Updated kernel packages that fix several security issues are now
available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Fedora Core 3 - i386, x86_64
3. Problem description:
These new kernel packages contain fixes for the security issues
described below:
- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)
- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)
- a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044)
- a race condition in ip_vs_conn_flush that allowed a local user to
cause a denial of service (CVE-2005-3274)
- a flaw in mq_open system call that allowed a local user to cause a
denial of service (crash) (CVE-2005-3356)
- a flaw in set_mempolicy that allowed a local user on some 64-bit
architectures to cause a denial of service (crash) (CVE-2005-3358)
- a race condition in do_coredump in signal.c that allowed a local user
to cause a denial of service (crash) (CVE-2005-3527)
- a flaw in the auto-reap of child processes that allowed a local user
to cause a denial of service (crash) (CVE-2005-3784)
- a flaw in the POSIX timer cleanup handling that allowed a local user
to cause a denial of service (crash) (CVE-2005-3805)
- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)
- a memory leak in the VFS file lease handling that allowed a local user
to cause a denial of service (CVE-2005-3807)
- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)
- a flaw in procfs handling that allowed a local user to read kernel
memory (CVE-2005-4605)
- a memory disclosure flaw in dm-crypt that allowed a local user to
obtain sensitive information about a cryptographic key (CVE-2006-0095)
- a flaw while constructing an ICMP response that allowed remote users
to cause a denial of service (crash) (CVE-2006-0454)
All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh <package>" and modify
system settings to boot the kernel you have installed. To do this, edit
/boot/grub/grub.conf and change the default entry to "default=0" (or, if
you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and
run lilo)
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have
configured apt/yum to ignore kernels. If so, follow the manual
instructions above.
