Oval Definition:oval:com.redhat.rhsa:def:20040549
Revision Date:2004-12-02Version:502
Title:RHSA-2004:549: kernel security update (Important)
Description:The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues:

A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use thse flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CAN-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function in the Broadcom 5820 cryptonet driver. On systems using this driver, a local user could cause a denial of service (crash) or possibly gain elevated privileges. (CAN-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to 2.4.25 which could be triggered by a malformed binary. On architectures other than x86, a local user could create a malicious binary which could cause a denial of service (crash). (CAN-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0138
CVE-2004-0619
CVE-2004-0685
CVE-2004-0812
CVE-2004-0883
CVE-2004-0949
CVE-2004-1068
CVE-2004-1070
CVE-2004-1071
CVE-2004-1072
CVE-2004-1073
RHSA-2004:549-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • kernel-source is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-source is signed with Red Hat master key
  • OR
  • kernel is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel is signed with Red Hat master key
  • OR
  • kernel-doc is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-doc is signed with Red Hat master key
  • OR
  • kernel-hugemem-unsupported is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-hugemem-unsupported is signed with Red Hat master key
  • OR
  • kernel-hugemem is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-hugemem is signed with Red Hat master key
  • OR
  • kernel-BOOT is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-BOOT is signed with Red Hat master key
  • OR
  • kernel-smp-unsupported is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-smp-unsupported is signed with Red Hat master key
  • OR
  • kernel-unsupported is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-unsupported is signed with Red Hat master key
  • OR
  • kernel-smp is earlier than 0:2.4.21-20.0.1.EL
  • AND kernel-smp is signed with Red Hat master key
    • BACK