RHSA-2003:103 - Security Advisory

Topic

Updated kernel packages are now available that fix a ptrace-related
vulnerability which can lead to elevated (root) privileges.

Description

The Linux kernel handles the basic functions of the operating system.
A vulnerability has been found in version 2.4.18 of the kernel.

This vulnerability allows a local user to gain elevated (root) privileges
without authorization.

All users should upgrade to these errata packages, which contain patches to
fix the vulnerability.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

The procedure for upgrading the kernel manually is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

Affected Products

• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

CVEs

• CVE-2003-0127

References

(none)