Fedora Core alert: Updated kernel packages resolve security vulnerabilities

Posted by dave on Apr 14, 2004 8:16 AM EDT
Mailing list; By Dave Jones <davej@redhat.com>
Mail this story
Print this story

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-101
2004-04-14
---------------------------------------------------------------------

Name : kernel Version : 2.4.22 Release : 1.2179.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.

Solar Designer from OpenWall discovered a minor information leak in the ext3 filesystem code due to the lack of initialization of journal descriptor blocks. This flaw has only minor security implications and exploitation requires privileged access to the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0133 to this issue.

These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue.

Additionally, additional hardening of the mremap function was applied to prevent a potential local denial of service attack.

The low latency patch applied in previous kernels has also been found to cause stability problems under certain conditions. It has been disabled in this update whilst further investigation occurs.

---------------------------------------------------------------------

* Tue Apr 13 2004 Dave Jones - mremap NULL pointer dereference fix - Disable low latency patch, pending investigation into crashes. - Additional r128 DRM check. (CAN-2004-0003) - Bounds checking in ISO9660 filesystem. (CAN-2004-0109) - Fix Information leak in EXT3 (CAN-2004-0133)

--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

9e0765301b215adcfbfb207fbde7f01c SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm 727bbfa24367eb2a602af7d502ca1ba3 i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm e3af69505adeacc849653a1720cdd85a i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm 34f130838275872d22cef3a16491bfe1 i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm 0d5b4b7e87f9bf78cc2949c5cb04cb83 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm 6f2eeac856745d62204f2b74463aca2d i386/kernel-2.4.22-1.2179.nptl.i586.rpm 18440652776236d4de387022f6b12e92 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm 9db5f0316633462936ce6e18152d713d i386/kernel-2.4.22-1.2179.nptl.i686.rpm 7444996499d1c8513978b37762ce8edd i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm 73e9f302d5e1fd4e30a61212e9092fe3 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm 45d41d4338a62a10430058639dfaa2aa i386/kernel-2.4.22-1.2179.nptl.athlon.rpm 35995314b5df6c2babf90caf561fdabf i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm 7c3a503213ffb046caf4681ff3dcd1ca i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm 54b2796976b7549cc0a4134d78c7ad00 x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm 398362a0fb8d8e74973333b73227cb91 x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm 016feee2d5e018165c783383b814bc4d x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm b437cc1e0d29a0fe3ac32f2212ca3901 x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm 163aa338fb7064ce15b5e2562b3d44d4 x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------

-- fedora-announce-list mailing list [e-mail:fedora-announce-list@redhat.com] http://www.redhat.com/mailman/listinfo/fedora-announce-list

[PARSEASHTML]

  Nav
» Read more about: Story Type: Security; Groups: Fedora

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.