RHSA-2004:255 - Security Advisory
kernel security update
Security Advisory: Important
Updated kernel packages for Red Hat Enterprise Linux 3 that fix security
vulnerabilities are now available.
The Linux kernel handles the basic functions of the operating system.
A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64
that allowed local users to cause a denial of service (system crash) by
triggering a signal handler with a certain sequence of fsave and frstor
instructions. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0554 to this issue.
Another flaw was discovered in an error path supporting the clone()
system call that allowed local users to cause a denial of service
(memory leak) by passing invalid arguments to clone() running in an
infinite loop of a user's program. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0427
to this issue.
Enhancements were committed to the 2.6 kernel by Al Viro which enabled the
Sparse source code checking tool to check for a certain class of kernel
bugs. A subset of these fixes also applies to various drivers in the 2.4
kernel. Although the majority of these resides in drivers unsupported in
Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or
access to kernel memory. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0495 to these issues.
All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum. These packages contain
backported patches to correct these issues.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
- BZ - 125794 - CAN-2004-0554 local user can get the kernel to hang
- BZ - 125901 - [PATCH] CAN-2004-0554: FPU exception handling local DoS
- BZ - 125968 - last RH kernel affected bug
- BZ - 126121 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel
Red Hat Enterprise Linux Server 3
Red Hat Enterprise Linux Workstation 3
Red Hat Enterprise Linux Desktop 3
Red Hat Enterprise Linux for IBM z Systems 3
Red Hat Enterprise Linux for Power, big endian 3