Login
Newsletter
Werbung

Sicherheit: Fehler bei 64-Bit-Dateizeigern im Kernel (Fedora Core 1)
Aktuelle Meldungen Distributionen
Name: Fehler bei 64-Bit-Dateizeigern im Kernel (Fedora Core 1)
ID: FEDORA-2004-251
Distribution: Fedora
Plattformen: Fedora Core 1
Datum: Di, 10. August 2004, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0415
Applikationen: Linux

Originalnachricht

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-251
2004-08-10
---------------------------------------------------------------------

Product : Fedora Core 1
Name : kernel
Version : 2.4.22
Release : 1.2199.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

Paul Starzetz discovered flaws in the Linux kernel when handling file offset
pointers. These consist of invalid conversions of 64 to 32-bit file offset
pointers and possible race conditions. A local unprivileged user could make
use of these flaws to access large portions of kernel memory. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0415 to this issue.

These packages contain a patch written by Al Viro to correct these flaws.
Red Hat would like to thank iSEC Security Research for disclosing this issue
and a number of vendor-sec participants for reviewing and working on the
patch to this issue.

Additionally, a number of issues were fixed in the USB serial code.

References:
http://www.isec.pl/vulnerabilities/isec-0016-procleaks.txt
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415

---------------------------------------------------------------------

* Wed Aug 04 2004 Dave Jones <davej@redhat.com>
- Fix various fpos races. (CAN-2004-0415)

* Wed Jul 07 2004 Dave Jones <davej@redhat.com>
- Updates to usbserial post_helper (Pete Zaitcev)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

990abbc3a23ceb0dad35dcf86a9f22bd SRPMS/kernel-2.4.22-1.2199.nptl.src.rpm
09a7dc7a6acc6dd91b5c5870fc0c2215 x86_64/kernel-2.4.22-1.2199.nptl.x86_64.rpm
3ddc71af11ce37ef2e45a24e82e2b3e9
x86_64/kernel-source-2.4.22-1.2199.nptl.x86_64.rpm
4c25c4633ea124cb13c983c4426aeb2c
x86_64/kernel-doc-2.4.22-1.2199.nptl.x86_64.rpm
e60c0a0d1974f55a1c6d391f277ac811
x86_64/kernel-smp-2.4.22-1.2199.nptl.x86_64.rpm
b5e8570da6b93c2778c007b5252a2cab
x86_64/debug/kernel-debuginfo-2.4.22-1.2199.nptl.x86_64.rpm
0235c05043346ac36fe34e7aa6d7981e
i386/kernel-source-2.4.22-1.2199.nptl.i386.rpm
4761cf2c7322ec44fa6fa177ac17a075 i386/kernel-doc-2.4.22-1.2199.nptl.i386.rpm
51784ae484de03f848ae9036100f3c3b i386/kernel-BOOT-2.4.22-1.2199.nptl.i386.rpm
fd796c7a0a4b8d95c4b4970b66ff24ab
i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i386.rpm
ae0865018027dd9805e1c6ed31d2ad5c i386/kernel-2.4.22-1.2199.nptl.i586.rpm
5b87410e6d21d49ffd9007b7c495e094 i386/kernel-smp-2.4.22-1.2199.nptl.i586.rpm
75cf98521b45187a13fce4fa2246181e
i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i586.rpm
37382d2ff7beb3873032270e290c8bd0 i386/kernel-2.4.22-1.2199.nptl.i686.rpm
e1d1d064c83af617d57018f820e52e92 i386/kernel-smp-2.4.22-1.2199.nptl.i686.rpm
e87f2192c4ccb72a82ae6042b203fcf0
i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i686.rpm
3ab11ad24807b682f375a640c9040688 i386/kernel-2.4.22-1.2199.nptl.athlon.rpm
d1d18eab4c48cd0e5857dd8775344d49 i386/kernel-smp-2.4.22-1.2199.nptl.athlon.rpm
5068d9d87ab03dff7a9a1b14ce35cfaf
i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung