Fedora Update Notification
FEDORA-2004-101
2004-04-14
---------------------------------------------------------------------

Name        : kernel
Version     : 2.4.22                      
Release     : 1.2179.nptl                  
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code.
An attacker could create a malicious filesystem in such a way that they
could gain root privileges if that filesystem is mounted. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0109 to this issue.

Solar Designer from OpenWall discovered a minor information leak in the
ext3 filesystem code due to the lack of initialization of journal
descriptor blocks. This flaw has only minor security implications and
exploitation requires privileged access to the raw device. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0133 to this issue.

These packages also contain an updated fix with additional checks for
issues in the R128 Direct Render Infrastructure. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0003 to this issue.

Additionally, additional hardening of the mremap function was applied to
prevent a potential local denial of service attack.

The low latency patch applied in previous kernels has also been found
to cause stability problems under certain conditions. It has been disabled in
this update whilst further investigation occurs.

---------------------------------------------------------------------

* Tue Apr 13 2004 Dave Jones <davej@redhat.com>
- mremap NULL pointer dereference fix
- Disable low latency patch, pending investigation into crashes.
- Additional r128 DRM check. (CAN-2004-0003)
- Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- Fix Information leak in EXT3 (CAN-2004-0133)

---------------------------------------------------------------------
This update can be downloaded from:
    

9e0765301b215adcfbfb207fbde7f01c  SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm
727bbfa24367eb2a602af7d502ca1ba3  i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm
e3af69505adeacc849653a1720cdd85a  i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm
34f130838275872d22cef3a16491bfe1  i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm
0d5b4b7e87f9bf78cc2949c5cb04cb83  i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm
6f2eeac856745d62204f2b74463aca2d  i386/kernel-2.4.22-1.2179.nptl.i586.rpm
18440652776236d4de387022f6b12e92  i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm
9db5f0316633462936ce6e18152d713d  i386/kernel-2.4.22-1.2179.nptl.i686.rpm
7444996499d1c8513978b37762ce8edd  i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm
73e9f302d5e1fd4e30a61212e9092fe3  i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm
45d41d4338a62a10430058639dfaa2aa  i386/kernel-2.4.22-1.2179.nptl.athlon.rpm
35995314b5df6c2babf90caf561fdabf  i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm
7c3a503213ffb046caf4681ff3dcd1ca  i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm
54b2796976b7549cc0a4134d78c7ad00  x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm
398362a0fb8d8e74973333b73227cb91  x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm
016feee2d5e018165c783383b814bc4d  x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm
b437cc1e0d29a0fe3ac32f2212ca3901  x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm
163aa338fb7064ce15b5e2562b3d44d4  x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: kernel Multiple vulnerabilities 2004-101

April 14, 2004
This patch fixes a variety of buffer overflow and information leak vulnerabilities.

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of your

Fedora Core Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code.

An attacker could create a malicious filesystem in such a way that they

could gain root privileges if that filesystem is mounted. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name

CAN-2004-0109 to this issue.

Solar Designer from OpenWall discovered a minor information leak in the

ext3 filesystem code due to the lack of initialization of journal

descriptor blocks. This flaw has only minor security implications and

exploitation requires privileged access to the raw device. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name

CAN-2004-0133 to this issue.

These packages also contain an updated fix with additional checks for

issues in the R128 Direct Render Infrastructure. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name

CAN-2004-0003 to this issue.

Additionally, additional hardening of the mremap function was applied to

prevent a potential local denial of service attack.

The low latency patch applied in previous kernels has also been found

to cause stability problems under certain conditions. It has been disabled in

this update whilst further investigation occurs.

* Tue Apr 13 2004 Dave Jones <davej@redhat.com>

- mremap NULL pointer dereference fix

- Disable low latency patch, pending investigation into crashes.

- Additional r128 DRM check. (CAN-2004-0003)

- Bounds checking in ISO9660 filesystem. (CAN-2004-0109)

- Fix Information leak in EXT3 (CAN-2004-0133)

This update can be downloaded from:

9e0765301b215adcfbfb207fbde7f01c SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm

727bbfa24367eb2a602af7d502ca1ba3 i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm

e3af69505adeacc849653a1720cdd85a i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm

34f130838275872d22cef3a16491bfe1 i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm

0d5b4b7e87f9bf78cc2949c5cb04cb83 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm

6f2eeac856745d62204f2b74463aca2d i386/kernel-2.4.22-1.2179.nptl.i586.rpm

18440652776236d4de387022f6b12e92 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm

9db5f0316633462936ce6e18152d713d i386/kernel-2.4.22-1.2179.nptl.i686.rpm

7444996499d1c8513978b37762ce8edd i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm

73e9f302d5e1fd4e30a61212e9092fe3 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm

45d41d4338a62a10430058639dfaa2aa i386/kernel-2.4.22-1.2179.nptl.athlon.rpm

35995314b5df6c2babf90caf561fdabf i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm

7c3a503213ffb046caf4681ff3dcd1ca i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm

54b2796976b7549cc0a4134d78c7ad00 x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm

398362a0fb8d8e74973333b73227cb91 x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm

016feee2d5e018165c783383b814bc4d x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm

b437cc1e0d29a0fe3ac32f2212ca3901 x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm

163aa338fb7064ce15b5e2562b3d44d4 x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--

fedora-announce-list mailing list

fedora-announce-list@redhat.com

fedora-announce-list Info Page

Fedora Update Notification FEDORA-2004-101 2004-04-14 Name : kernel Version : 2.4.22 Release : 1.2179.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue. Solar Designer from OpenWall discovered a minor information leak in the ext3 filesystem code due to the lack of initialization of journal descriptor blocks. This flaw has only minor security implications and exploitation requires privileged access to the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0133 to this issue. These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue. Additionally, additional hardening of the mremap function was applied to prevent a potential local denial of service attack. The low latency patch applied in previous kernels has also been found to cause stability problems under certain conditions. It has been disabled in this update whilst further investigation occurs. * Tue Apr 13 2004 Dave Jones <davej@redhat.com> - mremap NULL pointer dereference fix - Disable low latency patch, pending investigation into crashes. - Additional r128 DRM check. (CAN-2004-0003) - Bounds checking in ISO9660 filesystem. (CAN-2004-0109) - Fix Information leak in EXT3 (CAN-2004-0133) This update can be downloaded from: 9e0765301b215adcfbfb207fbde7f01c SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm 727bbfa24367eb2a602af7d502ca1ba3 i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm e3af69505adeacc849653a1720cdd85a i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm 34f130838275872d22cef3a16491bfe1 i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm 0d5b4b7e87f9bf78cc2949c5cb04cb83 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm 6f2eeac856745d62204f2b74463aca2d i386/kernel-2.4.22-1.2179.nptl.i586.rpm 18440652776236d4de387022f6b12e92 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm 9db5f0316633462936ce6e18152d713d i386/kernel-2.4.22-1.2179.nptl.i686.rpm 7444996499d1c8513978b37762ce8edd i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm 73e9f302d5e1fd4e30a61212e9092fe3 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm 45d41d4338a62a10430058639dfaa2aa i386/kernel-2.4.22-1.2179.nptl.athlon.rpm 35995314b5df6c2babf90caf561fdabf i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm 7c3a503213ffb046caf4681ff3dcd1ca i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm 54b2796976b7549cc0a4134d78c7ad00 x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm 398362a0fb8d8e74973333b73227cb91 x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm 016feee2d5e018165c783383b814bc4d x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm b437cc1e0d29a0fe3ac32f2212ca3901 x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm 163aa338fb7064ce15b5e2562b3d44d4 x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -- fedora-announce-list mailing list fedora-announce-list@redhat.com fedora-announce-list Info Page

Change Log

References

Update Instructions

Severity
Name : kernel
Version : 2.4.22
Release : 1.2179.nptl
Summary : The Linux kernel (the core of the Linux operating system)

Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved