Red Hat Security Advisory: Updated 2.4 kernel available

Warren Togami warren at togami.com
Fri Jan 25 00:24:10 PST 2002


---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated 2.4 kernel available
Advisory ID:       RHSA-2002:007-16
Issue date:        2002-01-09
Updated on:        2002-01-22
Product:           Red Hat Linux
Keywords:          cipe icmp
Cross references:
Obsoletes:
---------------------------------------------------------------------

1. Topic:

A security vunlerability  in the Linux CIPE (VPN tunnel) implementation has
been fixed.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - alpha, alphaev6, athlon, i386, i586, i686, ia64

Red Hat Linux 7.2 - athlon, i386, i586, i686, ia64

3. Problem description:

Larry McVoy has discovered a problem in the CIPE (VPN tunnel)
implementation, where a malformed packet could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2002-0047 to this issue.

Andrew Griffiths has discovered a vulnerability that allows remote machines
to read random memory using a bug in the Linux ICMP implementation.
However, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after
version 2.2.18 have this bug fixed. All Red Hat Linux 2.4 kernels have this
fix are not vulnerable to this bug.

It is recommended that users running older 2.2 kernels on Red Hat Linux 6.2
or 7 upgrade to the latest available errata kernel, which includes a fix
for this problem.  The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2002-0046 to this issue.

A patch for recent 2.4 kernels is circulating to fix the bug in the Linux
ICMP implementation. Red Hat, Inc. recommends not using this patch since it
actually breaks the kernel ICMP implementation and since Red Hat Linux 2.4
kernels are not vulnerable to the bug.

In addition to the CIPE security fix, several other bugs were fixed, and
some drivers were updated:

* For Red Hat Linux 7.1: DRM/DRI (3D support) for the XFree86 erratum
  RHEA-2002:010
* New aacraid driver rewritten by Alan Cox
* New DAC960 driver
* Additional Qlogic 2200 driver
* LM_Sensors driver upgrade

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied. Red Hat Linux 7.1 users should
update the packages in the XFree86 Erratum (RHEA-2002:010).

The procedure for upgrading the kernel is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network.  Many
people find this to be an easier way to apply updates.  To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

55476 - Kernel 2.4.9-7 crashes Dell PE2500 with aacraid on startup
55605 - kernel 2.4.9-7 constantly outputs messages to syslog about clock
timer
54855 - i810 audio problem after up2date4d kernel 2.4.9-6

6. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.9-21.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/modutils-2.4.10-1.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/tux-2.2.0-1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-2.4.9-21.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-smp-2.4.9-21.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-source-2.4.9-21.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-BOOT-2.4.9-21.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-headers-2.4.9-21.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/kernel-doc-2.4.9-21.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/modutils-2.4.10-1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tux-2.2.0-1.alpha.rpm

athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.9-21.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-headers-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/modutils-2.4.10-1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tux-2.2.0-1.i386.rpm

i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.9-21.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.9-21.i586.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.9-21.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.9-21.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.9-21.i686.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/kernel-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/modutils-2.4.10-1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tux-2.2.0-1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.9-21.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/modutils-2.4.10-1.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/tux-2.2.0-1.src.rpm

athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.9-21.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-headers-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.9-21.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/modutils-2.4.10-1.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tux-2.2.0-1.i386.rpm

i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.9-21.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.9-21.i586.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.9-21.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.9-21.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.9-21.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/kernel-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tux-2.2.0-1.ia64.rpm


7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
c98c533651ad7ddf1953291c6b86e24d 7.1/en/os/SRPMS/kernel-2.4.9-21.src.rpm
bce506e9913f952f74ecb1cc4f5e0d14 7.1/en/os/SRPMS/modutils-2.4.10-1.src.rpm
0fc99d749b73ce672ce314097fa75680 7.1/en/os/SRPMS/tux-2.2.0-1.src.rpm
e968e639383c1c6ac5f81cac4ef23282 7.1/en/os/alpha/kernel-2.4.9-21.alpha.rpm
963d4f2f6b7aba6a872cddef8ea98a0a
7.1/en/os/alpha/kernel-BOOT-2.4.9-21.alpha.rpm
56cdcbcdfb7986b8925320e5c6147894
7.1/en/os/alpha/kernel-doc-2.4.9-21.alpha.rpm
76e4da4321e4fc73bf71cad185d7c74c
7.1/en/os/alpha/kernel-headers-2.4.9-21.alpha.rpm
23e236f018b86d66c7d6a0e703d8741b
7.1/en/os/alpha/kernel-smp-2.4.9-21.alpha.rpm
b0b96c30d406279778e17f2425564182
7.1/en/os/alpha/kernel-source-2.4.9-21.alpha.rpm
34b7a78b5a0f91f8b476448532c6ca01 7.1/en/os/alpha/modutils-2.4.10-1.alpha.rpm
be01c0f774210275c54158b30ce241a5 7.1/en/os/alpha/tux-2.2.0-1.alpha.rpm
3ca1396e73f1d5f105fdc70577c1ad5b 7.1/en/os/athlon/kernel-2.4.9-21.athlon.rpm
98c26aa144875e66ad7a24d715fffc3c
7.1/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm
071131740198219c636b8927f8f88457 7.1/en/os/i386/kernel-2.4.9-21.i386.rpm
36d81ca909ec13711442a7ced06c5954
7.1/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm
13389781e18047d555a0e65ae0e1e53b 7.1/en/os/i386/kernel-doc-2.4.9-21.i386.rpm
6e02167e35be2a1234419dc04d285c8d
7.1/en/os/i386/kernel-headers-2.4.9-21.i386.rpm
b1d7f572f45b208f1c9dc4983bf51cc7
7.1/en/os/i386/kernel-source-2.4.9-21.i386.rpm
62512921c8a9704642ace9972f2bcb32 7.1/en/os/i386/modutils-2.4.10-1.i386.rpm
b071d20ef0474a1e4ca5ec65b333796f 7.1/en/os/i386/tux-2.2.0-1.i386.rpm
243e4c5fa57a8002046bf24de2e1ffd2 7.1/en/os/i586/kernel-2.4.9-21.i586.rpm
2510b6f2059f2790d9528cdd63e92f95 7.1/en/os/i586/kernel-smp-2.4.9-21.i586.rpm
deb1513ff79d1d40dde059cf1e3142db 7.1/en/os/i686/kernel-2.4.9-21.i686.rpm
9b0033255956ed2be1c6878dfd84c472
7.1/en/os/i686/kernel-debug-2.4.9-21.i686.rpm
2881b02642d6244d36fe7baaa4954c45
7.1/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm
eaaac60d828e3954c6f2018cc7dfb2d6 7.1/en/os/i686/kernel-smp-2.4.9-21.i686.rpm
d4b7d97af57ead842eb82c2b81e8c395 7.1/en/os/ia64/kernel-2.4.9-21.ia64.rpm
be80ab57387b969df0b046893a991735 7.1/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm
55a98e22cb5ac68e1f35a971206ef30c
7.1/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm
4724141890684670cf7d636eedecda3f 7.1/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm
3931d07ace606c7772f0aa68f1a7026c
7.1/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm
747b4ec0ea09f49b2cd1f1bea75f2b26 7.1/en/os/ia64/modutils-2.4.10-1.ia64.rpm
0115dc46812b1aa8404b753815f18186 7.1/en/os/ia64/tux-2.2.0-1.ia64.rpm
c98c533651ad7ddf1953291c6b86e24d 7.2/en/os/SRPMS/kernel-2.4.9-21.src.rpm
bce506e9913f952f74ecb1cc4f5e0d14 7.2/en/os/SRPMS/modutils-2.4.10-1.src.rpm
0fc99d749b73ce672ce314097fa75680 7.2/en/os/SRPMS/tux-2.2.0-1.src.rpm
3ca1396e73f1d5f105fdc70577c1ad5b 7.2/en/os/athlon/kernel-2.4.9-21.athlon.rpm
98c26aa144875e66ad7a24d715fffc3c
7.2/en/os/athlon/kernel-smp-2.4.9-21.athlon.rpm
071131740198219c636b8927f8f88457 7.2/en/os/i386/kernel-2.4.9-21.i386.rpm
36d81ca909ec13711442a7ced06c5954
7.2/en/os/i386/kernel-BOOT-2.4.9-21.i386.rpm
13389781e18047d555a0e65ae0e1e53b 7.2/en/os/i386/kernel-doc-2.4.9-21.i386.rpm
6e02167e35be2a1234419dc04d285c8d
7.2/en/os/i386/kernel-headers-2.4.9-21.i386.rpm
b1d7f572f45b208f1c9dc4983bf51cc7
7.2/en/os/i386/kernel-source-2.4.9-21.i386.rpm
62512921c8a9704642ace9972f2bcb32 7.2/en/os/i386/modutils-2.4.10-1.i386.rpm
b071d20ef0474a1e4ca5ec65b333796f 7.2/en/os/i386/tux-2.2.0-1.i386.rpm
243e4c5fa57a8002046bf24de2e1ffd2 7.2/en/os/i586/kernel-2.4.9-21.i586.rpm
2510b6f2059f2790d9528cdd63e92f95 7.2/en/os/i586/kernel-smp-2.4.9-21.i586.rpm
deb1513ff79d1d40dde059cf1e3142db 7.2/en/os/i686/kernel-2.4.9-21.i686.rpm
9b0033255956ed2be1c6878dfd84c472
7.2/en/os/i686/kernel-debug-2.4.9-21.i686.rpm
2881b02642d6244d36fe7baaa4954c45
7.2/en/os/i686/kernel-enterprise-2.4.9-21.i686.rpm
eaaac60d828e3954c6f2018cc7dfb2d6 7.2/en/os/i686/kernel-smp-2.4.9-21.i686.rpm
d4b7d97af57ead842eb82c2b81e8c395 7.2/en/os/ia64/kernel-2.4.9-21.ia64.rpm
be80ab57387b969df0b046893a991735 7.2/en/os/ia64/kernel-doc-2.4.9-21.ia64.rpm
55a98e22cb5ac68e1f35a971206ef30c
7.2/en/os/ia64/kernel-headers-2.4.9-21.ia64.rpm
4724141890684670cf7d636eedecda3f 7.2/en/os/ia64/kernel-smp-2.4.9-21.ia64.rpm
3931d07ace606c7772f0aa68f1a7026c
7.2/en/os/ia64/kernel-source-2.4.9-21.ia64.rpm
0115dc46812b1aa8404b753815f18186 7.2/en/os/ia64/tux-2.2.0-1.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg

8. References:

http://www.securityfocus.com/archive/1/251418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.



More information about the LUAU mailing list