Updated kernel packages are now available that contain fixes for security vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB drivers.
The Linux kernel handles the basic functions of the operating system. Several security issues have been found that affect the Linux kernel: Al Viro found a security issue in the tty layer whereby any user could cause a kernel oops. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0247 to this issue. Andrea Arcangeli found an issue in the low-level mxcsr code in which a malformed address would leave garbage in cpu state registers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0248 to this issue. The TCP/IP fragment reassembly handling allows remote attackers to cause a denial of service (CPU consumption) via packets that cause a large number of hash table collisions, a vulnerability similar to CAN-2003-0244. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0364 to this issue. It is recommended that users upgrade to these erratum kernels, which contain patches to correct these vulnerabilities. In addition, these kernels fix a number of bugs: Driver bugs fixes are included for the Silicon Image IDE driver, the USB ohci driver, the Audigy driver, and the driver for the Olympus Camedia digital camera. A fix written by Andrew Morton is included to address a system stall caused by file I/O in rare cases. An updated fix corrects some bugs in the ptrace security fix for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. Note that these bugs were functionality limitations, not additional security vulnerabilities. Updated fixes for the ioperm security issue are also included. A potential data corruption scenario has been identified. This scenario can occur under heavy, complex I/O loads. The scenario only occurs while performing memory mapped file I/O, where the file is simultaneously unlinked and the corresponding file blocks reallocated. Furthermore, the memory mapped writes must be to a partial page at the end of a file on an ext3 file system. As such, Red Hat considers this an unlikely scenario. Red Hat Linux kernel erratum RHSA-2003:172 exposed a bug in the quota packages for Red Hat Linux 7.1, 7.2 and 7.3; a fixed quota package is also included in this erratum.