RHSA-2007:0938 - Security Advisory

Topic

Updated kernel packages that fix a security issue in the Red Hat Enterprise
Linux 3 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The Linux kernel handles the basic functions of the operating system.

A flaw was found in ia32 emulation affecting users running 64-bit versions
of Red Hat Enterprise Linux on x86_64 architectures. A local user could
use this flaw to gain elevated privileges. (CVE-2007-4573).

Red Hat would like to thank Wojciech Purczynski for reporting this issue.

Red Hat Enterprise Linux 3 users are advised to upgrade to these packages,
which contain a backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

• BZ - 294541 - CVE-2007-4573 x86_64 syscall vulnerability

CVEs

• CVE-2007-4573

References

• http://www.redhat.com/security/updates/classification/#important