(RHSA-2008:0857) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

A possible integer overflow was found in the Linux kernel Stream Control
Transmission Protocol (SCTP) implementation. This could allow an attacker
to cause a denial of service. (CVE-2008-3526, Important)

A deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) Authentication Extension implementation. All the SCTP-AUTH
socket options could cause a kernel panic if the API was used when the
extension is disabled. (CVE-2008-3792, Important)

Missing boundary checks were reported in the Linux kernel SCTP
implementation. This could, potentially, cause information disclosure via a
specially crafted SCTP_HMAC_IDENT IOCTL request. (CVE-2008-4113,
CVE-2008-4445, Important)

Tobias Klein reported a missing check in the Linux kernel’s Open Sound
System (OSS) implementation. This deficiency could lead to a possible
information leak. (CVE-2008-3272, Moderate)

A deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local unprivileged user to make a series
of file creations within deleted directories, possibly causing a denial of
service. (CVE-2008-3275, Moderate)

A flaw was found in the Linux kernel Network File System daemon (nfsd) when
NFSv4 was enabled. Remote attackers could use this to cause a denial of
service via a buffer overflow. (CVE-2008-3915, Moderate)

A possible integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service on a victim’s machine.
(CVE-2008-3276, Low)

A deficiency was found in the Linux kernel tmpfs implementation. This could
allow a local unprivileged user to make a certain sequence of file
operations, possibly causing a denial of service. (CVE-2008-3534, Low)

An off-by-one error was found in the iov_iter_advance function. This could
allow a local unprivileged user to cause a denial of service as
demonstrated by a testcase from the Linux Test Project. (CVE-2008-3535,
Low)

These updated packages also fix the following bugs:

• fixed a warning in the openib code.

• increased MAX_STACK_TRACE_ENTRIES on the debug kernel variant.

• enqueue deprioritized RT tasks to head of prio array.

• use timer_pending() to test ipv6 FIB timers.

• added a lower-bound check for the length field in PPPOE headers.

• pppoe: unshare skb to avoid possible data loss.

• using growisofs could cause oops due to the lack of proper sanity checks.

• random seed improvement.

• enabled the “Panic on Oops” feature.

• fixed a portability issue in parse_pmtmr() due to variable type.

• fixed sanity check in cifs/asn1.c.

• fixed a bug introduced by a previous fix, related to the inode code.

• added better sanity checks to dlm code.

• dynamic ftrace enhancements. The daemon is no longer used.

• fixed a format string bug in cpufreq.

• avoid a potential kernel stack overflow in binfmt_misc.c

• fixed the long boot-up time when CONFIG_PROVE_LOCKING is enabled.

• use a better random seed for NAT port randomization.

• a compat_semaphore was being handled as a regular semaphore due to
  casting (qla2xxx driver).

All users of Red Hat Enterprise MRG should upgrade to these new packages,
which address these vulnerabilities and fix these bugs.