Fedora Core 1 Advisory: kernel Aug 11, 2004, 01 :45 UTC (0 Talkback[s]) (3192 reads)
Fedora Update Notification
FEDORA-2004-251
2004-08-10
Product : Fedora Core 1
Name : kernel
Version : 2.4.22
Release : 1.2199.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
Paul Starzetz discovered flaws in the Linux kernel when handling file offset
pointers. These consist of invalid conversions of 64 to 32-bit file offset
pointers and possible race conditions. A local unprivileged user could make
use of these flaws to access large portions of kernel memory. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-0415 to this issue.
These packages contain a patch written by Al Viro to correct these flaws.
Red Hat would like to thank iSEC Security Research for disclosing this issue
and a number of vendor-sec participants for reviewing and working on the
patch to this issue.
Additionally, a number of issues were fixed in the USB serial code.
