Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

Fedora Update

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
This update can be installed with Yum Update Agent; you can type 'yum update' command in the terminal.
This update can also be installed with the Red Hat Update Agent; you can launch the Red Hat Update Agent with the 'up2date' command in the terminal.

[SECURITY] Fedora Core 1 Update: kernel-2.4.22-1.2199.nptl

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-251
2004-08-10
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : kernel
Version     : 2.4.22                      
Release     : 1.2199.nptl                  
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

Paul Starzetz discovered flaws in the Linux kernel when handling file offset
pointers. These consist of invalid conversions of 64 to 32-bit file offset
pointers and possible race conditions. A local unprivileged user could make
use of these flaws to access large portions of kernel memory. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0415 to this issue.

These packages contain a patch written by Al Viro to correct these flaws.
Red Hat would like to thank iSEC Security Research for disclosing this issue
and a number of vendor-sec participants for reviewing and working on the
patch to this issue.

Additionally, a number of issues were fixed in the USB serial code.

References:
http://www.isec.pl/vulnerabilities/isec-0016-procleaks.txt
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415

---------------------------------------------------------------------

* Wed Aug 04 2004 Dave Jones 
- Fix various fpos races. (CAN-2004-0415)

* Wed Jul 07 2004 Dave Jones 
- Updates to usbserial post_helper (Pete Zaitcev)

---------------------------------------------------------------------
This update can be downloaded from:
 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

990abbc3a23ceb0dad35dcf86a9f22bd  SRPMS/kernel-2.4.22-1.2199.nptl.src.rpm
09a7dc7a6acc6dd91b5c5870fc0c2215  x86_64/kernel-2.4.22-1.2199.nptl.x86_64.rpm
3ddc71af11ce37ef2e45a24e82e2b3e9  x86_64/kernel-source-2.4.22-1.2199.nptl.x86_64.rpm
4c25c4633ea124cb13c983c4426aeb2c  x86_64/kernel-doc-2.4.22-1.2199.nptl.x86_64.rpm
e60c0a0d1974f55a1c6d391f277ac811  x86_64/kernel-smp-2.4.22-1.2199.nptl.x86_64.rpm
b5e8570da6b93c2778c007b5252a2cab  x86_64/debug/kernel-debuginfo-2.4.22-1.2199.nptl.x86_64.rpm
0235c05043346ac36fe34e7aa6d7981e  i386/kernel-source-2.4.22-1.2199.nptl.i386.rpm
4761cf2c7322ec44fa6fa177ac17a075  i386/kernel-doc-2.4.22-1.2199.nptl.i386.rpm
51784ae484de03f848ae9036100f3c3b  i386/kernel-BOOT-2.4.22-1.2199.nptl.i386.rpm
fd796c7a0a4b8d95c4b4970b66ff24ab  i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i386.rpm
ae0865018027dd9805e1c6ed31d2ad5c  i386/kernel-2.4.22-1.2199.nptl.i586.rpm
5b87410e6d21d49ffd9007b7c495e094  i386/kernel-smp-2.4.22-1.2199.nptl.i586.rpm
75cf98521b45187a13fce4fa2246181e  i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i586.rpm
37382d2ff7beb3873032270e290c8bd0  i386/kernel-2.4.22-1.2199.nptl.i686.rpm
e1d1d064c83af617d57018f820e52e92  i386/kernel-smp-2.4.22-1.2199.nptl.i686.rpm
e87f2192c4ccb72a82ae6042b203fcf0  i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.i686.rpm
3ab11ad24807b682f375a640c9040688  i386/kernel-2.4.22-1.2199.nptl.athlon.rpm
d1d18eab4c48cd0e5857dd8775344d49  i386/kernel-smp-2.4.22-1.2199.nptl.athlon.rpm
5068d9d87ab03dff7a9a1b14ce35cfaf  i386/debug/kernel-debuginfo-2.4.22-1.2199.nptl.athlon.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------