- Issued:
- 2005-04-19
- Updated:
- 2005-08-09
RHSA-2005:366 - Security Advisory
Synopsis
kernel security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated kernel packages that fix several security issues are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
[Updated 9 August 2005]
The advisory text has been updated to show that this update fixed the
security issue named CAN-2005-0210 but not CAN-2005-0209. The issue
CAN-2005-0209 was actually fixed by RHSA-2005:420. No changes have been
made to the packages associated with this advisory.
Description
The Linux kernel handles the basic functions of the operating system.
A flaw in the fib_seq_start function was discovered. A local user could use
this flaw to cause a denial of service (system crash) via /proc/net/route.
(CAN-2005-1041)
A flaw in the tmpfs file system was discovered. A local user could use this
flaw to cause a denial of service (system crash). (CAN-2005-0977)
An integer overflow flaw was found when writing to a sysfs file. A local
user could use this flaw to overwrite kernel memory, causing a denial of
service (system crash) or arbitrary code execution. (CAN-2005-0867)
Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A
local user could use this flaw to cause a denial of service (system crash)
on Itanium architectures. (CAN-2005-0135)
A flaw in the NFS client O_DIRECT error case handling was discovered. A
local user could use this flaw to cause a denial of service (system crash).
(CAN-2005-0207)
A small memory leak when defragmenting local packets was discovered that
affected the Linux 2.6 kernel netfilter subsystem. A local user could send
a large number of carefully crafted fragments leading to memory exhaustion
(CAN-2005-0210)
A flaw was discovered in the Linux PPP driver. On systems allowing remote
users to connect to a server using ppp, a remote client could cause a
denial of service (system crash). (CAN-2005-0384)
A flaw was discovered in the ext2 file system code. When a new directory is
created, the ext2 block written to disk is not initialized, which could
lead to an information leak if a disk image is made available to
unprivileged users. (CAN-2005-0400)
A flaw in fragment queuing was discovered that affected the Linux kernel
netfilter subsystem. On systems configured to filter or process network
packets (e.g. firewalling), a remote attacker could send a carefully
crafted set of fragmented packets to a machine and cause a denial of
service (system crash). In order to sucessfully exploit this flaw, the
attacker would need to know or guess some aspects of the firewall ruleset
on the target system. (CAN-2005-0449)
A number of flaws were found in the Linux 2.6 kernel. A local user could
use these flaws to read kernel memory or cause a denial of service (crash).
(CAN-2005-0529, CAN-2005-0530, CAN-2005-0531)
An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A
local user could use this flaw to overwrite low kernel memory. This memory
is usually unused, not usually resulting in a security consequence.
(CAN-2005-0736)
A flaw when freeing a pointer in load_elf_library was discovered. A local
user could potentially use this flaw to cause a denial of service (crash).
(CAN-2005-0749)
A flaw was discovered in the bluetooth driver system. On systems where the
bluetooth modules are loaded, a local user could use this flaw to gain
elevated (root) privileges. (CAN-2005-0750)
A race condition was discovered that affected the Radeon DRI driver. A
local user who has DRI privileges on a Radeon graphics card may be able to
use this flaw to gain root privileges. (CAN-2005-0767)
Multiple range checking flaws were discovered in the iso9660 file system
handler. An attacker could create a malicious file system image which would
cause a denial or service or potentially execute arbitrary code if mounted.
(CAN-2005-0815)
A flaw was discovered when setting line discipline on a serial tty. A local
user may be able to use this flaw to inject mouse movements or keystrokes
when another user is logged in. (CAN-2005-0839)
Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.
Please note that
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 147468 - CAN-2005-0449 Possible remote Oops/firewall bypass - kABI breaker
- BZ - 148868 - CAN-2005-0135 ia64 local DoS
- BZ - 148878 - CAN-2005-0207 nfs client O_DIRECT oops
- BZ - 149466 - CAN-2005-0529 Sign handling issues on v2.6 (CAN-2005-0530 CAN-2005-0531)
- BZ - 149589 - CAN-2005-0209 netfilter SKB problem
- BZ - 151240 - CAN-2005-0384 pppd remote DoS
- BZ - 151249 - CAN-2005-0736 epoll overflow
- BZ - 151902 - CAN-2005-0767 drm race in radeon
- BZ - 152177 - CAN-2005-0750 bluetooth security flaw
- BZ - 152399 - CAN-2005-0400 ext2 mkdir() directory entry random kernel memory leak
- BZ - 152405 - CAN-2005-0815 isofs range checking flaws
- BZ - 152410 - CAN-2005-0749 load_elf_library possible DoS
- BZ - 152417 - CAN-2005-0839 N_MOUSE line discipline flaw
- BZ - 152561 - CAN-2005-0977 tmpfs truncate bug
- BZ - 154219 - CAN-2005-0867 sysfs signedness problem
- BZ - 154551 - CAN-2005-1041 crash while reading /proc/net/route
CVEs
References
(none)
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| kernel-2.6.9-5.0.5.EL.src.rpm | SHA-256: b95914c5dcef83133a100322bdc3f95ffdb30612f91ff8118425cf158376dae9 |
| x86_64 | |
| kernel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: 1bd5220bdec084beec2172c74085f23596104d95cbf9993db2c9670a9d92c55c |
| kernel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: 1bd5220bdec084beec2172c74085f23596104d95cbf9993db2c9670a9d92c55c |
| kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: e9a5bc393beb0e3423139f1cad845a87765e2347dd5d3105da2ec34f2d9a0a90 |
| kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: e9a5bc393beb0e3423139f1cad845a87765e2347dd5d3105da2ec34f2d9a0a90 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: d43d99c71b3a7c650e8ff242a89ffa96b8857eb8040eafa59bcdbaaea591264b |
| kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: d43d99c71b3a7c650e8ff242a89ffa96b8857eb8040eafa59bcdbaaea591264b |
| kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: a1df7232a68bdcab4567c01237134d2d7bd9a238b2d1719340dc9af78fab5cae |
| kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: a1df7232a68bdcab4567c01237134d2d7bd9a238b2d1719340dc9af78fab5cae |
| ia64 | |
| kernel-2.6.9-5.0.5.EL.ia64.rpm | SHA-256: 821130c9ff9f87ce10563b7c0209e504305eac6e63d3f5171e4eebb87639b083 |
| kernel-2.6.9-5.0.5.EL.ia64.rpm | SHA-256: 821130c9ff9f87ce10563b7c0209e504305eac6e63d3f5171e4eebb87639b083 |
| kernel-devel-2.6.9-5.0.5.EL.ia64.rpm | SHA-256: b5a7031d80907afa013404e617a7d3e87226da1f2c84d434e96a3b0df61cd563 |
| kernel-devel-2.6.9-5.0.5.EL.ia64.rpm | SHA-256: b5a7031d80907afa013404e617a7d3e87226da1f2c84d434e96a3b0df61cd563 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| i386 | |
| kernel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: d6a0bd0b33ff160c65af1290f91ec5e38f4f274dd87895fc637ce25c8854849d |
| kernel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: d6a0bd0b33ff160c65af1290f91ec5e38f4f274dd87895fc637ce25c8854849d |
| kernel-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 8bdbb08533d8baabd3e7ddca915b8ffb189c1ec91b26b5ed0ebfb183ec2e1699 |
| kernel-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 8bdbb08533d8baabd3e7ddca915b8ffb189c1ec91b26b5ed0ebfb183ec2e1699 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 5d30fc474a6a45c618f4cf508e5a34ebc177531eae29fb30f3fbc54c5fdf56e7 |
| kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 5d30fc474a6a45c618f4cf508e5a34ebc177531eae29fb30f3fbc54c5fdf56e7 |
| kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 0ede11d5e005c2d20966519ef2ce9eb85f04a1ce9424ea65aaa261f54607e3eb |
| kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 0ede11d5e005c2d20966519ef2ce9eb85f04a1ce9424ea65aaa261f54607e3eb |
| kernel-smp-2.6.9-5.0.5.EL.i686.rpm | SHA-256: e6c3f3ed952e9c8193a0903ec3366e86d2acd2cf60e6c4721e188b1786c3a1a7 |
| kernel-smp-2.6.9-5.0.5.EL.i686.rpm | SHA-256: e6c3f3ed952e9c8193a0903ec3366e86d2acd2cf60e6c4721e188b1786c3a1a7 |
| kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 9e9c621cd7cddd78940b86b2dfac3f11fb9f0502c8ab4642eed045df4f01e2cb |
| kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 9e9c621cd7cddd78940b86b2dfac3f11fb9f0502c8ab4642eed045df4f01e2cb |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| kernel-2.6.9-5.0.5.EL.src.rpm | SHA-256: b95914c5dcef83133a100322bdc3f95ffdb30612f91ff8118425cf158376dae9 |
| x86_64 | |
| kernel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: 1bd5220bdec084beec2172c74085f23596104d95cbf9993db2c9670a9d92c55c |
| kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: e9a5bc393beb0e3423139f1cad845a87765e2347dd5d3105da2ec34f2d9a0a90 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: d43d99c71b3a7c650e8ff242a89ffa96b8857eb8040eafa59bcdbaaea591264b |
| kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: a1df7232a68bdcab4567c01237134d2d7bd9a238b2d1719340dc9af78fab5cae |
| ia64 | |
| kernel-2.6.9-5.0.5.EL.ia64.rpm | SHA-256: 821130c9ff9f87ce10563b7c0209e504305eac6e63d3f5171e4eebb87639b083 |
| kernel-devel-2.6.9-5.0.5.EL.ia64.rpm | SHA-256: b5a7031d80907afa013404e617a7d3e87226da1f2c84d434e96a3b0df61cd563 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| i386 | |
| kernel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: d6a0bd0b33ff160c65af1290f91ec5e38f4f274dd87895fc637ce25c8854849d |
| kernel-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 8bdbb08533d8baabd3e7ddca915b8ffb189c1ec91b26b5ed0ebfb183ec2e1699 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 5d30fc474a6a45c618f4cf508e5a34ebc177531eae29fb30f3fbc54c5fdf56e7 |
| kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 0ede11d5e005c2d20966519ef2ce9eb85f04a1ce9424ea65aaa261f54607e3eb |
| kernel-smp-2.6.9-5.0.5.EL.i686.rpm | SHA-256: e6c3f3ed952e9c8193a0903ec3366e86d2acd2cf60e6c4721e188b1786c3a1a7 |
| kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 9e9c621cd7cddd78940b86b2dfac3f11fb9f0502c8ab4642eed045df4f01e2cb |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| kernel-2.6.9-5.0.5.EL.src.rpm | SHA-256: b95914c5dcef83133a100322bdc3f95ffdb30612f91ff8118425cf158376dae9 |
| x86_64 | |
| kernel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: 1bd5220bdec084beec2172c74085f23596104d95cbf9993db2c9670a9d92c55c |
| kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: e9a5bc393beb0e3423139f1cad845a87765e2347dd5d3105da2ec34f2d9a0a90 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: d43d99c71b3a7c650e8ff242a89ffa96b8857eb8040eafa59bcdbaaea591264b |
| kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm | SHA-256: a1df7232a68bdcab4567c01237134d2d7bd9a238b2d1719340dc9af78fab5cae |
| i386 | |
| kernel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: d6a0bd0b33ff160c65af1290f91ec5e38f4f274dd87895fc637ce25c8854849d |
| kernel-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 8bdbb08533d8baabd3e7ddca915b8ffb189c1ec91b26b5ed0ebfb183ec2e1699 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 5d30fc474a6a45c618f4cf508e5a34ebc177531eae29fb30f3fbc54c5fdf56e7 |
| kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 0ede11d5e005c2d20966519ef2ce9eb85f04a1ce9424ea65aaa261f54607e3eb |
| kernel-smp-2.6.9-5.0.5.EL.i686.rpm | SHA-256: e6c3f3ed952e9c8193a0903ec3366e86d2acd2cf60e6c4721e188b1786c3a1a7 |
| kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm | SHA-256: 9e9c621cd7cddd78940b86b2dfac3f11fb9f0502c8ab4642eed045df4f01e2cb |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| kernel-2.6.9-5.0.5.EL.src.rpm | SHA-256: b95914c5dcef83133a100322bdc3f95ffdb30612f91ff8118425cf158376dae9 |
| s390x | |
| kernel-2.6.9-5.0.5.EL.s390x.rpm | SHA-256: 935c6df31d9e332fbb54ca6b72d776efb80c0daac496cf3a7233b7aeee913b81 |
| kernel-devel-2.6.9-5.0.5.EL.s390x.rpm | SHA-256: 4e50fc76f3f23395f67e0ec9099709d4dc8bc744886dc4c721c1bc98f65cae93 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
| s390 | |
| kernel-2.6.9-5.0.5.EL.s390.rpm | SHA-256: 4ae7c4e68bb0b064dcb88657cc13a2a8b7df0bfede0184d3de070812cf70b2a5 |
| kernel-devel-2.6.9-5.0.5.EL.s390.rpm | SHA-256: 286ba496a11d02695ea2fe51a5a3ad954bb6fac7b45dbeb8e9fb74e72c36100a |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| kernel-2.6.9-5.0.5.EL.src.rpm | SHA-256: b95914c5dcef83133a100322bdc3f95ffdb30612f91ff8118425cf158376dae9 |
| ppc | |
| kernel-2.6.9-5.0.5.EL.ppc64.rpm | SHA-256: 24aa0e9d169c77007585360e212c2cb8262883989bc093127cdd6bff6b208e05 |
| kernel-2.6.9-5.0.5.EL.ppc64iseries.rpm | SHA-256: 2893a4a79ff96c72e69cf54084bacb4da8f8bd851a90dfd01480aa2cb779b375 |
| kernel-devel-2.6.9-5.0.5.EL.ppc64.rpm | SHA-256: 9768f57be66eac66eaa0aa5a02c7edb1dd9cb488438a3c56f3fd48712e1ab7f0 |
| kernel-devel-2.6.9-5.0.5.EL.ppc64iseries.rpm | SHA-256: 130ec0e593c5e95eb020256c6be5e60ceae320070f58dab95943278a43b5b0c2 |
| kernel-doc-2.6.9-5.0.5.EL.noarch.rpm | SHA-256: 2991c9a24704b84b2ef84e2be7aaed4bbb10783573e70340b3a8b82bb2d0a802 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.