Wojciech Purczynski of COSEINC notified us of a kernel security issue that could lead to local privilege escalation on x86_64 platforms. draft advisory to follow. Acknowledgements: Red Hat would like to thank Wojciech Purczynski for reporting this issue.
Note that for RHEL5 this fix probably also need to be applied to ia32entry-xen.S created by linux-2.6-xen.patch
Fix has been committed upstream (public)
URL of the fix: http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=176df2457ef6207156ca1a40991c54ca01fef567
public, removing embargo
Details of privilege escalation consequence now public via advisory: http://marc.info/?l=full-disclosure&m=119062587407908&w=2 (opening up initial comment in this bug)
Working exploit has been made public.
Jan, updated kernels are progressing through quality engineering. We'll be releasing them (for RHEL3,4,5) the moment they pass!
While the Errata kernels have been announced on the enterprise-watch list 18h ago and are available via RHN, it appears as if the SRPMs aren't yet on ftp.redhat.com. Could somebody please look for them? https://rhn.redhat.com/errata/RHSA-2007-0936.html https://rhn.redhat.com/errata/RHSA-2007-0937.html https://rhn.redhat.com/errata/RHSA-2007-0938.html vs ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ etc.
Jan, we had a short outage on our main ftp server on Friday during which time the SRPMS we pushed on Thursday were missing from the ftp site. (They were at all times available via Red Hat Network). I checked this yesterday and the RHEL3 and RHEL4 srpms were present, but the RHEL5 ones were missing. This was escalated to our production engineering team who resolved it. I've checked again today and the kernel SRPMS for RHEL3, RHEL4, RHEL5 are all there now (note RHEL5 updates are always in a different place at ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS )
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0936.html http://rhn.redhat.com/errata/RHSA-2007-0937.html http://rhn.redhat.com/errata/RHSA-2007-0938.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2298