__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Red Hat 3 Kernel Update [Red Hat Advisory RHSA-2006:0140 (Issued 01-19-06)] January 19, 2006 17:00 GMT Number Q-102 ______________________________________________________________________________ PROBLEM: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. PLATFORM: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) DAMAGE: Several security flaws have been fixed, including a vulnerability that potentially allows a local user to gain privileges or cause a denial of service. SOLUTION: Apply the available update. ______________________________________________________________________________ VULNERABILITY The risk is LOW. May allow a local user to cause a DoS or ASSESSMENT: potentially gain privileges. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/Q-102.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0140.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2002-2185 CVE-2004-1057 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3044 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 ______________________________________________________________________________ [***** Start Red Hat Advisory RHSA-2006:0140 (Issued 01-19-06) *****] Important: kernel security update Advisory: RHSA-2006:0140-9 Type: Security Advisory Issued on: 2006-01-19 Last updated on: 2006-01-19 Affected Products: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) CVEs (cve.mitre.org): CVE-2002-2185 CVE-2004-1057 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3044 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 Details Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. Solution Before applying this update, make sure that all previously released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Updated packages Red Hat Desktop (v. 3) ------------------------------------------------------------------------------- - SRPMS: kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e IA-32: kernel-2.4.21-37.0.1.EL.athlon.rpm c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.i686.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-doc-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.i686.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-source-2.4.21-37.0.1.EL.i386.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm fe7b99cc532c6f87251b7acb1c874755 x86_64: kernel-2.4.21-37.0.1.EL.ia32e.rpm fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.x86_64.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 6da82d4b8685ce8f1868c2699467e502 Red Hat Enterprise Linux AS (v. 3) ------------------------------------------------------------------------------- - SRPMS: kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e IA-32: kernel-2.4.21-37.0.1.EL.athlon.rpm c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.i686.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-doc-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.i686.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-source-2.4.21-37.0.1.EL.i386.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm fe7b99cc532c6f87251b7acb1c874755 IA-64: kernel-2.4.21-37.0.1.EL.ia64.rpm 08e68cea214530406cac348d2f9263f7 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm 8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-source-2.4.21-37.0.1.EL.ia64.rpm 5d93447ebf637cb3ce59ed6a860f3913 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm df5ef4f8aed639e36b1c306aa1818eb2 PPC: kernel-2.4.21-37.0.1.EL.ppc64iseries.rpm a0cf3be5ad486a13a925b0e06730e8cd kernel-2.4.21-37.0.1.EL.ppc64pseries.rpm 0e64cd084da06531c4e9b1d1b3ced207 kernel-doc-2.4.21-37.0.1.EL.ppc64.rpm d21d3acee3e6cbcde9c62454336f5f5f kernel-source-2.4.21-37.0.1.EL.ppc64.rpm 8044137f4adbe9d0c93919af49839e01 kernel-unsupported-2.4.21-37.0.1.EL.ppc64iseries.rpm 1d19870581d879f9d0d4c9978091c6c3 kernel-unsupported-2.4.21-37.0.1.EL.ppc64pseries.rpm a0250e2b0f9ac93a7c568e7389f53457 s390: kernel-2.4.21-37.0.1.EL.s390.rpm ca591a86b393f36885041d4a3cd82a53 kernel-doc-2.4.21-37.0.1.EL.s390.rpm 3788cd512b7fa6b577e500a2ee4d1fef kernel-source-2.4.21-37.0.1.EL.s390.rpm 44beedbe1d9e82aed2f73d6f814ec653 kernel-unsupported-2.4.21-37.0.1.EL.s390.rpm 7ced947293d4682682b067b61c387e7c s390x: kernel-2.4.21-37.0.1.EL.s390x.rpm bacb4aab55a2166d2c9ea53a3512a646 kernel-doc-2.4.21-37.0.1.EL.s390x.rpm 9cadb9c025c5d1c43c4b52bd7c3cdd62 kernel-source-2.4.21-37.0.1.EL.s390x.rpm dea19dae65c362aa5f811f32ee00763e kernel-unsupported-2.4.21-37.0.1.EL.s390x.rpm f16374ee1d14e8002225d84ae462dba1 x86_64: kernel-2.4.21-37.0.1.EL.ia32e.rpm fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.x86_64.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 6da82d4b8685ce8f1868c2699467e502 Red Hat Enterprise Linux ES (v. 3) ------------------------------------------------------------------------------- - SRPMS: kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e IA-32: kernel-2.4.21-37.0.1.EL.athlon.rpm c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.i686.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-doc-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.i686.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-source-2.4.21-37.0.1.EL.i386.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm fe7b99cc532c6f87251b7acb1c874755 IA-64: kernel-2.4.21-37.0.1.EL.ia64.rpm 08e68cea214530406cac348d2f9263f7 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm 8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-source-2.4.21-37.0.1.EL.ia64.rpm 5d93447ebf637cb3ce59ed6a860f3913 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm df5ef4f8aed639e36b1c306aa1818eb2 x86_64: kernel-2.4.21-37.0.1.EL.ia32e.rpm fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.x86_64.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 6da82d4b8685ce8f1868c2699467e502 Red Hat Enterprise Linux WS (v. 3) ------------------------------------------------------------------------------- - SRPMS: kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e IA-32: kernel-2.4.21-37.0.1.EL.athlon.rpm c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.i686.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-doc-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.i686.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-source-2.4.21-37.0.1.EL.i386.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm fe7b99cc532c6f87251b7acb1c874755 IA-64: kernel-2.4.21-37.0.1.EL.ia64.rpm 08e68cea214530406cac348d2f9263f7 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm 8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-source-2.4.21-37.0.1.EL.ia64.rpm 5d93447ebf637cb3ce59ed6a860f3913 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm df5ef4f8aed639e36b1c306aa1818eb2 x86_64: kernel-2.4.21-37.0.1.EL.ia32e.rpm fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.x86_64.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 6da82d4b8685ce8f1868c2699467e502 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 137820 - CVE-2004-1057 VM_IO refcount issue 161925 - CVE-2005-2708 user code panics kernel in exec.c 168661 - CVE-2005-3044 lost fput could lead to DoS 168925 - CVE-2005-2709 More sysctl flaws 170278 - CVE-2005-3180 orinoco driver information leakage 170774 - CVE-2005-2973 ipv6 infinite loop 171386 - CVE-2005-3275 NAT DoS 174082 - CVE-2005-3806 ipv6 DOS 174338 - CVE-2005-3857 lease printk DoS 174344 - CVE-2005-3858 ip6_input_finish DoS 174347 - CVE-2005-3848 dst_entry leak DoS 174808 - CVE-2002-2185 IGMP DoS References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858 Keywords errata, kernel, security, taroon ------------------------------------------------------------------------------- - These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat Advisory RHSA-2006:0140 (Issued 01-19-06) *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-092: xpdf Buffer Overflows Q-093: libapache2-mod-auth-pgsql Q-094: auth_ldap Security Update Q-095: Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution Q-096: Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution Q-097: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Q-098: Ethereal Security Update Q-099: Red Hat 4 Kernel Update Q-100: Oracle Critical Patch Update Q-101: Cisco Call Manager Privilege Escalation