Lucene search

K
centosCentOS ProjectCESA-2009:0014
HistoryJan 15, 2009 - 1:41 p.m.

kernel security update

2009-01-1513:41:46
CentOS Project
lists.centos.org
55

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

64.9%

CentOS Errata and Security Advisory CESA-2009:0014

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues:

  • the sendmsg() function in the Linux kernel did not block during UNIX
    socket garbage collection. This could, potentially, lead to a local denial
    of service. (CVE-2008-5300, Important)

  • when fput() was called to close a socket, the __scm_destroy() function in
    the Linux kernel could make indirect recursive calls to itself. This could,
    potentially, lead to a local denial of service. (CVE-2008-5029, Important)

  • a deficiency was found in the Linux kernel virtual file system (VFS)
    implementation. This could allow a local, unprivileged user to make a
    series of file creations within deleted directories, possibly causing a
    denial of service. (CVE-2008-3275, Moderate)

  • a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog
    timer driver. This deficiency could lead to a possible information leak. By
    default, the “/dev/watchdog” device is accessible only to the root user.
    (CVE-2008-5702, Low)

  • the hfs and hfsplus file systems code failed to properly handle corrupted
    data structures. This could, potentially, lead to a local denial of
    service. (CVE-2008-4933, CVE-2008-5025, Low)

  • a flaw was found in the hfsplus file system implementation. This could,
    potentially, lead to a local denial of service when write operations were
    performed. (CVE-2008-4934, Low)

This update also fixes the following bugs:

  • when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running
    Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from
    being changed, such as not being reduced to an idle state when not in use.

  • mmap() could be used to gain access to beyond the first megabyte of RAM,
    due to insufficient checks in the Linux kernel code. Checks have been added
    to prevent this.

  • attempting to turn keyboard LEDs on and off rapidly on keyboards with
    slow keyboard controllers, may have caused key presses to fail.

  • after migrating a hypervisor guest, the MAC address table was not
    updated, causing packet loss and preventing network connections to the
    guest. Now, a gratuitous ARP request is sent after migration. This
    refreshes the ARP caches, minimizing network downtime.

  • writing crash dumps with diskdump may have caused a kernel panic on
    Non-Uniform Memory Access (NUMA) systems with certain memory
    configurations.

  • on big-endian systems, such as PowerPC, the getsockopt() function
    incorrectly returned 0 depending on the parameters passed to it when the
    time to live (TTL) value equaled 255, possibly causing memory corruption
    and application crashes.

  • a problem in the kernel packages provided by the RHSA-2008:0508 advisory
    caused the Linux kernel’s built-in memory copy procedure to return the
    wrong error code after recovering from a page fault on AMD64 and Intel 64
    systems. This may have caused other Linux kernel functions to return wrong
    error codes.

  • a divide-by-zero bug in the Linux kernel process scheduler, which may
    have caused kernel panics on certain systems, has been resolved.

  • the netconsole kernel module caused the Linux kernel to hang when slave
    interfaces of bonded network interfaces were started, resulting in a system
    hang or kernel panic when restarting the network.

  • the “/proc/xen/” directory existed even if systems were not running Red
    Hat Virtualization. This may have caused problems for third-party software
    that checks virtualization-ability based on the existence of “/proc/xen/”.
    Note: this update will remove the “/proc/xen/” directory on systems not
    running Red Hat Virtualization.

All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-January/077718.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077719.html

Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel
kernel-xenU
kernel-xenU-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0014

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

64.9%