kernel security update

2005-06-08T21:44:09
ID CESA-2005:420
Type centos
Reporter CentOS Project
Modified 2005-06-09T11:12:44

Description

CentOS Errata and Security Advisory CESA-2005:420

The Linux kernel handles the basic functions of the operating system.

This is the first regular kernel update to Red Hat Enterprise Linux 4.

A flaw affecting the auditing code was discovered. On Itanium architectures a local user could use this flaw to cause a denial of service (crash). This issue is rated as having important security impact (CAN-2005-0136).

A flaw was discovered in the servicing of a raw device ioctl. A local user who has access to raw devices could use this flaw to write to kernel memory and cause a denial of service or potentially gain privileges. This issue is rated as having moderate security impact (CAN-2005-1264).

A flaw in fragment forwarding was discovered that affected the netfilter subsystem for certain network interface cards. A remote attacker could send a set of bad fragments and cause a denial of service (system crash). Acenic and SunGEM network interfaces were the only adapters affected, which are in widespread use. (CAN-2005-0209)

A flaw in the futex functions was discovered affecting the Linux 2.6 kernel. A local user could use this flaw to cause a denial of service (system crash). (CAN-2005-0937)

New features introduced by this update include: - Fixed TCP BIC congestion handling. - Diskdump support for more controllers (megaraid, SATA) - Device mapper multipath support - AMD64 dual core support. - Intel ICH7 hardware support.

There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4.

The following device drivers have been upgraded to new versions: ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 ----------- 5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth --------- 1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to 0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm ----- 2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200 --------- 1.0.0

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-June/011800.html http://lists.centos.org/pipermail/centos-announce/2005-June/011803.html http://lists.centos.org/pipermail/centos-announce/2005-June/011808.html

Affected packages: kernel kernel-devel kernel-doc kernel-hugemem kernel-hugemem-devel kernel-smp kernel-smp-devel kernel-sourcecode

Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-420.html