Related Vulnerabilities: CVE-2003-0461 CVE-2003-0465 CVE-2003-0984 CVE-2003-1040 CVE-2004-0003 CVE-2004-0010

Source

Synopsis

Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2

Type/Severity

Security Advisory: Important

Topic

Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version
3. This is the second regular update.

Description

The Linux kernel handles the basic functions of the
operating system.

This is the second regular kernel update to Red Hat
Enterprise Linux version 3. It contains several minor
security fixes, many bug fixes, device driver updates,
new hardware support, and the introduction of Linux
Syscall Auditing support.

There were bug fixes in many different parts of the kernel,
the bulk of which addressed unusual situations such as error
handling, race conditions, and resource starvation. The
combined effect of the approximately 140 fixes is a strong
improvement in the reliability and durability of Red Hat
Enterprise Linux. Some of the key areas affected are disk
drivers, network drivers, USB support, x86_64 and ppc64
platform support, ia64 32-bit emulation layer enablers,
and the VM, NFS, IPv6, and SCSI subsystems.

A significant change in the SCSI subsystem (the disabling
of the scsi-affine-queue patch) should significantly improve
SCSI disk driver performance in many scenarios. There were
10 Bugzillas against SCSI performance problems addressed
by this change.

The following drivers have been upgraded to new versions:

bonding ---- 2.4.1
cciss ------ 2.4.50.RH1
e1000 ------ 5.2.30.1-k1
fusion ----- 2.05.11.03
ipr -------- 1.0.3
ips -------- 6.11.07
megaraid2 -- 2.10.1.1
qla2x00 ---- 6.07.02-RH1
tg3 -------- 3.1
z90crypt --- 1.1.4

This update introduces support for the new Intel EM64T
processor. A new "ia32e" architecture has been created to
support booting on platforms based on either the original
AMD Opteron CPU or the new Intel EM64T CPU. The existing
"x86_64" architecture has remained optimized for Opteron
systems. Kernels for both types of systems are built from
the same x86_64-architecture sources and share a common
kernel source RPM (kernel-source-2.4.21-15.EL.x86_64.rpm).

Other highlights in this update include a major upgrade to
the SATA infrastructure, addition of IBM JS20 Power Blade
support, and creation of an optional IBM eServer zSeries
On-Demand Timer facility for reducing idle CPU overhead.

The following security issues were addressed in this update:

A minor flaw was found where /proc/tty/driver/serial reveals
the exact character counts for serial links. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0461 to this issue.

The kernel strncpy() function in Linux 2.4 and 2.5 does not
pad the target buffer with null bytes on architectures other
than x86, as opposed to the expected libc behavior, which
could lead to information leaks. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0465 to this issue.

A minor data leak was found in two real time clock drivers
(for /dev/rtc). The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name
CAN-2003-0984 to this issue.

A flaw in the R128 Direct Render Infrastructure (dri) driver
could allow local privilege escalation. This driver is part
of the kernel-unsupported package. The Common Vulnera-
bilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0003 to this issue.

A flaw in ncp_lookup() in ncpfs could allow local privilege
escalation. The ncpfs module allows a system to mount
volumes of NetWare servers or print to NetWare printers and
is in the kernel-unsupported package. The Common Vulnera-
bilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0010 to this issue.

(Note that the kernel-unsupported package contains drivers
and other modules that are unsupported and therefore might
contain security problems that have not been addressed.)

All Red Hat Enterprise Linux 3 users are advised to upgrade
their kernels to the packages associated with their machine
architectures and configurations as listed in this erratum.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Affected Products

Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 102194 - Disk READ performance worse compared with 2.4.20-18.9smp
BZ - 103706 - Some numerical values in /proc/partitions file becomes an unusual value.
BZ - 104084 - ctc interface unexpectedly dies
BZ - 104444 - RHEL3 U2: Syscall Auditing Support
BZ - 104633 - The synchronous write() system call of RHEL3.0 is slower than that of RHEL2.1.
BZ - 104634 - The synchronous write() system call of RHEL3.0 is slower than that of RHEL2.1.
BZ - 104636 - The synchronous write() system call of RHEL3.0 is slower than that of RHEL2.1.
BZ - 106111 - RHEL 3 U2: Only one CPU is initialized in a Hypthreading enabled Intel ICH5 platform.
BZ - 106219 - raid level 1 disk failures
BZ - 106334 - RHEL 3 - U2 -Qlogic FAStT Fibre driver 6.05 or later
BZ - 106396 - Hardware crypto support
BZ - 106402 - LTC4736 - PTS: Kernel Panic during mutex contention test.
BZ - 106503 - ia64 kernel stops allocating memory too early when overcommit_memory set to strict
BZ - 106584 - 'cp -p' returns error when destination is an nfs directory
BZ - 106870 - RHEL 3 AS/IPF/QU1: Qlogic qla2300 6.06.50
BZ - 106890 - RHEL 3 U2: preserve_argv0 patch missing - IPF x86 compat.
BZ - 106894 - RHEL 3, U2: IA32 feat: new microcode update format sup. (Prescott/Nocona)
BZ - 106969 - Random stall during boot-up
BZ - 107330 - NC6770 adapter fails to regain connection after lost link
BZ - 107331 - (tg3) Jumbo Frames w/bonding fails on NC7771 and Red Hat EL 3 RC1 respin
BZ - 107744 - RHEL3 Update1: ia32 on ia64 syscall table
BZ - 107864 - Data corruption in iozone benchmark
BZ - 107915 - binfmt_misc.o is a part of kernel-unsupported - x86 compat on IPF
BZ - 108958 - MINSIGSTKSZ mismatch between ia32 and ia64
BZ - 109242 - LTC5267 - Network degradation as runs progress in specweb99
BZ - 109618 - 3ware raid extremely low throughput
BZ - 109660 - op_time no samples files found
BZ - 109843 - Typo in module parameter of scsi_mod module
BZ - 109914 - PATCH: LTC5351-Large external array causes SIGILL in 32-bit
BZ - 110170 - [PATCH] LTC5381- rhel 3 will need to pick up the cyclone-lpj-fix patch
BZ - 110633 - iptables ipt_limit module fails on ppc (iserie) RS64-IV RHEL3
BZ - 110716 - RHEL 3 - U2 - JS30 Blade - kernel enablement
BZ - 110849 - zcrypt update to 06-11 and up
BZ - 110872 - System Hangs after 5-10 minutes with USB attached
BZ - 110999 - clock is running to fast on IBM x445
BZ - 111250 - tg3 driver fails to autonegotiate correctly
BZ - 111264 - ada compiler crashes on even hello-world
BZ - 111287 - [PATCH] alternate signal stack bug corrupts RNaT bits
BZ - 111403 - [PATCH] LTC3766 - pthreads/NPTL problems with large memory processes
BZ - 111446 - hang in RHEL 3 pthreads library
BZ - 111629 - ACL over NFS problem
BZ - 111673 - RHEL 3 U2 - ServeRAID update for IA64 fixes
BZ - 111681 - Invalid ICMP type 11 messages echo'd to console
BZ - 111768 - /proc/pid/statm can return negative values
BZ - 111774 - [PATCH] HP cciss driver bug fix
BZ - 111853 - [PATCH] cciss hba pointer may be null when trying to release I/O memory
BZ - 111854 - [PATCH] need to enable prefetch on HP 64xx controllers
BZ - 111855 - [PATCH] problems hot plugging older cciss controllers
BZ - 111856 - [PATCH] cciss driver may panic system when sharing IRQ's
BZ - 111858 - [PATCH] cciss may display #blocks as a negative value
BZ - 111903 - [PATCH] oops in IUCV code
BZ - 111911 - avoid hang during initialization on I/O errors
BZ - 111968 - Allow async read/write to propagate down to transports that support async
BZ - 112006 - [PATCH] BUG() from __remove_inode_page
BZ - 112025 - SMP kernels parsing of AICP tables limited - breaks hyperthreading
BZ - 112039 - RHEL 3 U2: Qlogic qla2300 driver version 6.07.++
BZ - 112040 - RHEL 3 U2: Update cciss driver to 2.4.50
BZ - 112057 - RHEL3 U2: update megaraid2 to version 2.10.x
BZ - 112103 - RHEL3 U2: IA32 core dump support on IPF
BZ - 112111 - RHEL 3 U2: ICH6 PATA support
BZ - 112139 - RHEL 3 U2: update cciss driver (new funct/bug fixes) to 2.4.50
BZ - 112163 - RHEL 3 U2 - Update e1000
BZ - 112190 - Duplicate get_partition_list bug to track Bugzilla 111342 in Taroon -
BZ - 112288 - [PATCH] ICMPv6 error message contains incorrect original packet's data.
BZ - 112359 - RHEL 3.0 using v6.06.00b11 driver attached to McData switch doesn't log in or scan devices successfully.
BZ - 112363 - NC7722 when using the TG3 driver has no active link Th established
BZ - 112449 - (TG3) driver doesn't work properly with bcm5700 nic
BZ - 112584 - reservation error code, corrupts request queue
BZ - 112607 - aironet driver fixes
BZ - 112646 - defunct processes whose parent process is 'init' are created.
BZ - 112724 - kernel hang when unmap a hugetlb vma
BZ - 112764 - RHEL3 kernel not preventing or recovering from fork bomb when ulimit used
BZ - 112826 - LTC5732 - MMIO alignment error when inserting the olympic TR module.
BZ - 113034 - RHEL 3 U2: Merge IBM IPR driver into main kernel RPM
BZ - 113051 - [PATCH] LTC5757 - RHEL3 update 2 RAS patches - rtas syscall and os-term
BZ - 113052 - [PATCH] LTC5758 - /proc/ppc64/lparcfg file missing in RHEL 3
BZ - 113071 - [PATCH] RHEL3 ia64: 32 bit applications don't dump core properly
BZ - 113072 - [PATCH] RHEL3/ia64: strace -f on multithreaded 32 bit applications doesn't work
BZ - 113099 - CAN-2003-0461 /proc reveals char count
BZ - 113100 - CAN-2003-0465 kernel strncpy padding
BZ - 113103 - CAN-2003-0984 minor /dev/rtc leak
BZ - 113105 - Al-Viro kmod local DoS
BZ - 113171 - lousy read performance on megaraid with 2.4.21-4.0.2.EL
BZ - 113213 - kernel crashes when unmap_kvec() is called in interrupt context
BZ - 113328 - RHEL 3 - U2 ACPI support for multiple IDE devices (x455)
BZ - 113341 - netdump - various race conditions that lead to hangs in panic()/die()
BZ - 113413 - too many ipv6 aliases cause kernel oops
BZ - 113561 - Patch for BLIST_SPARSELUN in scsi_scan.c
BZ - 113604 - CAN-2004-0003 r128 DRI
BZ - 113737 - [PATCH] sym53c8xx.c - odd byte tape fix
BZ - 113738 - [PATCH] updated megaraid2 driver (2.10.1)
BZ - 113739 - [PATCH] updated mptfusion driver (2.05.11)
BZ - 113809 - depmod is not run for kernel-2.4.21-9.EL from Quaterly Update #1
BZ - 113890 - [PATCH] Excutable compiled on x86 can cause kernel seg fault on x86_64
BZ - 114052 - Raw device performance poor under WS 3 Dreamworks IT#29689
BZ - 114135 - LSI Megaraid(2) performance subpar in RHEL3, using RHEL3 kernel
BZ - 114137 - RHEL3 U2: patch for sym53c8xx.c to address odd byte tape fix
BZ - 114356 - USB keyboard/mouse don\'t work on upcoming Dell servers
BZ - 114529 - RHEL3: [PATCH] Inclusion of Handspring Treo patch into next kernel release
BZ - 114553 - Bad performance with Q1 update kernel (-9EL)
BZ - 114560 - zfcp updates for RHEL3 U2
BZ - 114588 - [PATCH] don't serialize NFS direct writes
BZ - 114773 - Panic in elf_core_copy_regs() core dumping ia32 binary
BZ - 114869 - date returns future year of 586562
BZ - 114873 - RHEL3 U2: softirq interrupt deferral patch
BZ - 114874 - RHEL 2.1 U4 and RHEL 3 U2 - e1000 fix for SOL
BZ - 114940 - RHEL 3.0 default QLogic driver v6.06.00b11 spews sg_low_free and QUEUE FULL messages at load time.
BZ - 114942 - Running I/O on RHEL 3.0 and using the v6.06.00b11 driver, the driver ran out of memory and began arbitrarily killing processes.
BZ - 115072 - Lack of file close processing for O_DIRECT unsupported filesystem in dentry_open()
BZ - 115231 - RHEL 3_U2 Adds new processor support
BZ - 115273 - bad disk I/O performance with the 2.4.21-4.ELsmp kernel
BZ - 115334 - Suspected VM problem causes gradual Tux performance degradation
BZ - 115390 - Kernel panic and/or EXT3-fs corruption running sysreport on rx7620
BZ - 115438 - strange load - kswapd/IO ?
BZ - 115439 - LTC5321-Cannot enable quota on RHEL 3 for ppc64
BZ - 115823 - CAN-2004-0010 ncpfs hole (unsupported)
BZ - 116261 - RHEL3 kernel specfile for s390* should require minimum version of s390utils
BZ - 116916 - tg3 driver doesn't support bonding driver's ALB mode
BZ - 117454 - /proc/cpuinfo has bad info on ia32e
BZ - 117741 - P4 2.8ghz HT, Using RHEL WS 3.0 Update 1, latest SMP Kernel, see only 1 CPU
BZ - 117914 - RHEL3 U3: Handspring Treo ID
BZ - 117941 - frequent kernel panics
BZ - 118109 - System hangs while running stress tests with hugetlbfs on hugemem kernel
BZ - 118397 - system needlessly thrashing swap partition
BZ - 118494 - updates to scsi_scan.c (RHEL3 U2 alpha)
BZ - 118556 - MTRRs not initialized correctly
BZ - 118647 - kswapd in state R and D load constant at 1+
BZ - 118882 - Machine doesn't boot SMP Kernel after installation
BZ - 118885 - [PATCH] kernel panics when removing expired IPsec SAs
BZ - 118974 - stack overflows during ACPI initialization
BZ - 118980 - option \'acpi=off\' not working correctly
BZ - 119009 - Kernel panic occurs when trying to install RHEL 3 U2 B2 for AMD64
BZ - 119174 - /proc/cpuinfo vendor_id is wrong. shows $
BZ - 119234 - RHEL3 U2 beta1 hard locks on Celcius 810v
BZ - 119545 - kernel module binfmt_misc missing
BZ - 119638 - Can't set speed/duplex on tg3 fiber interfaces
BZ - 119903 - nfs peformance very bad on EL3
BZ - 120232 - [x86_64] Crash on install disc boot without newly-required noapictimers
BZ - 120341 - Runaway processes with USB console on Blade Center
BZ - 121856 - LTC7932-Kernel Panic with TCE allocation failure w/ Qlogic queue depth issue
BZ - 122077 - servers freeze (only respond to ping and sysrq) periodically

CVEs

References

(none)