Red Hat Product Errata RHSA-2003:147 - Security Advisory
Issued:
2003-05-29
Updated:
2003-05-29

RHSA-2003:147 - Security Advisory

Synopsis

kernel security update

Type/Severity

Security Advisory: Important

Topic

These updated kernel packages address security vulnerabilites, including
two possible data corruption scenarios. In addition, a number of
drivers have been updated, improvements made to system performance, and
various issues have been resolved.

Description

The Linux kernel handles the basic functions of the operating system.

Two potential data corruption scenarios have been identified. These
scenarios can occur under heavy, complex I/O loads.

The first scenario only occurs while performing memory mapped file I/O,
where the file is simultaneously unlinked and the corresponding file blocks
reallocated. Furthermore, the memory mapped must be to a partial page at
the end of a file on an ext3 file system. As such, Red Hat considers this
scenario unlikely.

The second scenario was exhibited in systems with more than 4 GB of memory
with a storage controller capable of block device DMA above 4GB (64-bit
DMA). By restricting storage drivers to 32-bit DMA, the problem was
resolved. Prior to this errata, the SCSI subsystem was already restricted
to 32-bit DMA; this errata extends the restriction to block drivers as
well. The change consists of disabling 64-bit DMA in the cciss driver
(the HP SA5xxx and SA6xxx RAID controllers). The performance implications
of this change to the cciss driver are minimal.

In addition, the following security vulnerabilities have been addressed:

A flaw was found in several hash table implementations in the kernel
networking code. A remote attacker sending packets with carefully
chosen, forged source addresses could potentially cause every routing
cache entry to be hashed into the same hash chain. As a result, the kernel
would use a disproportionate amount of processor time to deal
with the new packets, leading to a remote denial-of-service (DoS) attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0244 to this issue.

A flaw was also found in the "ioperm" system call, which fails to properly
restrict privileges. This flaw can allow an unprivileged local user to gain
read and write access to I/O ports on the system. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0246 to this issue.

In addition, the following drivers have been updated to the versions indicated:

  • aacraid: 0.9.9ac6-TEST
  • qlogic qla2100, qla2200, qla2300: 6.04.01
  • aic7xxx_mod: 6.2.30 and aic79xx: 1.3.4
  • ips: v6.00.26
  • cpqfc: 2.1.2
  • fusion: 2.05.00
  • e100: 2.2.21-k1
  • e1000: 5.0.43-k1, and added netdump support
  • natsemi: 1.07+LK1.0.17
  • cciss: 2.4.45.
  • cpqarray: 2.4.26

If the system is configured to use alternate drivers, we recommend applying
the kudzu errata RHEA-2003:132 prior to updating the kernel.

A number of edge conditions in the virtual memory system have been
identified and resolved. These included the elimination of memory
allocation failures occuring when the system had not depleted all of the
physical memory. This would typically lead to process creation and network
driver failures, and general performance degradation. Additional memory
reclamation improvements were introduced to further smooth out the natural
system performance degradation that occur under memory exhaustion conditions.

In addition, the latest summit patches have been included.

All users should upgrade to these errata packages, which address these issues.

Solution

Release notes, driver notes, and driver disks for this update are available
at the following URL:

http://www.redhat.com/support/errata/rhel/

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

The procedure for upgrading the kernel manually is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

Affected Products

  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 2 i386

Fixes

  • BZ - 83764 - [Pensacola Update] QLogic v6.04.00b8 driver needed
  • BZ - 85211 - USB CDROM crashes with dd on IBM Bladecenter
  • BZ - 85397 - System hang with heavy memory using apps
  • BZ - 86531 - request to export brw_kvec_async() for use in ocfs
  • BZ - 86567 - nfs_refresh_inode: inode number mismatch

References

(none)

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.