7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.019 Low
EPSS
Percentile
87.3%
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
memory leaks were found on some error paths in the icmp_send()
function in the Linux kernel. This could, potentially, cause the network
connectivity to cease. (CVE-2009-0778, Important)
Chris Evans reported a deficiency in the clone() system call when called
with the CLONE_PARENT flag. This flaw permits the caller (the parent
process) to indicate an arbitrary signal it wants to receive when its child
process exits. This could lead to a denial of service of the parent
process. (CVE-2009-0028, Moderate)
an off-by-one underflow flaw was found in the eCryptfs subsystem. This
could potentially cause a local denial of service when the readlink()
function returned an error. (CVE-2009-0269, Moderate)
a deficiency was found in the Remote BIOS Update (RBU) driver for Dell
systems. This could allow a local, unprivileged user to cause a denial of
service by reading zero bytes from the image_type or packet_size files in
“/sys/devices/platform/dell_rbu/”. (CVE-2009-0322, Moderate)
an inverted logic flaw was found in the SysKonnect FDDI PCI adapter
driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN
capability was absent (local, unprivileged users could reset driver
statistics). (CVE-2009-0675, Moderate)
the sock_getsockopt() function in the Linux kernel did not properly
initialize a data structure that can be directly returned to user-space
when the getsockopt() function is called with SO_BSDCOMPAT optname set.
This flaw could possibly lead to memory disclosure.
(CVE-2009-0676, Moderate)
the ext2 and ext3 file system code failed to properly handle corrupted
data structures, leading to a possible local denial of service when read
or write operations were performed on a specially-crafted file system.
(CVE-2008-3528, Low)
a deficiency was found in the libATA implementation. This could,
potentially, lead to a local denial of service. Note: by default, the
“/dev/sg*” devices are accessible only to the root user.
(CVE-2008-5700, Low)
Bug fixes:
a bug in aic94xx may have caused kernel panics during boot on some
systems with certain SATA disks. (BZ#485909)
a word endianness problem in the qla2xx driver on PowerPC-based machines
may have corrupted flash-based devices. (BZ#485908)
a memory leak in pipe() may have caused a system deadlock. The workaround
in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release
Notes Updates, which involved manually allocating extra file descriptors to
processes calling do_pipe, is no longer necessary. (BZ#481576)
CPU soft-lockups in the network rate estimator. (BZ#481746)
bugs in the ixgbe driver caused it to function unreliably on some
systems with 16 or more CPU cores. (BZ#483210)
the iwl4965 driver may have caused a kernel panic. (BZ#483206)
a bug caused NFS attributes to not update for some long-lived NFS
mounted file systems. (BZ#483201)
unmounting a GFS2 file system may have caused a panic. (BZ#485910)
a bug in ptrace() may have caused a panic when single stepping a target.
(BZ#487394)
on some 64-bit systems, notsc was incorrectly set at boot, causing slow
gettimeofday() calls. (BZ#488239)
do_machine_check() cleared all Machine Check Exception (MCE) status
registers, preventing the BIOS from using them to determine the cause of
certain panics and errors. (BZ#490433)
scaling problems caused performance problems for LAPI applications.
(BZ#489457)
a panic may have occurred on systems using certain Intel WiFi Link 5000
products when booting with the RF Kill switch on. (BZ#489846)
the TSC is invariant with C/P/T states, and always runs at constant
frequency from now on. (BZ#489310)
All users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be rebooted for
this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | kernel-xen | < 2.6.18-128.1.6.el5 | kernel-xen-2.6.18-128.1.6.el5.x86_64.rpm |
RedHat | 5 | i686 | kernel-devel | < 2.6.18-128.1.6.el5 | kernel-devel-2.6.18-128.1.6.el5.i686.rpm |
RedHat | 5 | ppc | kernel-headers | < 2.6.18-128.1.6.el5 | kernel-headers-2.6.18-128.1.6.el5.ppc.rpm |
RedHat | 5 | x86_64 | kernel-xen-devel | < 2.6.18-128.1.6.el5 | kernel-xen-devel-2.6.18-128.1.6.el5.x86_64.rpm |
RedHat | 5 | i686 | kernel-xen-devel | < 2.6.18-128.1.6.el5 | kernel-xen-devel-2.6.18-128.1.6.el5.i686.rpm |
RedHat | 5 | i686 | kernel-pae-devel | < 2.6.18-128.1.6.el5 | kernel-PAE-devel-2.6.18-128.1.6.el5.i686.rpm |
RedHat | 5 | i686 | kernel-debug-devel | < 2.6.18-128.1.6.el5 | kernel-debug-devel-2.6.18-128.1.6.el5.i686.rpm |
RedHat | 5 | ppc64 | kernel-debug | < 2.6.18-128.1.6.el5 | kernel-debug-2.6.18-128.1.6.el5.ppc64.rpm |
RedHat | 5 | x86_64 | kernel-headers | < 2.6.18-128.1.6.el5 | kernel-headers-2.6.18-128.1.6.el5.x86_64.rpm |
RedHat | 5 | ppc64 | kernel-devel | < 2.6.18-128.1.6.el5 | kernel-devel-2.6.18-128.1.6.el5.ppc64.rpm |