Linux Today: Linux News On Internet Time.

More on LinuxToday

Fedora Legacy Advisory: kernel

Mar 03, 2004, 20:29 (0 Talkback[s])

Fedora Legacy Update Advisory

Synopsis: Updated kernel resolves security vulnerabilities
Advisory ID: FLSA:1284
Issue date: 2004-03-02
Product: Red Hat Linux
Keywords: Security
Cross references:
CVE Names: CAN-2004-0077, CAN-2004-0075, CAN-2004-0010, CAN-2004-0003

1. Topic:

Updated kernel packages that fix security vulnerabilities which may allow local users to gain root privileges are now available. These packages also resolve other minor issues.

2. Relevent releases/architectures:

Red Hat Linux 7.2 - i386, i586, i686, athlon
Red Hat Linux 7.3 - i386, i586, i686, athlon
Red Hat Linux 8.0 - i386, i586, i686, athlon

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in return value checking in mremap() in the Linux kernel versions 2.4.24 and previous that may allow a local attacker to gain root privileges. No exploit is currently available; however this issue is exploitable. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0077 to this issue.

The Vicam USB driver in kernel versions prior to 2.4.25 does not use the copy_from_user function to access userspace, which crosses security boundaries. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0075 to this issue.

Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could allow local privilege escalation. ncpfs is only used to allow a system to mount volumes of NetWare servers or print to NetWare printers. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0010 to this issue.

Alan Cox found issues in the R128 Direct Render Infrastructure that could allow local privilege escalation. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0003 to this issue.

All users are advised to upgrade to these errata packages, which contain backported security patches that correct these issues.

=46edora Legacy would like to thank Paul Starzetz from ISEC for reporting the issue CAN-2004-0077, and Dominic Hargreaves for providing backported rpms for all issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit for directions on how to configure yum and apt-get.

5. Bug IDs fixed: - 1284 - KERNEL: r128 dri AND do_mremap VMA limit local privilege escalation vulnerability

6. RPMs required:

Red Hat Linux 7.2:






Red Hat Linux 7.3:

SRPM: 7.legacy.src.rpm

i386: 30.7.legacy.i386.rpm 20-30.7.legacy.i386.rpm


i686: 20-30.7.legacy.i686.rpm


Red Hat Linux 8.0:

SRPM: 8.legacy.src.rpm

i386: 30.8.legacy.i386.rpm 30.8.legacy.i386.rpm 20-30.8.legacy.i386.rpm

i568: 30.8.legacy.i586.rpm

i686: 20-30.8.legacy.i686.rpm 30.8.legacy.i686.rpm

athlon: 30.8.legacy.athlon.rpm

7. Verification:

SHA1 sum Package Name -------------------------------------------------------------------------

4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 7.2/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d 7.2/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f 7.2/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 7.2/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c 7.2/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4 7.2/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358 7.2/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599 7.2/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd 7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f 7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77 7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322 7.2/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 7.3/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d 7.3/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f 7.3/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 7.3/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c 7.3/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4 7.3/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358 7.3/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599 7.3/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd 7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f 7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77 7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322 7.3/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

8eea381f80412a9421d25b1466d084cbbf5e1cee 8.0/updates/SRPMS/kernel-2.4.20-30.8.legacy.src.rpm
77ee4d29f593a4746e70a6ac55f9791d3183803e 8.0/updates/i386/kernel-2.4.20-30.8.legacy.athlon.rpm
b1ba3b73d03294d4b31756eb6086bfffd4ef9958 8.0/updates/i386/kernel-2.4.20-30.8.legacy.i386.rpm
cd49df62f704ed4e11be197fdae0920de1e1c584 8.0/updates/i386/kernel-2.4.20-30.8.legacy.i586.rpm
467c2613862985f16e07db103d7d88ab914ea73c 8.0/updates/i386/kernel-2.4.20-30.8.legacy.i686.rpm
63e243113b85a57ccaaaf0bcdf1468d7f8290001 8.0/updates/i386/kernel-BOOT-2.4.20-30.8.legacy.i386.rpm
ea960ffbacd83cdb2b0ae78e612da5099121f77c 8.0/updates/i386/kernel-bigmem-2.4.20-30.8.legacy.i686.rpm
842cea04dad3976173afb6609c19615eff88aa8a 8.0/updates/i386/kernel-doc-2.4.20-30.8.legacy.i386.rpm
e07e04ffef20d0f3fd66cd8cc46d7f2d7d1c2af0 8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.athlon.rpm
a2a81a0ebe3e7433e339881bd1ba6177f75599c8 8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i586.rpm
8625244b0dca1a71fe9b74769f6376af9495b333 8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i686.rpm
4f6b05bc2296a0b37bc9528fd0e36d4e8f69ff67 8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:


8. References:

9. Contact:

The Fedora Legacy security contact is <<A HREF="">>. More project details at

10. Special Notes:

If you use lilo, you will have to edit your lilo.conf file and shorten the label of this kernel. The label is too long for lilo, but not for grub.

Keating RHCE (
Fedora Legacy Team (