Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Fedora Core 1: Updated kernel packages resolve security vulnerabilities
Posted by Philipp Esselbach on: 04/14/2004 11:20 AM [ Print | 0 comment(s) ]
An update kernel package has been released for Fedora Core 1
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-101
2004-04-14
---------------------------------------------------------------------
Name : kernel
Version : 2.4.22
Release : 1.2179.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.
Solar Designer from OpenWall discovered a minor information leak in the ext3 filesystem code due to the lack of initialization of journal descriptor blocks. This flaw has only minor security implications and exploitation requires privileged access to the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0133 to this issue.
These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue.
Additionally, additional hardening of the mremap function was applied to prevent a potential local denial of service attack.
The low latency patch applied in previous kernels has also been found to cause stability problems under certain conditions. It has been disabled in this update whilst further investigation occurs.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-101
2004-04-14
---------------------------------------------------------------------
Name : kernel
Version : 2.4.22
Release : 1.2179.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.
Solar Designer from OpenWall discovered a minor information leak in the ext3 filesystem code due to the lack of initialization of journal descriptor blocks. This flaw has only minor security implications and exploitation requires privileged access to the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0133 to this issue.
These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue.
Additionally, additional hardening of the mremap function was applied to prevent a potential local denial of service attack.
The low latency patch applied in previous kernels has also been found to cause stability problems under certain conditions. It has been disabled in this update whilst further investigation occurs.
---------------------------------------------------------------------
* Tue Apr 13 2004 Dave Jones davej@redhat.com
- mremap NULL pointer dereference fix
- Disable low latency patch, pending investigation into crashes.
- Additional r128 DRM check. (CAN-2004-0003)
- Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- Fix Information leak in EXT3 (CAN-2004-0133)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
9e0765301b215adcfbfb207fbde7f01c SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm
727bbfa24367eb2a602af7d502ca1ba3 i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm
e3af69505adeacc849653a1720cdd85a i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm
34f130838275872d22cef3a16491bfe1 i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm
0d5b4b7e87f9bf78cc2949c5cb04cb83 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm
6f2eeac856745d62204f2b74463aca2d i386/kernel-2.4.22-1.2179.nptl.i586.rpm
18440652776236d4de387022f6b12e92 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm
9db5f0316633462936ce6e18152d713d i386/kernel-2.4.22-1.2179.nptl.i686.rpm
7444996499d1c8513978b37762ce8edd i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm
73e9f302d5e1fd4e30a61212e9092fe3 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm
45d41d4338a62a10430058639dfaa2aa i386/kernel-2.4.22-1.2179.nptl.athlon.rpm
35995314b5df6c2babf90caf561fdabf i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm
7c3a503213ffb046caf4681ff3dcd1ca i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm
54b2796976b7549cc0a4134d78c7ad00 x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm
398362a0fb8d8e74973333b73227cb91 x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm
016feee2d5e018165c783383b814bc4d x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm
b437cc1e0d29a0fe3ac32f2212ca3901 x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm
163aa338fb7064ce15b5e2562b3d44d4 x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
* Tue Apr 13 2004 Dave Jones davej@redhat.com
- mremap NULL pointer dereference fix
- Disable low latency patch, pending investigation into crashes.
- Additional r128 DRM check. (CAN-2004-0003)
- Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- Fix Information leak in EXT3 (CAN-2004-0133)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
9e0765301b215adcfbfb207fbde7f01c SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm
727bbfa24367eb2a602af7d502ca1ba3 i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm
e3af69505adeacc849653a1720cdd85a i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm
34f130838275872d22cef3a16491bfe1 i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm
0d5b4b7e87f9bf78cc2949c5cb04cb83 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm
6f2eeac856745d62204f2b74463aca2d i386/kernel-2.4.22-1.2179.nptl.i586.rpm
18440652776236d4de387022f6b12e92 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm
9db5f0316633462936ce6e18152d713d i386/kernel-2.4.22-1.2179.nptl.i686.rpm
7444996499d1c8513978b37762ce8edd i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm
73e9f302d5e1fd4e30a61212e9092fe3 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm
45d41d4338a62a10430058639dfaa2aa i386/kernel-2.4.22-1.2179.nptl.athlon.rpm
35995314b5df6c2babf90caf561fdabf i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm
7c3a503213ffb046caf4681ff3dcd1ca i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm
54b2796976b7549cc0a4134d78c7ad00 x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm
398362a0fb8d8e74973333b73227cb91 x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm
016feee2d5e018165c783383b814bc4d x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm
b437cc1e0d29a0fe3ac32f2212ca3901 x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm
163aa338fb7064ce15b5e2562b3d44d4 x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Related Threads
09/29/2007 09:59 AM: Dual booting Fedora Core 5 with Windows XP Pro? (5) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff