---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: New kernel 2.2 packages fix local vulnerabilities
Advisory ID: RHSA-2002:210-06
Issue date: 2002-09-23
Updated on: 2002-10-10
Product: Red Hat Linux
Keywords: elevated local root kernel
Cross references:
Obsoletes: RHSA-2001:142
---------------------------------------------------------------------
1. Topic:
Some potential local security vulnerabilities were found in the kernel
during code audits; these have been fixed in the 2.2.22 kernel.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64
Red Hat Linux 7.0 - alpha, i386, i586, i686
3. Problem description:
The Linux kernel handles the basic functions of the operating system. A
security code audit of the 2.2 kernel found a number of possible local
security vulnerabilities. These vulnerabilities could allow a local user
to obtain elevated (root) privileges.
Red Hat Linux 6.2 and 7.0 shipped with the 2.2 kernel and are both
vulnerable to these issues.
All Red Hat Linux users using the 2.2 kernel should upgrade to the errata
pacakages contaning the 2.2.22 kernel which are not vulnerable to these issues.
Many thanks to Silvio Cesare and Solar Designer for their work in
discovering these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
The procedure for upgrading the kernel is documented at:
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.
Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.
5. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.2.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-enterprise-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-smp-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-BOOT-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-utils-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-doc-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-headers-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-source-2.2.22-6.2.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/kernel-jensen-2.2.22-6.2.2.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.2.i386.rpm
i586:
ftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.2.i586.rpm
ftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.2.i586.rpm
i686:
ftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.2.i686.rpm
ftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.2.i686.rpm
ftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.2.i686.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.2.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-enterprise-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-smp-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-BOOT-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-utils-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-doc-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-source-2.2.22-7.0.2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/kernel-jensen-2.2.22-7.0.2.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.2.i386.rpm
i586:
ftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.2.i586.rpm
ftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.22-7.0.2.i586.rpm
i686:
ftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.2.i686.rpm
ftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.2.i686.rpm
ftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.22-7.0.2.i686.rpm
6. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
17d2896d2f7fb9b6fb63128593e44cf7 6.2/en/os/SRPMS/kernel-2.2.22-6.2.2.src.rpm
934a473b6149c31aab29ffeb55d1bb33 6.2/en/os/alpha/kernel-2.2.22-6.2.2.alpha.rpm
3078540160bbcb03a9b087b8d3f02797 6.2/en/os/alpha/kernel-BOOT-2.2.22-6.2.2.alpha.rpm
78ad15c3d6e79f40906f660f337a41cf 6.2/en/os/alpha/kernel-doc-2.2.22-6.2.2.alpha.rpm
df17f26a164abb1cc432a1601553c32c 6.2/en/os/alpha/kernel-enterprise-2.2.22-6.2.2.alpha.rpm
87d00fcd2b047605c3e6b2fcb2ed3550 6.2/en/os/alpha/kernel-headers-2.2.22-6.2.2.alpha.rpm
f1357fd71e421012e86d57f5b8403b49 6.2/en/os/alpha/kernel-jensen-2.2.22-6.2.2.alpha.rpm
d9848588d5b399e2e46dabef9dfa56a2 6.2/en/os/alpha/kernel-smp-2.2.22-6.2.2.alpha.rpm
2492a5eafc3a5369ee021f31acddc161 6.2/en/os/alpha/kernel-source-2.2.22-6.2.2.alpha.rpm
f7866cc49775c8cc041a99630a8ccd8f 6.2/en/os/alpha/kernel-utils-2.2.22-6.2.2.alpha.rpm
a8ed8ef5a2ab223ae3686b6c9332979d 6.2/en/os/i386/kernel-2.2.22-6.2.2.i386.rpm
415ee4e472766ff19818aa8f93959e06 6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.2.i386.rpm
f08d05768682829b67a96837135f5b3e 6.2/en/os/i386/kernel-doc-2.2.22-6.2.2.i386.rpm
e0e5f8eaaa90337287056ecdf61a1b85 6.2/en/os/i386/kernel-headers-2.2.22-6.2.2.i386.rpm
6f1c7eee03bdce33b41c45882786a90c 6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.2.i386.rpm
7fbb23912a3fff7d67bfff2fbb0e28af 6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.2.i386.rpm
d64f7291e28cbeef5606d66f33deb741 6.2/en/os/i386/kernel-smp-2.2.22-6.2.2.i386.rpm
a1daa9363e733e772e3d14821cc39379 6.2/en/os/i386/kernel-source-2.2.22-6.2.2.i386.rpm
265b166a208ad120483e90b0ddb1e150 6.2/en/os/i386/kernel-utils-2.2.22-6.2.2.i386.rpm
0b7f92ce29dff3dc44cef4cf5e7b739a 6.2/en/os/i586/kernel-2.2.22-6.2.2.i586.rpm
ddc59fcecc7d8c78f072bcb24cc81cc9 6.2/en/os/i586/kernel-smp-2.2.22-6.2.2.i586.rpm
256c8301d5ee1ddfe1835f52106fc8ae 6.2/en/os/i686/kernel-2.2.22-6.2.2.i686.rpm
9c5e0a7ef930677409e17b6874b0a64c 6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.2.i686.rpm
aa50bde6dbcfdccd105b094fb2a64b3e 6.2/en/os/i686/kernel-smp-2.2.22-6.2.2.i686.rpm
14c7af0e8c0d2eb4459e53457c711f6d 7.0/en/os/SRPMS/kernel-2.2.22-7.0.2.src.rpm
33b15c03cedaf29c677c11a4014c6fe0 7.0/en/os/alpha/kernel-2.2.22-7.0.2.alpha.rpm
d0384d7a4b6537aad8f998e121fdc413 7.0/en/os/alpha/kernel-BOOT-2.2.22-7.0.2.alpha.rpm
e1efc88a783d30235ee9772ec09e65da 7.0/en/os/alpha/kernel-doc-2.2.22-7.0.2.alpha.rpm
bacb622d69236a51609495cb6613ff37 7.0/en/os/alpha/kernel-enterprise-2.2.22-7.0.2.alpha.rpm
836ffa5d2975669d1e81e66586d48733 7.0/en/os/alpha/kernel-jensen-2.2.22-7.0.2.alpha.rpm
fc0ebba88dbbdf0af7ac00fda9f6dc64 7.0/en/os/alpha/kernel-smp-2.2.22-7.0.2.alpha.rpm
8bc6b2708e152fec14e9b1a1de0adfe1 7.0/en/os/alpha/kernel-source-2.2.22-7.0.2.alpha.rpm
fdb3a29828d1f7b5a2592940a11f2cb6 7.0/en/os/alpha/kernel-utils-2.2.22-7.0.2.alpha.rpm
c561988f01540db372bc01b8ae0c77d2 7.0/en/os/i386/kernel-2.2.22-7.0.2.i386.rpm
9d045b22d45c579b7482f6d748bc840a 7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.2.i386.rpm
1865fbcf74b3f91c0d2d57f1753b4a47 7.0/en/os/i386/kernel-doc-2.2.22-7.0.2.i386.rpm
3d3c946eba48ced9b4b652335e674786 7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.2.i386.rpm
e840ba8a42aabb575b5be7f76d03315f 7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.2.i386.rpm
179b363e1de74a4fc221efa8c65eb756 7.0/en/os/i386/kernel-smp-2.2.22-7.0.2.i386.rpm
24f087e27a87b1023bde1095e7319207 7.0/en/os/i386/kernel-source-2.2.22-7.0.2.i386.rpm
fb444ec4b89b911f08da0560d779836a 7.0/en/os/i386/kernel-utils-2.2.22-7.0.2.i386.rpm
3c5b3eb12bafd6b17763822194d662b6 7.0/en/os/i586/kernel-2.2.22-7.0.2.i586.rpm
d6ec7ae5f3f2b08df563c26f8143ec16 7.0/en/os/i586/kernel-smp-2.2.22-7.0.2.i586.rpm
815ea0a611884d4285d3e60ec64b689b 7.0/en/os/i686/kernel-2.2.22-7.0.2.i686.rpm
16d4f5bbc2360d2fdb6a662d0cf9b9cb 7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.2.i686.rpm
bc678bf0ce41901831fc585387a6d4d1 7.0/en/os/i686/kernel-smp-2.2.22-7.0.2.i686.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
7. References:
http://www.kernel.org/pub/linux/kernel/v2.2/ChangeLog-2.2.22
Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 03:43:20 PDT