From bugzilla@redhat.com Mon Nov 25 13:11:23 2002 From: bugzilla@redhat.com To: redhat-watch-list@redhat.com, redhat-announce-list@redhat.com Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com Date: Mon, 25 Nov 2002 12:43 -0500 Subject: [Full-Disclosure] [RHSA-2002:264-05] New kernel 2.2 packages fix local denial of service issue [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New kernel 2.2 packages fix local denial of service issue Advisory ID: RHSA-2002:264-05 Issue date: 2002-09-23 Updated on: 2002-11-25 Product: Red Hat Linux Keywords: bugtraq DoS Cross references: Obsoletes: RHSA-2002:210 --------------------------------------------------------------------- 1. Topic: The kernel in Red Hat Linux 6.2 and 7 is vulnerable to a local denial of service attack. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386, i586, i686 Red Hat Linux 7.0 - i386, i586, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A vulnerability in the Linux kernel has been discovered in which a non-root user can cause the machine to freeze. This kernel addresses the vulnerability. Note: This bug is specific to the x86 architecture kernels only, and does not affect other architectures. All users of Red Hat Linux 6.2 and 7 should upgrade to these errata packages, which are not vulnerable to this issue. Thanks go to Christopher Devine for reporting the vulnerability on bugtraq, and Petr Vandrovec for being the first to supply a fix to the community. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The procedure for upgrading the kernel is documented at: http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html Please read the directions for your architecture carefully before proceeding with the kernel upgrade. Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly on default configurations of up2date. 5. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm i586: ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm i686: ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.3.i386.rpm i586: ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.3.i586.rpm ftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.22-7.0.3.i586.rpm i686: ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.3.i686.rpm ftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.3.i686.rpm ftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.22-7.0.3.i686.rpm 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 8c93dac15cbb3162f4cde7c0c0de5643 6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm a9b510b4ffca3e7bf643a46f99ee749f 6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm 5c08d5ac6ffebde931cc924914bf4f10 6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm d417601fb70f93e159a10cf5a9e6e21b 6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm 436d4c050116d0feb910bd93307797f2 6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm 9c55348902c8a8f307be174c4602f59d 6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm 6d37e0e877ba6c7d812b56ab3019260e 6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm 36d0b2a93762e0f4f758bcd93e034312 6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm d8d77e393802a68aebf80e292522e16b 6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm c8d46df81889868d1faff01fca32b284 6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm cd23cad52c4cda6b5f07480cdf21ed3b 6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm 53a7a0043e0d31b144fd61bdaf11e187 6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm 93f87f2b9cfec1fd06529b6a28939d75 6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm c4fd6d256c39ebc4ea00806b5ab3d56a 6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm ff2017bb51f4d19572fde3f451d09dd1 6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm f82a5596f9b243dec8742963756c11ce 7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm ba432d1cde8294af402b86270b496d3b 7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm 63e83e11ea93f22f4640914b14defc64 7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm c11cc524a48dada56206b02f0c8a9425 7.0/en/os/i386/kernel-doc-2.2.22-7.0.3.i386.rpm d5c4579a9db0a2d8e8288b8a539dbfea 7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm cf201e8b3441f9a01799b89a8c748d0e 7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpm 1fc8a3891a20c03062eb8c369a62bfce 7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm 554eba6533979171920db4c933e8f0eb 7.0/en/os/i386/kernel-source-2.2.22-7.0.3.i386.rpm 3d42a527d8c3193d48e559f86a2ac710 7.0/en/os/i386/kernel-utils-2.2.22-7.0.3.i386.rpm d73578bf7c208e6e11b8f3d71dd5292f 7.0/en/os/i586/kernel-2.2.22-7.0.3.i586.rpm a528f8c13f296c12f063227606ffd7ff 7.0/en/os/i586/kernel-smp-2.2.22-7.0.3.i586.rpm b58bd6b9bd450fe76270f2187d740fea 7.0/en/os/i686/kernel-2.2.22-7.0.3.i686.rpm ca1fc2c95dd8e63a23507514889b9a8b 7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.3.i686.rpm 70d3da3e911ae417338701537044530d 7.0/en/os/i686/kernel-smp-2.2.22-7.0.3.i686.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: http://www.kernel.org/pub/linux/kernel/v2.2/ChangeLog-2.2.22 8. Contact: The Red Hat security contact is . More contact details at http://www.redhat.com/solutions/security/news/contact.html Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html