(RHSA-2009:1024) Important: Red Hat Enterprise Linux 4.8 kernel security and bug fix update

2009-05-18T20:01:21
ID RHSA-2009:1024
Type redhat
Reporter RedHat
Modified 2017-09-08T12:14:08

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes:

  • the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)

  • the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)

Bug Fixes and Enhancements:

Kernel Feature Support:

  • added a new allowable value to "/proc/sys/kernel/wake_balance" to allow the scheduler to run the thread on any available CPU rather than scheduling it on the optimal CPU.
  • added "max_writeback_pages" tunable parameter to /proc/sys/vm/ to allow the maximum number of modified pages kupdate writes to disk, per iteration per run.
  • added "swap_token_timeout" tunable parameter to /proc/sys/vm/ to provide a valid hold time for the swap out protection token.
  • added diskdump support to sata_svw driver.
  • limited physical memory to 64GB for 32-bit kernels running on systems with more than 64GB of physical memory to prevent boot failures.
  • improved reliability of autofs.
  • added support for 'rdattr_error' in NFSv4 readdir requests.
  • fixed various short packet handling issues for NFSv4 readdir and sunrpc.
  • fixed several CIFS bugs.

Networking and IPv6 Enablement:

  • added router solicitation support.
  • enforced sg requires tx csum in ethtool.

Platform Support:

x86, AMD64, Intel 64, IBM System z

  • added support for a new Intel chipset.
  • added initialization vendor info in boot_cpu_data.
  • added support for N_Port ID Virtualization (NPIV) for IBM System z guests using zFCP.
  • added HDMI support for some AMD and ATI chipsets.
  • updated HDA driver in ALSA to latest upstream as of 2008-07-22.
  • added support for affected_cpus for cpufreq.
  • removed polling timer from i8042.
  • fixed PM-Timer when using the ASUS A8V Deluxe motherboard.
  • backported usbfs_mutex in usbfs.

64-bit PowerPC:

  • updated eHEA driver from version 0078-04 to 0078-08.
  • updated logging of checksum errors in the eHEA driver.

Network Driver Updates:

  • updated forcedeth driver to latest upstream version 0.61.
  • fixed various e1000 issues when using Intel ESB2 hardware.
  • updated e1000e driver to upstream version 0.3.3.3-k6.
  • updated igb to upstream version 1.2.45-k2.
  • updated tg3 to upstream version 3.96.
  • updated ixgbe to upstream version 1.3.18-k4.
  • updated bnx2 to upstream version 1.7.9.
  • updated bnx2x to upstream version 1.45.23.
  • fixed bugs and added enhancements for the NetXen NX2031 and NX3031 products.
  • updated Realtek r8169 driver to support newer network chipsets. All variants of RTL810x/RTL8168(9) are now supported.

Storage Driver Updates:

  • fixed various SCSI issues. Also, the SCSI sd driver now calls the revalidate_disk wrapper.
  • fixed a dmraid reduced I/O delay bug in certain configurations.
  • removed quirk aac_quirk_scsi_32 for some aacraid controllers.
  • updated FCP driver on IBM System z systems with support for point-to-point connections.
  • updated lpfc to version 8.0.16.46.
  • updated megaraid_sas to version 4.01-RH1.
  • updated MPT Fusion driver to version 3.12.29.00rh.
  • updated qla2xxx firmware to 4.06.01 for 4GB/s and 8GB/s adapters.
  • updated qla2xxx driver to version 8.02.09.00.04.08-d.
  • fixed sata_nv in libsata to disable ADMA mode by default.

Miscellaneous Updates:

  • upgraded OpenFabrics Alliance Enterprise Distribution (OFED) to version 1.4.
  • added driver support and fixes for various Wacom tablets.

Users should install this update, which resolves these issues and adds these enhancements.