logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2009:0014) Important: kernel security and bug fix update

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues: * the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important) * when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a local denial of service. (CVE-2008-5029, Important) * a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) * a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog timer driver. This deficiency could lead to a possible information leak. By default, the "/dev/watchdog" device is accessible only to the root user. (CVE-2008-5702, Low) * the hfs and hfsplus file systems code failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low) * a flaw was found in the hfsplus file system implementation. This could, potentially, lead to a local denial of service when write operations were performed. (CVE-2008-4934, Low) This update also fixes the following bugs: * when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from being changed, such as not being reduced to an idle state when not in use. * mmap() could be used to gain access to beyond the first megabyte of RAM, due to insufficient checks in the Linux kernel code. Checks have been added to prevent this. * attempting to turn keyboard LEDs on and off rapidly on keyboards with slow keyboard controllers, may have caused key presses to fail. * after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss and preventing network connections to the guest. Now, a gratuitous ARP request is sent after migration. This refreshes the ARP caches, minimizing network downtime. * writing crash dumps with diskdump may have caused a kernel panic on Non-Uniform Memory Access (NUMA) systems with certain memory configurations. * on big-endian systems, such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255, possibly causing memory corruption and application crashes. * a problem in the kernel packages provided by the RHSA-2008:0508 advisory caused the Linux kernel's built-in memory copy procedure to return the wrong error code after recovering from a page fault on AMD64 and Intel 64 systems. This may have caused other Linux kernel functions to return wrong error codes. * a divide-by-zero bug in the Linux kernel process scheduler, which may have caused kernel panics on certain systems, has been resolved. * the netconsole kernel module caused the Linux kernel to hang when slave interfaces of bonded network interfaces were started, resulting in a system hang or kernel panic when restarting the network. * the "/proc/xen/" directory existed even if systems were not running Red Hat Virtualization. This may have caused problems for third-party software that checks virtualization-ability based on the existence of "/proc/xen/". Note: this update will remove the "/proc/xen/" directory on systems not running Red Hat Virtualization. All Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues.


Affected Package


OS OS Version Package Name Package Version
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-hugemem 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-doc 2.6.9-78.0.13.EL
RedHat any kernel-hugemem-devel 2.6.9-78.0.13.EL
RedHat any kernel-largesmp-devel 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-xenu-devel 2.6.9-78.0.13.EL
RedHat any kernel-smp 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-largesmp 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-xenu-devel 2.6.9-78.0.13.EL
RedHat any kernel-smp 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL
RedHat any kernel-xenu 2.6.9-78.0.13.EL
RedHat any kernel-largesmp 2.6.9-78.0.13.EL
RedHat any kernel-largesmp-devel 2.6.9-78.0.13.EL
RedHat any kernel-largesmp-devel 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL
RedHat any kernel-xenu 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL
RedHat any kernel-smp-devel 2.6.9-78.0.13.EL
RedHat any kernel-largesmp 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL
RedHat any kernel 2.6.9-78.0.13.EL
RedHat any kernel-smp-devel 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL
RedHat any kernel-devel 2.6.9-78.0.13.EL

Related