Sicherheit: Änderung der Gruppen-ID von Dateien über NFS (Fedora Core 1) - Pro-Linux

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-206
2004-07-02
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : kernel
Version     : 2.4.22                      
Release     : 1.2197.nptl                  
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

During an audit of the Linux kernel, SUSE discovered a flaw that allowed
a user to make unauthorized changes to the group ID of files in certain
circumstances. In the 2.4 kernel, as shipped with Fedora Core 1,
the only way this could happen is through the kernel nfs server.
A user on a system that mounted a remote file system from a vulnerable
machine may be able to make unauthorized changes to the group ID of
exported files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0497 to this issue.
Only Fedora Core 1 systems that are configured to share
file systems via NFS are affected by this issue.

Additionally, a number of issues were discovered with the
Broadcom 5820 driver.  Until such time that these get fixed,
this driver has been disabled.

All Fedora Core 1 users are advised to upgrade their kernels
to the packages associated with their machine architectures
and configurations as listed in this erratum. 

---------------------------------------------------------------------

* Thu Jul 01 2004 Dave Jones <davej@redhat.com>
- add patch to fix missing checks in fchown() (CAN-2004-0497)
- Drop Broadcom 5820 driver due to code quality concerns.

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

9d303e5e6bda698672e3d9274630f86b  SRPMS/kernel-2.4.22-1.2197.nptl.src.rpm
aa17fd9d6bf88cb20355eb45855c7026  x86_64/kernel-2.4.22-1.2197.nptl.x86_64.rpm
6f42217560a8c5718c5040c95470c7a8 
 x86_64/kernel-source-2.4.22-1.2197.nptl.x86_64.rpm
e19d0db68e3e15de06fa4c252f72950d 
 x86_64/kernel-doc-2.4.22-1.2197.nptl.x86_64.rpm
98dc01524f331c576bbb436480e4a8d3 
 x86_64/kernel-smp-2.4.22-1.2197.nptl.x86_64.rpm
84b55d061f75b21e5b837e0d211c23a9 
 x86_64/debug/kernel-debuginfo-2.4.22-1.2197.nptl.x86_64.rpm
d8f4bdcd2a5aef5e60f7714bff05dcf8 
 i386/kernel-source-2.4.22-1.2197.nptl.i386.rpm
98a44c401959987426881aae30566dc2  i386/kernel-doc-2.4.22-1.2197.nptl.i386.rpm
da2e94a04b59edaa454947399cf889bf  i386/kernel-BOOT-2.4.22-1.2197.nptl.i386.rpm
c3c750518bf104dcb178e792e2927161 
 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i386.rpm
48d8221d15eb2b2d09d13ecb3847bad5  i386/kernel-2.4.22-1.2197.nptl.i586.rpm
b857ebaa612ad48573ae9ee7c667f0fa  i386/kernel-smp-2.4.22-1.2197.nptl.i586.rpm
40499e136cdfbe4d58451daa39a81bab 
 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i586.rpm
431d3550413295808eefeffcd793ad52  i386/kernel-2.4.22-1.2197.nptl.i686.rpm
99d9da265e66d15741afcd1f44f98c54  i386/kernel-smp-2.4.22-1.2197.nptl.i686.rpm
81f8631fbb8f822f129b3d14d53d8a38 
 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.i686.rpm
26cc9efb9f0ff9049e57c911488ec6ec  i386/kernel-2.4.22-1.2197.nptl.athlon.rpm
a6a63f1a26335dc6fa409b65f17dae0e  i386/kernel-smp-2.4.22-1.2197.nptl.athlon.rpm
841fe8ee4aac6a664512e558fca7f857 
 i386/debug/kernel-debuginfo-2.4.22-1.2197.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list