Lucene search

K
centosCentOS ProjectCESA-2009:0014
HistoryJan 15, 2009 - 1:41 p.m.

kernel security update

2009-01-1513:41:46
CentOS Project
lists.centos.org
48

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

64.8%

CentOS Errata and Security Advisory CESA-2009:0014

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues:

  • the sendmsg() function in the Linux kernel did not block during UNIX
    socket garbage collection. This could, potentially, lead to a local denial
    of service. (CVE-2008-5300, Important)

  • when fput() was called to close a socket, the __scm_destroy() function in
    the Linux kernel could make indirect recursive calls to itself. This could,
    potentially, lead to a local denial of service. (CVE-2008-5029, Important)

  • a deficiency was found in the Linux kernel virtual file system (VFS)
    implementation. This could allow a local, unprivileged user to make a
    series of file creations within deleted directories, possibly causing a
    denial of service. (CVE-2008-3275, Moderate)

  • a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog
    timer driver. This deficiency could lead to a possible information leak. By
    default, the “/dev/watchdog” device is accessible only to the root user.
    (CVE-2008-5702, Low)

  • the hfs and hfsplus file systems code failed to properly handle corrupted
    data structures. This could, potentially, lead to a local denial of
    service. (CVE-2008-4933, CVE-2008-5025, Low)

  • a flaw was found in the hfsplus file system implementation. This could,
    potentially, lead to a local denial of service when write operations were
    performed. (CVE-2008-4934, Low)

This update also fixes the following bugs:

  • when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running
    Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from
    being changed, such as not being reduced to an idle state when not in use.

  • mmap() could be used to gain access to beyond the first megabyte of RAM,
    due to insufficient checks in the Linux kernel code. Checks have been added
    to prevent this.

  • attempting to turn keyboard LEDs on and off rapidly on keyboards with
    slow keyboard controllers, may have caused key presses to fail.

  • after migrating a hypervisor guest, the MAC address table was not
    updated, causing packet loss and preventing network connections to the
    guest. Now, a gratuitous ARP request is sent after migration. This
    refreshes the ARP caches, minimizing network downtime.

  • writing crash dumps with diskdump may have caused a kernel panic on
    Non-Uniform Memory Access (NUMA) systems with certain memory
    configurations.

  • on big-endian systems, such as PowerPC, the getsockopt() function
    incorrectly returned 0 depending on the parameters passed to it when the
    time to live (TTL) value equaled 255, possibly causing memory corruption
    and application crashes.

  • a problem in the kernel packages provided by the RHSA-2008:0508 advisory
    caused the Linux kernel’s built-in memory copy procedure to return the
    wrong error code after recovering from a page fault on AMD64 and Intel 64
    systems. This may have caused other Linux kernel functions to return wrong
    error codes.

  • a divide-by-zero bug in the Linux kernel process scheduler, which may
    have caused kernel panics on certain systems, has been resolved.

  • the netconsole kernel module caused the Linux kernel to hang when slave
    interfaces of bonded network interfaces were started, resulting in a system
    hang or kernel panic when restarting the network.

  • the “/proc/xen/” directory existed even if systems were not running Red
    Hat Virtualization. This may have caused problems for third-party software
    that checks virtualization-ability based on the existence of “/proc/xen/”.
    Note: this update will remove the “/proc/xen/” directory on systems not
    running Red Hat Virtualization.

All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-January/077718.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077719.html

Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel
kernel-xenU
kernel-xenU-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0014

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

64.8%

Related for CESA-2009:0014