drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme im Kernel
Name: |
Mehrere Probleme im Kernel |
|
ID: |
FLSA:157459-1 |
|
Distribution: |
Fedora Legacy |
|
Plattformen: |
Red Hat Linux 7.3, Red Hat Linux 9 |
|
Datum: |
Fr, 17. März 2006, 02:01 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857 |
|
Applikationen: |
Linux |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============1115735113== Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=------------enigDBF38F88F8496A58BDE54D3C
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDBF38F88F8496A58BDE54D3C Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
--------------------------------------------------------------------- Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues Advisory ID: FLSA:157459-1 Issue date: 2006-03-16 Product: Red Hat Linux Keywords: Bugfix CVE Names: CVE-2002-2185 CVE-2004-0791 CVE-2005-0124 CVE-2005-1263 CVE-2005-2458 CVE-2005-2490 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3180 CVE-2005-3273 CVE-2005-3275 CVE-2005-3276 CVE-2005-3806 CVE-2005-3857 ---------------------------------------------------------------------
--------------------------------------------------------------------- 1. Topic:
Updated kernel packages that fix several security issues are now available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386
3. Problem description:
These new kernel packages contain fixes for the security issues described below:
- a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185)
- a recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. (CVE-2004-0791)
- flaws in the coda module that allowed denial-of-service attacks (crashes) or local privilege escalations (CVE-2005-0124)
- a flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges (CVE-2005-1263)
- a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458)
- a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490)
- a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708)
- a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709)
- a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973)
- a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180)
- a flaw in the packet radio ROSE protocol that allowed a user to trigger out-of-bounds errors. (CVE-2005-3273)
- a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275)
- a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276)
- a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806)
- a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857)
All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
6. RPMs required:
Red Hat Linux 7.3:
SRPM: kernel-2.4.20-46.7.legacy.src.rpm
i386: kernel-2.4.20-46.7.legacy.i386.rpm kernel-BOOT-2.4.20-46.7.legacy.i386.rpm kernel-doc-2.4.20-46.7.legacy.i386.rpm kernel-source-2.4.20-46.7.legacy.i386.rpm kernel-2.4.20-46.7.legacy.i586.rpm kernel-smp-2.4.20-46.7.legacy.i586.rpm kernel-2.4.20-46.7.legacy.i686.rpm kernel-bigmem-2.4.20-46.7.legacy.i686.rpm kernel-smp-2.4.20-46.7.legacy.i686.rpm kernel-2.4.20-46.7.legacy.athlon.rpm kernel-smp-2.4.20-46.7.legacy.athlon.rpm
Red Hat Linux 9:
SRPM: kernel-2.4.20-46.9.legacy.src.rpm
i386: kernel-2.4.20-46.9.legacy.i386.rpm kernel-BOOT-2.4.20-46.9.legacy.i386.rpm kernel-doc-2.4.20-46.9.legacy.i386.rpm kernel-source-2.4.20-46.9.legacy.i386.rpm kernel-2.4.20-46.9.legacy.i586.rpm kernel-smp-2.4.20-46.9.legacy.i586.rpm kernel-2.4.20-46.9.legacy.i686.rpm kernel-bigmem-2.4.20-46.9.legacy.i686.rpm kernel-smp-2.4.20-46.9.legacy.i686.rpm kernel-2.4.20-46.9.legacy.athlon.rpm kernel-smp-2.4.20-46.9.legacy.athlon.rpm
7. Verification:
SHA1 sum Package Name ---------------------------------------------------------------------
13d96ec3b350e2fe08a0b2daea0fbc903b55dba6 redhat/7.3/updates/i386/kernel-2.4.20-46.7.legacy.athlon.rpm dd2a0de51955f130914b97e54002999398594e78 redhat/7.3/updates/i386/kernel-2.4.20-46.7.legacy.i386.rpm c2a33858f1863b5aa8fc61812620bd538416eec1 redhat/7.3/updates/i386/kernel-2.4.20-46.7.legacy.i586.rpm 82f9abe5137fe60c379e54ed4c30102e77a3d7ce redhat/7.3/updates/i386/kernel-2.4.20-46.7.legacy.i686.rpm 2b7d00492c0bdd1c42f8e1fd60c69aa06d2af5b2 redhat/7.3/updates/i386/kernel-bigmem-2.4.20-46.7.legacy.i686.rpm 18b774d3bbe7bc2c3b1326b31cf653fc4ec3dd02 redhat/7.3/updates/i386/kernel-BOOT-2.4.20-46.7.legacy.i386.rpm 53e150d66bcd19881e6d3375b3921cbdcc19f9da redhat/7.3/updates/i386/kernel-doc-2.4.20-46.7.legacy.i386.rpm 8451d90ea0f882cc95635eac07ad794fe3a80b73 redhat/7.3/updates/i386/kernel-smp-2.4.20-46.7.legacy.athlon.rpm 70cbb1233156b94cb7adf05a9a60932bdebd01a7 redhat/7.3/updates/i386/kernel-smp-2.4.20-46.7.legacy.i586.rpm df9078043ff5fb7a46de6c664c6009d1a17591d3 redhat/7.3/updates/i386/kernel-smp-2.4.20-46.7.legacy.i686.rpm d41ae5e41700ea15838560c1ab4cff28b405ebc6 redhat/7.3/updates/i386/kernel-source-2.4.20-46.7.legacy.i386.rpm 21f35ccaf8e57e440c3019b34feb9d9505400b35 redhat/7.3/updates/SRPMS/kernel-2.4.20-46.7.legacy.src.rpm
109e959e391c02665c2683714476641b512b1d2a redhat/9/updates/i386/kernel-2.4.20-46.9.legacy.athlon.rpm bf329aff38c0cc9c6976994ba8b4fecf23f9a842 redhat/9/updates/i386/kernel-2.4.20-46.9.legacy.i386.rpm c805fe8f45b96104ad70e1886bd46de107dee452 redhat/9/updates/i386/kernel-2.4.20-46.9.legacy.i586.rpm 8bd381c660a26da151afbd1e3fc732b83c2becc4 redhat/9/updates/i386/kernel-2.4.20-46.9.legacy.i686.rpm 70e9a8644eee9902c0d19ebf6b73b382909f178b redhat/9/updates/i386/kernel-bigmem-2.4.20-46.9.legacy.i686.rpm d6f9e20636ac96af35f9c001b51b0be121aed44f redhat/9/updates/i386/kernel-BOOT-2.4.20-46.9.legacy.i386.rpm f6c3109670d2cea5c47f78f1852ad28764ac5f4f redhat/9/updates/i386/kernel-doc-2.4.20-46.9.legacy.i386.rpm 4c6803f8075e975ce898fabd55cc1534db98e0e8 redhat/9/updates/i386/kernel-smp-2.4.20-46.9.legacy.athlon.rpm 79c7bda4bfe36807fdd4144146e728ffe20e1a9a redhat/9/updates/i386/kernel-smp-2.4.20-46.9.legacy.i586.rpm 833c41272f7836354359194344de076e566c7eb4 redhat/9/updates/i386/kernel-smp-2.4.20-46.9.legacy.i686.rpm f56721c762dcf68d1021213cae598765d53b710f redhat/9/updates/i386/kernel-source-2.4.20-46.9.legacy.i386.rpm 665d140e5dacf04a703408634be6619e6878112a redhat/9/updates/SRPMS/kernel-2.4.20-46.9.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
--------------enigDBF38F88F8496A58BDE54D3C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux)
iD8DBQFEGghKLMAs/0C4zNoRAmDwAJwK0YLGB/QXCpjrNddMQRI4GtbqeQCgimUE zesLL/Z7SoPI6PCJCwttbP4= =H0G7 -----END PGP SIGNATURE-----
--------------enigDBF38F88F8496A58BDE54D3C--
--===============1115735113== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- Fedora-legacy-announce mailing list Fedora-legacy-announce@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-announce --===============1115735113==--
|
|
|
|