7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.969 High
EPSS
Percentile
99.6%
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
a buffer overflow flaw was found in the CIFSTCon() function of the Linux
kernel Common Internet File System (CIFS) implementation. When mounting a
CIFS share, a malicious server could send an overly-long string to the
client, possibly leading to a denial of service or privilege escalation on
the client mounting the CIFS share. (CVE-2009-1439, Important)
the Linux kernel Network File System daemon (nfsd) implementation did not
drop the CAP_MKNOD capability when handling requests from local,
unprivileged users. This flaw could possibly lead to an information leak or
privilege escalation. (CVE-2009-1072, Moderate)
a deficiency was found in the Linux kernel signals implementation. The
kill_something_info() function did not check if a process was outside the
callerβs namespace before sending the kill signal, making it possible to
kill processes in all process ID (PID) namespaces, breaking PID namespace
isolation. (CVE-2009-1338, Moderate)
a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
agp_generic_alloc_pages() functions did not zero out the memory pages they
allocate, which may later be available to user-space processes. This flaw
could possibly lead to an information leak. (CVE-2009-1192, Low)
These updated packages also fix the following bugs:
the β-fwrapvβ flag was added to the gcc build options to prevent gcc from
optimizing away wrapping arithmetic, as optimizing away wrapping may lead
to unexpected results. (BZ#491264)
the bnx2x driver may have failed when highly-stressed by network
stress-tests, resulting in network access being unavailable. This driver
has been updated to resolve this issue. (BZ#495472)
the file system mask, which lists capabilities for users with a file
system user ID (fsuid) of 0, was missing the CAP_MKNOD and
CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with
an fsuid other than 0 to perform actions on some file system types that
would otherwise be prevented. This update adds these capabilities.
(BZ#497047)
β/proc/[pid]/mapsβ and β/proc/[pid]/smapsβ can only be read by processes
able to use the ptrace() call on a given process; however, certain
information from β/proc/[pid]/statβ and β/proc/[pid]/wchanβ could be used
to reconstruct memory maps, making it possible to bypass the Address Space
Layout Randomization (ASLR) security feature. This update addresses this
issue. (BZ#499550)
the get_random_int() function returned the same number until the jiffies
counter (which ticks at a clock interrupt frequency) or process ID (PID)
changed, making it possible to predict the random numbers. This may have
helped to bypass the ASLR security feature. With this update,
get_random_int() is more random and no longer uses a common seed value.
This reduces the possibility of predicting the values get_random_int()
returns. (BZ#499787)
All Red Hat Enterprise MRG users should upgrade to these updated packages,
which contain backported patches to resolve these issues. Note: The system
must be rebooted for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | kernel-rt-vanilla | <Β 2.6.24.7-117.el5rt | kernel-rt-vanilla-2.6.24.7-117.el5rt.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-rt-debug-devel | <Β 2.6.24.7-117.el5rt | kernel-rt-debug-devel-2.6.24.7-117.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt-vanilla | <Β 2.6.24.7-117.el5rt | kernel-rt-vanilla-2.6.24.7-117.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-debug | <Β 2.6.24.7-117.el5rt | kernel-rt-debug-2.6.24.7-117.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-devel | <Β 2.6.24.7-117.el5rt | kernel-rt-devel-2.6.24.7-117.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-vanilla-devel | <Β 2.6.24.7-117.el5rt | kernel-rt-vanilla-devel-2.6.24.7-117.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt | <Β 2.6.24.7-117.el5rt | kernel-rt-2.6.24.7-117.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-trace-devel | <Β 2.6.24.7-117.el5rt | kernel-rt-trace-devel-2.6.24.7-117.el5rt.i686.rpm |
RedHat | 5 | x86_64 | kernel-rt | <Β 2.6.24.7-117.el5rt | kernel-rt-2.6.24.7-117.el5rt.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-rt-devel | <Β 2.6.24.7-117.el5rt | kernel-rt-devel-2.6.24.7-117.el5rt.x86_64.rpm |