-unsupported-2.4.21-47.0.1.EL.ia64.rpm

x86_64:
ff59e82c378d27a85273dfe2c2ecf198 kernel-2.4.21-47.0.1.EL.ia32e.rpm
3eac97481cabbf31b26b658d77ef3145 kernel-2.4.21-47.0.1.EL.x86_64.rpm
a7238213f3d21fedc7119cda744b5840 kernel-debuginfo-2.4.21-47.0.1.EL.ia32e.rpm
383b6deb766f4193d01f227486ff73bc kernel-debuginfo-2.4.21-47.0.1.EL.x86_64.rpm
66af96af71704aaaa39ad359dd641cd2 kernel-doc-2.4.21-47.0.1.EL.x86_64.rpm
95823cfe05beddc2de47ea0ddb87f2aa kernel-smp-2.4.21-47.0.1.EL.x86_64.rpm
502f7c42a96d3b40c09f4e708a326ca4 kernel-smp-unsupported-2.4.21-47.0.1.EL.x86_64.rpm
f76a70595a8cbbff038fdc83e8eb818a kernel-source-2.4.21-47.0.1.EL.x86_64.rpm
8e2e4813caec5884256374c62f823f7d kernel-unsupported-2.4.21-47.0.1.EL.ia32e.rpm
d0b7dda546e145208f4193b0e0d901bb kernel-unsupported-2.4.21-47.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-47.0.1.EL.src.rpm
fe57bb5ba14c1f2410b158ed5900f8af kernel-2.4.21-47.0.1.EL.src.rpm

i386:
0f313988a3b5ee1c13eef6ac33f90366 kernel-2.4.21-47.0.1.EL.athlon.rpm
69feb474be6b1bee161180ccc07891b6 kernel-2.4.21-47.0.1.EL.i686.rpm
cfeeab04ef806f0f067975b6d652053f kernel-BOOT-2.4.21-47.0.1.EL.i386.rpm
0b580ecfd116199f4dd8c92111e7af2d kernel-debuginfo-2.4.21-47.0.1.EL.athlon.rpm
584ac1201581a453f48da2d6bcb78e7c kernel-debuginfo-2.4.21-47.0.1.EL.i386.rpm
d72dca6f97c717b4ce0e7698016fcad4 kernel-debuginfo-2.4.21-47.0.1.EL.i686.rpm
6792b74295d0ece09cd1c108c9d8f23e kernel-doc-2.4.21-47.0.1.EL.i386.rpm
4ec2c0fa1fbf3017bdaf36c6ae8f75a3 kernel-hugemem-2.4.21-47.0.1.EL.i686.rpm
3617b38352971c71c64d5560db52b3ad kernel-hugemem-unsupported-2.4.21-47.0.1.EL.i686.rpm
51ae45ba954b3ff40f4f162c369fefbe kernel-smp-2.4.21-47.0.1.EL.athlon.rpm
e4cf369455f6ae40d67e29711bee6519 kernel-smp-2.4.21-47.0.1.EL.i686.rpm
91abcffc492b21a8953a2745ddbed3e2 kernel-smp-unsupported-2.4.21-47.0.1.EL.athlon.rpm
40510c2d3066d9b789ec669be6d70dfb kernel-smp-unsupported-2.4.21-47.0.1.EL.i686.rpm
cef35a37a7bc657f5e6989fa5e1b5d47 kernel-source-2.4.21-47.0.1.EL.i386.rpm
b0c04546c3d59e4d6646123d41ecdc35 kernel-unsupported-2.4.21-47.0.1.EL.athlon.rpm
49b1c869f5e57f0e4996d65f2af6abba kernel-unsupported-2.4.21-47.0.1.EL.i686.rpm

ia64:
47f0a4f327831bc6410334a6a4455e21 kernel-2.4.21-47.0.1.EL.ia64.rpm
0d06dd40f1920fc487a9f85e57de6234 kernel-debuginfo-2.4.21-47.0.1.EL.ia64.rpm
5c292c4491643ee45a1b97dcdbdd2847 kernel-doc-2.4.21-47.0.1.EL.ia64.rpm
bec034502e425f71d4283caffbce0b1b kernel-source-2.4.21-47.0.1.EL.ia64.rpm
1ba8b8f6b004e84ff7c14cdd240fa4bc kernel-unsupported-2.4.21-47.0.1.EL.ia64.rpm

x86_64:
ff59e82c378d27a85273dfe2c2ecf198 kernel-2.4.21-47.0.1.EL.ia32e.rpm
3eac97481cabbf31b26b658d77ef3145 kernel-2.4.21-47.0.1.EL.x86_64.rpm
a7238213f3d21fedc7119cda744b5840 kernel-debuginfo-2.4.21-47.0.1.EL.ia32e.rpm
383b6deb766f4193d01f227486ff73bc kernel-debuginfo-2.4.21-47.0.1.EL.x86_64.rpm
66af96af71704aaaa39ad359dd641cd2 kernel-doc-2.4.21-47.0.1.EL.x86_64.rpm
95823cfe05beddc2de47ea0ddb87f2aa kernel-smp-2.4.21-47.0.1.EL.x86_64.rpm
502f7c42a96d3b40c09f4e708a326ca4 kernel-smp-unsupported-2.4.21-47.0.1.EL.x86_64.rpm
f76a70595a8cbbff038fdc83e8eb818a kernel-source-2.4.21-47.0.1.EL.x86_64.rpm
8e2e4813caec5884256374c62f823f7d kernel-unsupported-2.4.21-47.0.1.EL.ia32e.rpm
d0b7dda546e145208f4193b0e0d901bb kernel-unsupported-2.4.21-47.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5174
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFFN3VzXlSAg2UNWIIRAh2QAKCn5vgWiviudS3OQHjKoR4BoxWc3wCgmA/X
HrXdltG0ynoiQj+S8KEj2Vc=
=Y8xq
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060710_01_important_kernel_security_update.html)