RHSA-2004:105 - Security Advisory

Topic

Updated kernel packages that fix a security vulnerability which may allow
local users to gain root privileges are now available.

Description

The Linux kernel handles the basic functions of the operating
system.

This kernel updates several drivers and fixes a number of bugs, including a
potential security vulnerability.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code.
An attacker could create a malicious filesystem in such a way that root
privileges may be obtained if the filesystem is mounted. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0109 to this issue.

The following drivers were updated:

LSI megaraid2 v2.10.1.1
IBM Serveraid v. 6.11.07
MPT Fusion v.2.05.11.03

All users are advised to upgrade to these errata packages, which contain
a backported security patch that corrects this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Affected Products

• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

• BZ - 70607 - Oops in get_filesystem_info due to lack of locking
• BZ - 77839 - Assert failure in transaction.c:1224: "!jh->b_committed_data
• BZ - 90209 - only 2 processors of 4 seen on SE7505VB2
• BZ - 101365 - Additions to drivers/scsi/scsi_scan.c
• BZ - 101738 - mprotect areas not cleaned up
• BZ - 102692 - Crash with bigpages and ssh shared mem usage
• BZ - 106448 - GRUB failing to install on recent HP DL servers with cciss RAID controllers
• BZ - 111250 - tg3 driver fails to autonegotiate correctly
• BZ - 111342 - get_parition_list can loose disks
• BZ - 111672 - RHEL 2.1 U4 - Need latest Adaptec ServeRAID fix for IA64 for IBM only.
• BZ - 111680 - fix /proc/$PID/cmdline issue
• BZ - 112006 - [PATCH] BUG() from __remove_inode_page
• BZ - 112021 - {PATCH] cciss driver change: SCSI prefetch
• BZ - 112057 - RHEL 3 U2: update megaraid2 to version 2.10.x
• BZ - 112108 - I/O mem bug fix
• BZ - 112130 - RHEL 2.1 U4: update cciss driver
• BZ - 112177 - blkdev_varyio is exported as a GPL only on RHEL 2.1 U4
• BZ - 112722 - ethtool crashes with segmentation fault for tg3 driver
• BZ - 113738 - [PATCH] updated megaraid2 driver (2.10.1)
• BZ - 113900 - RHEL 2.1 U4: Update mptfusion (LSI U320) driver to 2.05.10 or newest.
• BZ - 114053 - [PATCH] file append not working when nfs mounted with nfs_uncached_io
• BZ - 115061 - [PATCH] rhel 2.1 will need to pick up the cyclone-lpj-fix
• BZ - 118496 - updates to scsi_scan.c in RH EL 2.1 Update 4
• BZ - 119303 - oops when using the ipt_redirect module
• BZ - 120029 - CAN-2004-0109 kernel iso9660 buffer overflow

CVEs

• CVE-2004-0109

References

(none)