[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 84/04 - Red Hat Security Bulletin - Updated kernel packages fix security vulnerability



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 84/04 dated 25.02.04  Time: 10:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Red Hat Security Bulletin:

Updated kernel packages fix security vulnerability.


Detail
====== 

Updated kernel packages that fix a security vulnerability that may allow 
local users to gain root privileges are now available.  These packages 
also resolve other minor issues.



- ----------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerability
Advisory ID:       RHSA-2004:066-01
Issue date:        2004-02-19
Updated on:        2004-02-19
Product:           Red Hat Enterprise Linux
Keywords:          taroon kernel update
Cross references:  
Obsoletes:         RHSA-2004:017
CVE Names:         CAN-2004-0077
- ---------------------------------------------------------------------

1. Topic:

Updated kernel packages that fix a security vulnerability that may allow local users to gain root privileges are now available.  These packages also resolve other minor issues.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386, i686 Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in return value checking in mremap() in the Linux kernel versions 2.4.24 and previous that may allow a local attacker to gain root privileges.  No exploit is currently available; however this issue is exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0077 to this issue.

All users are advised to upgrade to these errata packages, which contain
backported security patches that correct these issues.   

Red Hat would like to thank Paul Starzetz from ISEC for reporting this issue.

For the IBM S/390 and IBM eServer zSeries architectures, the upstream version of the s390utils package (which fixes a big in the zipl
bootloader) is also included.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those RPMs which are currently installed will be updated.  Those RPMs which are not installed but included in the list will not be updated.  Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many people find this an easier way to apply updates.  To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate.  The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

113517 - RHEL 3.0 smp hang using prctl( PR_SET_PDEATHSIG
112891 - OOM killer strikes with lots of free swap space
115820 - CAN-2004-0077 Linux kernel do_mremap VMA limit local privilege escalation

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-9.0.1.EL.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/s390utils-1.2.4-3.src.rpm

athlon:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.athlon.rpm

i386:
Available from Red Hat Network: kernel-BOOT-2.4.21-9.0.1.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.i386.rpm

i686:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.i686.rpm

ia64:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.ia64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.ia64.rpm

ppc64:
Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.ppc64.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.ppc64.rpm

ppc64iseries:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.ppc64iseries.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.ppc64iseries.rpm

ppc64pseries:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.ppc64pseries.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.ppc64pseries.rpm

s390:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.s390.rpm Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.s390.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.s390.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.s390.rpm
Available from Red Hat Network: s390utils-1.2.4-3.s390.rpm

s390x:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.s390x.rpm Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.s390x.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.s390x.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.s390x.rpm
Available from Red Hat Network: s390utils-1.2.4-3.s390x.rpm

x86_64:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-9.0.1.EL.src.rpm

athlon:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.athlon.rpm

i386:
Available from Red Hat Network: kernel-BOOT-2.4.21-9.0.1.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.i386.rpm

i686:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.i686.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-9.0.1.EL.src.rpm

athlon:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.athlon.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.athlon.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.athlon.rpm

i386:
Available from Red Hat Network: kernel-BOOT-2.4.21-9.0.1.EL.i386.rpm
Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.i386.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.i386.rpm

i686:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.i686.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.i686.rpm

ia64:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.ia64.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.ia64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.ia64.rpm

x86_64:
Available from Red Hat Network: kernel-2.4.21-9.0.1.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-smp-unsupported-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-source-2.4.21-9.0.1.EL.x86_64.rpm
Available from Red Hat Network: kernel-unsupported-2.4.21-9.0.1.EL.x86_64.rpm



7. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------

e83988c03d2de9cbea71b3353ebabfaf 3AS/en/os/SRPMS/kernel-2.4.21-9.0.1.EL.src.rpm
0785d3c8153ac9da0e7f9c7bcf856ff0 3AS/en/os/SRPMS/s390utils-1.2.4-3.src.rpm
3682824cd3afe45ae0d1a42bdc00649f 3AS/en/os/athlon/kernel-2.4.21-9.0.1.EL.athlon.rpm
464774de50bb2233e71b148bb202cbdb 3AS/en/os/athlon/kernel-smp-2.4.21-9.0.1.EL.athlon.rpm
805edccb7aed2490bdf13b9fc712cedb 3AS/en/os/athlon/kernel-smp-unsupported-2.4.21-9.0.1.EL.athlon.rpm
07b31f675849ab2895290289510dcfb4 3AS/en/os/athlon/kernel-unsupported-2.4.21-9.0.1.EL.athlon.rpm
2a422029a324b71b91c4d8850808ec96 3AS/en/os/i386/kernel-BOOT-2.4.21-9.0.1.EL.i386.rpm
fc869b3b9ffdabf4531acc08767d6d44 3AS/en/os/i386/kernel-doc-2.4.21-9.0.1.EL.i386.rpm
803e4ac1ea1e579f688183c1a5991c16 3AS/en/os/i386/kernel-source-2.4.21-9.0.1.EL.i386.rpm
21d70972866dbaebac7b49832c85b4ac 3AS/en/os/i686/kernel-2.4.21-9.0.1.EL.i686.rpm
a1eb7a4a1b4aa43d047684e8aababd04 3AS/en/os/i686/kernel-hugemem-2.4.21-9.0.1.EL.i686.rpm
1cc969da0bf20b7b095518c1b60cec80 3AS/en/os/i686/kernel-hugemem-unsupported-2.4.21-9.0.1.EL.i686.rpm
7709947b2b66a2085b43eb962d8f1c85 3AS/en/os/i686/kernel-smp-2.4.21-9.0.1.EL.i686.rpm
e53df49382dbca2253cee7b3e850b207 3AS/en/os/i686/kernel-smp-unsupported-2.4.21-9.0.1.EL.i686.rpm
36778138b5735e2994023bd13aa08daf 3AS/en/os/i686/kernel-unsupported-2.4.21-9.0.1.EL.i686.rpm
9b61e2264db6ba6c6b91a16286926f08 3AS/en/os/ia64/kernel-2.4.21-9.0.1.EL.ia64.rpm
a09be06ad4b3d5440c52ffcf9318c177 3AS/en/os/ia64/kernel-doc-2.4.21-9.0.1.EL.ia64.rpm
ea5688dd70ab2a780fe20661d82373e4 3AS/en/os/ia64/kernel-source-2.4.21-9.0.1.EL.ia64.rpm
9de00ca59530ff8e5177eafa17912e69 3AS/en/os/ia64/kernel-unsupported-2.4.21-9.0.1.EL.ia64.rpm
3a4258c1f4b8e649769d08f05729aa8f 3AS/en/os/ppc64/kernel-doc-2.4.21-9.0.1.EL.ppc64.rpm
3a4fb1debb5d572bd8f3a0e208725fbd 3AS/en/os/ppc64/kernel-source-2.4.21-9.0.1.EL.ppc64.rpm
611864738d21cc2e5a958b36de6886e6 3AS/en/os/ppc64iseries/kernel-2.4.21-9.0.1.EL.ppc64iseries.rpm
39ab89ad17b4de9fea0dea9c5aa83ef2 3AS/en/os/ppc64iseries/kernel-unsupported-2.4.21-9.0.1.EL.ppc64iseries.rpm
d4dd8a1c5ec8fe932959dc8b1b29981d 3AS/en/os/ppc64pseries/kernel-2.4.21-9.0.1.EL.ppc64pseries.rpm
4fc2d6dad2d465d660bc5c2d677a18a0 3AS/en/os/ppc64pseries/kernel-unsupported-2.4.21-9.0.1.EL.ppc64pseries.rpm
10f10d26db5d74a86b112e3143caf4d2 3AS/en/os/s390/kernel-2.4.21-9.0.1.EL.s390.rpm
6412762e1d44519d2d316c7c94dbd607 3AS/en/os/s390/kernel-doc-2.4.21-9.0.1.EL.s390.rpm
d49e34bab3d0265e734dca6bfe65373a 3AS/en/os/s390/kernel-source-2.4.21-9.0.1.EL.s390.rpm
e03009763c68ba558c261d245cc9faa3 3AS/en/os/s390/kernel-unsupported-2.4.21-9.0.1.EL.s390.rpm
2421d9175012e807a3195221a57a5b4a 3AS/en/os/s390/s390utils-1.2.4-3.s390.rpm
6636efb0a5a213d8639326c8a65a57b3 3AS/en/os/s390x/kernel-2.4.21-9.0.1.EL.s390x.rpm
ccbe194bd4f02fee8155ee65f18a0529 3AS/en/os/s390x/kernel-doc-2.4.21-9.0.1.EL.s390x.rpm
12f9627ea99c284750b6ab277b9548e2 3AS/en/os/s390x/kernel-source-2.4.21-9.0.1.EL.s390x.rpm
b24e5e238052f197e29c531a4b39fa3f 3AS/en/os/s390x/kernel-unsupported-2.4.21-9.0.1.EL.s390x.rpm
427156c1eb15322da3c4887f8b6b2762 3AS/en/os/s390x/s390utils-1.2.4-3.s390x.rpm
2152dc5bb64f21d6e548c1492f054e33 3AS/en/os/x86_64/kernel-2.4.21-9.0.1.EL.x86_64.rpm
0e1ad1b6893dddab831b8882d866793b 3AS/en/os/x86_64/kernel-doc-2.4.21-9.0.1.EL.x86_64.rpm
392b5b99e396ba2c861d5ef787ef90cb 3AS/en/os/x86_64/kernel-smp-2.4.21-9.0.1.EL.x86_64.rpm
af47d1725e4beb186b27bf477976b8f0 3AS/en/os/x86_64/kernel-smp-unsupported-2.4.21-9.0.1.EL.x86_64.rpm
af8a5ae66bd171fb0b6e92ba944d24ec 3AS/en/os/x86_64/kernel-source-2.4.21-9.0.1.EL.x86_64.rpm
49f0b538164e79fadb3bce9871c0f6d1 3AS/en/os/x86_64/kernel-unsupported-2.4.21-9.0.1.EL.x86_64.rpm
e83988c03d2de9cbea71b3353ebabfaf 3ES/en/os/SRPMS/kernel-2.4.21-9.0.1.EL.src.rpm
3682824cd3afe45ae0d1a42bdc00649f 3ES/en/os/athlon/kernel-2.4.21-9.0.1.EL.athlon.rpm
464774de50bb2233e71b148bb202cbdb 3ES/en/os/athlon/kernel-smp-2.4.21-9.0.1.EL.athlon.rpm
805edccb7aed2490bdf13b9fc712cedb 3ES/en/os/athlon/kernel-smp-unsupported-2.4.21-9.0.1.EL.athlon.rpm
07b31f675849ab2895290289510dcfb4 3ES/en/os/athlon/kernel-unsupported-2.4.21-9.0.1.EL.athlon.rpm
2a422029a324b71b91c4d8850808ec96 3ES/en/os/i386/kernel-BOOT-2.4.21-9.0.1.EL.i386.rpm
fc869b3b9ffdabf4531acc08767d6d44 3ES/en/os/i386/kernel-doc-2.4.21-9.0.1.EL.i386.rpm
803e4ac1ea1e579f688183c1a5991c16 3ES/en/os/i386/kernel-source-2.4.21-9.0.1.EL.i386.rpm
21d70972866dbaebac7b49832c85b4ac 3ES/en/os/i686/kernel-2.4.21-9.0.1.EL.i686.rpm
a1eb7a4a1b4aa43d047684e8aababd04 3ES/en/os/i686/kernel-hugemem-2.4.21-9.0.1.EL.i686.rpm
1cc969da0bf20b7b095518c1b60cec80 3ES/en/os/i686/kernel-hugemem-unsupported-2.4.21-9.0.1.EL.i686.rpm
7709947b2b66a2085b43eb962d8f1c85 3ES/en/os/i686/kernel-smp-2.4.21-9.0.1.EL.i686.rpm
e53df49382dbca2253cee7b3e850b207 3ES/en/os/i686/kernel-smp-unsupported-2.4.21-9.0.1.EL.i686.rpm
36778138b5735e2994023bd13aa08daf 3ES/en/os/i686/kernel-unsupported-2.4.21-9.0.1.EL.i686.rpm
e83988c03d2de9cbea71b3353ebabfaf 3WS/en/os/SRPMS/kernel-2.4.21-9.0.1.EL.src.rpm
3682824cd3afe45ae0d1a42bdc00649f 3WS/en/os/athlon/kernel-2.4.21-9.0.1.EL.athlon.rpm
464774de50bb2233e71b148bb202cbdb 3WS/en/os/athlon/kernel-smp-2.4.21-9.0.1.EL.athlon.rpm
805edccb7aed2490bdf13b9fc712cedb 3WS/en/os/athlon/kernel-smp-unsupported-2.4.21-9.0.1.EL.athlon.rpm
07b31f675849ab2895290289510dcfb4 3WS/en/os/athlon/kernel-unsupported-2.4.21-9.0.1.EL.athlon.rpm
2a422029a324b71b91c4d8850808ec96 3WS/en/os/i386/kernel-BOOT-2.4.21-9.0.1.EL.i386.rpm
fc869b3b9ffdabf4531acc08767d6d44 3WS/en/os/i386/kernel-doc-2.4.21-9.0.1.EL.i386.rpm
803e4ac1ea1e579f688183c1a5991c16 3WS/en/os/i386/kernel-source-2.4.21-9.0.1.EL.i386.rpm
21d70972866dbaebac7b49832c85b4ac 3WS/en/os/i686/kernel-2.4.21-9.0.1.EL.i686.rpm
a1eb7a4a1b4aa43d047684e8aababd04 3WS/en/os/i686/kernel-hugemem-2.4.21-9.0.1.EL.i686.rpm
1cc969da0bf20b7b095518c1b60cec80 3WS/en/os/i686/kernel-hugemem-unsupported-2.4.21-9.0.1.EL.i686.rpm
7709947b2b66a2085b43eb962d8f1c85 3WS/en/os/i686/kernel-smp-2.4.21-9.0.1.EL.i686.rpm
e53df49382dbca2253cee7b3e850b207 3WS/en/os/i686/kernel-smp-unsupported-2.4.21-9.0.1.EL.i686.rpm
36778138b5735e2994023bd13aa08daf 3WS/en/os/i686/kernel-unsupported-2.4.21-9.0.1.EL.i686.rpm
9b61e2264db6ba6c6b91a16286926f08 3WS/en/os/ia64/kernel-2.4.21-9.0.1.EL.ia64.rpm
a09be06ad4b3d5440c52ffcf9318c177 3WS/en/os/ia64/kernel-doc-2.4.21-9.0.1.EL.ia64.rpm
ea5688dd70ab2a780fe20661d82373e4 3WS/en/os/ia64/kernel-source-2.4.21-9.0.1.EL.ia64.rpm
9de00ca59530ff8e5177eafa17912e69 3WS/en/os/ia64/kernel-unsupported-2.4.21-9.0.1.EL.ia64.rpm
2152dc5bb64f21d6e548c1492f054e33 3WS/en/os/x86_64/kernel-2.4.21-9.0.1.EL.x86_64.rpm
0e1ad1b6893dddab831b8882d866793b 3WS/en/os/x86_64/kernel-doc-2.4.21-9.0.1.EL.x86_64.rpm
392b5b99e396ba2c861d5ef787ef90cb 3WS/en/os/x86_64/kernel-smp-2.4.21-9.0.1.EL.x86_64.rpm
af47d1725e4beb186b27bf477976b8f0 3WS/en/os/x86_64/kernel-smp-unsupported-2.4.21-9.0.1.EL.x86_64.rpm
af8a5ae66bd171fb0b6e92ba944d24ec 3WS/en/os/x86_64/kernel-source-2.4.21-9.0.1.EL.x86_64.rpm
49f0b538164e79fadb3bce9871c0f6d1 3WS/en/os/x86_64/kernel-unsupported-2.4.21-9.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key is available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://www10.software.ibm.com/developerworks/opensource/linux390/s390-tools-1.2.4-june2003.shtml
http://www10.software.ibm.com/developerworks/opensource/linux390/s390-tools-1.2.3-june2003.shtml
http://www10.software.ibm.com/developerworks/opensource/linux390/s390-tools-1.2.2-june2003.shtml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077

9. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.

- ------------------------------------------------------------------------------------

bugzilla@xxxxxxxxxx wrote:

> Paul Starzetz discovered a flaw in return value checking in mremap()
> in the Linux kernel versions 2.4.24 and previous that may allow a 
> local attacker to gain root privileges. No exploit is currently 
> available; ...

There is an Proof-of-concept exploit available:

http://www.derkeiler.com/Mailing-Lists/Securiteam/2004-02/0052.html

Ulrich Keil
- -- 
http://www.derkeiler.com
PGP Fingerprint: 5FA4 4C01 8D92 A906 E831  CAF1 3F51 8F47 1233 9AAD Public key 
available at http://www.derkeiler.com/uk/pgp-key.asc



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQD3HVopao72zK539AQERNQP/QUkhghn3clFsBWo+iQFeHb50XcHXr0/d
SIzPOQ14/BmGlc6eWgdpgC3BVerx+CBMF5paowSbxGQEjgG8no4J0MvOvdXsBHIf
UuCrgApXp3WV3kws12QeemYpCJHIVXBHJQYEUZz7vys8EoIUuczBbVFnso274E9o
UwLYdwzbpHc=
=UsaS
-----END PGP SIGNATURE-----