RedHatRHSA-2004:689(RHSA-2004:689) kernel security update
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.407 Medium
EPSS
Percentile
96.9%
The Linux kernel handles the basic functions of the operating system.
This advisory includes fixes for several security issues:
Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the
Linux 2.4 kernel on the AMD64 architecture. A local attacker could use
this flaw to gain privileges. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1144 to this issue.
ISEC security research discovered multiple vulnerabilities in the IGMP
functionality which was backported in the Red Hat Enterprise Linux 3
kernels. These flaws could allow a local user to cause a denial of
service (crash) or potentially gain privileges. Where multicast
applications are being used on a system, these flaws may also allow remote
users to cause a denial of service. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to
this issue.
ISEC security research and Georgi Guninski independantly discovered a flaw
in the scm_send function in the auxiliary message layer. A local user
could create a carefully crafted auxiliary message which could cause a
denial of service (system hang). The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1016 to this issue.
A floating point information leak was discovered in the ia64 architecture
context switch code. A local user could use this flaw to read register
values of other processes by setting the MFH bit. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0565 to this issue.
Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to
2.4.26. A local user could create a carefully crafted binary in such a
way that it would cause a denial of service (system crash). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1234 to this issue.
These packages also fix issues in the io_edgeport driver, and a memory leak
in ip_options_get.
Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | kernel-doc | < 2.4.21-27.0.1.EL | kernel-doc-2.4.21-27.0.1.EL.ia64.rpm |
| RedHat | any | ia64 | kernel-source | < 2.4.21-27.0.1.EL | kernel-source-2.4.21-27.0.1.EL.ia64.rpm |
| RedHat | any | ia64 | kernel-unsupported | < 2.4.21-27.0.1.EL | kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm |
| RedHat | any | ia64 | kernel | < 2.4.21-27.0.1.EL | kernel-2.4.21-27.0.1.EL.ia64.rpm |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.407 Medium
EPSS
Percentile
96.9%