Alan Cox found issues in the R128 Direct Render Infrastructure that could allow local privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue. This was noted in an fedora core errata. I've been told there is an rhl9 errata due out for it soonish. And that the patches there should work for 7.x, 8.0. ------- Additional Comments From warren 2004-02-11 05:51:17 ---- I have confirmation that the r128 local hole is only exploitable if you load that module, so this is easy to avoid for most server admins. ------- Additional Comments From skvidal.edu 2004-02-11 07:44:21 ---- which doesn't negate the need to patch it. ------- Additional Comments From bugs.michael 2004-02-18 04:49:44 ---- Created an attachment (id=552) patch against rh9 erratum kernel Attached patch turns the rh9 erratum kernel 2.4.20-30.9 src.rpm into a rh73 kernel 2.4.20-30.7. ------- Additional Comments From jkeating 2004-02-18 14:07:22 ---- *** Bug 1302 has been marked as a duplicate of this bug. *** ------- Additional Comments From jkeating 2004-02-18 14:08:14 ---- Please see comments in bug 1302 and keep adding to this bug. ------- Additional Comments From cra 2004-02-18 15:27:03 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www-astro.physics.ox.ac.uk/~dom/legacy/kernel-2.4.20-31.7.legacy.src.rpm md5sum: 3c351d63129bf0d1b7e82e6e006d38d6 kernel-2.4.20-31.7.legacy.src.rpm sha1sum: 86281a6578aff0e0dbd2a2fad6b11c4ab7c6561a kernel-2.4.20-31.7.legacy.src.rpm Verified that the only changes from kernel-2.4.20-30.9.src.rpm are: - -%define release 30.9 +%define release 31.7.legacy - -%define nptlarchs %{all_x86} - -#define nptlarchs noarch +#define nptlarchs %{all_x86} +%define nptlarchs noarch +* Wed Feb 18 2004 Dominic Hargreaves <dom> +- Backport fixes for redhat 7.2 and 7.3 Builds cleanly for Red Hat 7.3. Tested i586 kernel on AMD K6-2 450. Boots and running fine. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFANBCtw2eg+Um7WIYRAg9/AKCacHWp/SPMN47JaKCXfVOENztrPQCeOr1W Ez2lw3ZLHUvhjHKAXEA2kq8= =0fpN -----END PGP SIGNATURE----- ------- Additional Comments From bugs.michael 2004-02-18 21:51:33 ---- <sigh> * It should become 30.7 not 31.7, as pointed out in bug 1302. * No backporting has been done. It's simply just the rh9 erratum built for rh7 (disabling NPTL). * I find it sort of ridiculous to move around 33 MiB huge src.rpms for a patch that is less than 1 KiB in size, if Jesse needed to build official packages for updates-testing anyway. Kinda inefficient. So, the only thing that's missing here are not src.rpms, but binary kernel packages for updates-testing. * Btw, 30.7 runs fine here on i586. ------- Additional Comments From jkeating 2004-02-19 05:42:11 ---- I'll be building binaries for updates-testing today or tomorrow. (I'll try to squeeze it into my work day, but I have an event to go to on Thursay nights so I won't be able to do it after work.) ------- Additional Comments From dawson 2004-02-20 09:24:55 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have downloaded RedHat's erratum kernel 2.4.20-30.9 src rpm directly from redhat, and checked the md5sum. I then applied the patch from comment three, by hand. I then rebuilt the binaries on a 7.3 machine. The binaries built without any problems that were apparent. The resulting binaries have been tested thus far for uniprocessor and smp for th e i686 platform. Further testing is forthcomming, but we do not anticipate any problems. If needed, the src.rpm and resulting binaries have been signed and are at ftp://linux21.fnal.gov/linux/contrib/kernel/73x/2.4.30-30 I give it a thumbs up. Troy Dawson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFANl532mrQCIL9F7IRAmXOAJ9gwH8ez/AeF0sPvR3cqbBxxDwXxQCfeeQN 4gLe/1UdeLhic6eXjXkINw8= =OofO -----END PGP SIGNATURE----- ------- Additional Comments From jkeating 2004-02-21 07:37:09 ---- Pushed to updates-testing. ------- Additional Comments From arvand 2004-02-21 09:54:47 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1057f39934c0df75852fabffb43d1e09 kernel-2.4.20-30.7.legacy.i686.rpm RedHat 7.3 Kernel installed successfully. Reboot was without problems. Server has been runn ing for over an hour without problems. vote PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAN7cd/JcqR38YQ08RAvaEAKCJiz3ODrCRgRgQjEE+iGOdRQrpMgCfXQ5Y tsCXJl26sG7Q6S657P3BtDY= =8Jc4 -----END PGP SIGNATURE----- ------- Additional Comments From michal 2004-02-21 13:57:10 ---- kernel-2.4.20-30.7.legacy.athlon.rpm - runs without problems, as expected, on two different Athlon machines. ------- Additional Comments From bugs.michael 2004-02-22 02:46:47 ---- Built by "legacy.me", what host/build-system is this? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1: f97d96d3238aa1bb314896699e280a31ed85529d kernel-2.4.20-30.7.legacy.athlon.rpm d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 kernel-2.4.20-30.7.legacy.i586.rpm * match my own builds very closely * both install and boot fine * i586 version runs for a few hours -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAOKSr0iMVcrivHFQRAvAjAJ47lSlM5b2zjK6aszQ1ox+HWSGYKwCeIomf +O2jfUfdJIrGghKYtGF7J9w= =Aijq -----END PGP SIGNATURE----- ------- Additional Comments From jkeating 2004-02-23 19:22:57 ---- Comment #13 "legacy.me" is a local machine on my personal network. We have yet to get the real buildsystem up and running, some issues w/ vserver and amd64 kernels. Hopefully we'll have it soon, and the build system will be "legacy.org" ------- Additional Comments From jkeating 2004-02-25 05:27:40 ---- *** Bug 1323 has been marked as a duplicate of this bug. *** ------- Additional Comments From tru 2004-02-25 07:27:45 ---- It works for me with kernel-BOOT (kickstart on rebuild bootnet.img) and kernel for athlon (UP). I don't have any other machines to test on. Tru ------- Additional Comments From rostetter.edu 2004-02-26 06:42:28 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Downloaded kernel-2.4.20-30.7.legacy.i686.rpm from http://download.fedoralegacy.org/redhat/7.2/updates-testing/i386/ * RPM says gpg key and md5 check out. Validated the signature fingerprint. * Installed fine on 3 RH 7.2 i686 (PIII) machines. * Manually updated lilo for new kernel. * All rebooted fine, running fine. * Downloaded kernel-smp-2.4.20-30.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.2/updates-testing/i386/ * RPM says gpg key and md5 check out. Validated the signature fingerprint. * Installed fine on 1 RH 7.2 i686 SMP (PII) machine. * Manually updated lilo for new kernel. * Rebooted fine, running fine. * Vote for publish... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAPiGo4jZRbknHoPIRAmpvAJ4jgHO+3Y2uaCvFPMbSkyBOhVY6zACgiR1J waFlwtSHJVoMv0ky6sHwkFk= =ER+p -----END PGP SIGNATURE----- ------- Additional Comments From rostetter.edu 2004-02-28 08:31:56 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Downloaded kernel-smp-2.4.20-30.8.legacy.i686.rpm and kernel-source-2.4.20-30.8.legacy.i386.rpm from http://download.fedoralegacy.org/redhat/8.0/updates-testing/i386/ * RPM says keys and md5 hashes check out, validated the signature fingerprints. * Installed fine on a RH 8.0 P4 Xeon SMP machine, except... * Updates lilo with a label of "2.4.20-30.8.legacysmp" which is too long for lilo, so you can't run /sbin/lilo on it until you change the label. * Updated /etc/lilo.conf for shorter label and ran lilo to install it. * All rebooted fine, running fine. * Guess it is okay to publish even with the lilo issue; not sure if/how to fix the lilo issue... Could be an issue for newbies... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAQN3u4jZRbknHoPIRAmS5AJ9hPTdE9fWgSGoQtAdgDdiA4g2iQwCfWNAL z54NybJW3qOFnCJL+h6RtUY= =rKUb -----END PGP SIGNATURE----- ------- Additional Comments From warren 2004-02-28 11:41:23 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 kernel-2.4.20-30.8.legacy Tested this within VMWare 4.0.5 with some stress testing. Seems OK for me. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAQQria93+jlSirPERApZfAKCOaegzSPl1kxImnCG+aRH09k3WeQCfcLNi mkDbTmyIlvsTZTtuDxJHdeM= =LAn8 -----END PGP SIGNATURE----- (athlon only tested) ------- Additional Comments From troels 2004-02-29 22:20:04 ---- As Eric, I ran into the lilo problem: I used yum to install the kernel on two different servers, both using lilo as the boot-loader (because they boot form a software raid - grub doesn't handle that situation well). After the kernel had been installed, lilo couln't be run because the boot label of the newly installed kernel was too long: On a SMP server: Fatal: Label "2.4.20-30.8.legacysmp" is too long and on the single-CPU server: Fatal: Label "2.4.20-30.8.legacy" is too long Apart from this: No problems found. ------- Additional Comments From skvidal.edu 2004-03-01 13:18:18 ---- Set this one to publish - been running it on production boxes all over duke for a number of days now. Looking good. PUBLISH ------- Additional Comments From troels 2004-03-01 13:36:15 ---- I'm not sure which utility actually adjusts lilo. Does anyone know? Can that utility be told not to add ".legacy" in the kernel image name? ------- Bug moved to this database by dkl 2005-03-30 18:23 ------- This bug previously known as bug 1284 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1284 Originally filed under the Fedora Legacy product and General component. Attachments: patch against rh9 erratum kernel https://bugzilla.fedora.us/attachment.cgi?action=view&id=552 Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Unknown severity major. Setting to default severity "normal". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.