(RHSA-2009:1081) Important: kernel-rt security and bug fix update

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

• a buffer overflow flaw was found in the CIFSTCon() function of the Linux
  kernel Common Internet File System (CIFS) implementation. When mounting a
  CIFS share, a malicious server could send an overly-long string to the
  client, possibly leading to a denial of service or privilege escalation on
  the client mounting the CIFS share. (CVE-2009-1439, Important)

• the Linux kernel Network File System daemon (nfsd) implementation did not
  drop the CAP_MKNOD capability when handling requests from local,
  unprivileged users. This flaw could possibly lead to an information leak or
  privilege escalation. (CVE-2009-1072, Moderate)

• a deficiency was found in the Linux kernel signals implementation. The
  kill_something_info() function did not check if a process was outside the
  caller’s namespace before sending the kill signal, making it possible to
  kill processes in all process ID (PID) namespaces, breaking PID namespace
  isolation. (CVE-2009-1338, Moderate)

• a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
  agp_generic_alloc_pages() functions did not zero out the memory pages they
  allocate, which may later be available to user-space processes. This flaw
  could possibly lead to an information leak. (CVE-2009-1192, Low)

These updated packages also fix the following bugs:

• the “-fwrapv” flag was added to the gcc build options to prevent gcc from
  optimizing away wrapping arithmetic, as optimizing away wrapping may lead
  to unexpected results. (BZ#491264)

• the bnx2x driver may have failed when highly-stressed by network
  stress-tests, resulting in network access being unavailable. This driver
  has been updated to resolve this issue. (BZ#495472)

• the file system mask, which lists capabilities for users with a file
  system user ID (fsuid) of 0, was missing the CAP_MKNOD and
  CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with
  an fsuid other than 0 to perform actions on some file system types that
  would otherwise be prevented. This update adds these capabilities.
  (BZ#497047)

• “/proc/[pid]/maps” and “/proc/[pid]/smaps” can only be read by processes
  able to use the ptrace() call on a given process; however, certain
  information from “/proc/[pid]/stat” and “/proc/[pid]/wchan” could be used
  to reconstruct memory maps, making it possible to bypass the Address Space
  Layout Randomization (ASLR) security feature. This update addresses this
  issue. (BZ#499550)

• the get_random_int() function returned the same number until the jiffies
  counter (which ticks at a clock interrupt frequency) or process ID (PID)
  changed, making it possible to predict the random numbers. This may have
  helped to bypass the ASLR security feature. With this update,
  get_random_int() is more random and no longer uses a common seed value.
  This reduces the possibility of predicting the values get_random_int()
  returns. (BZ#499787)

All Red Hat Enterprise MRG users should upgrade to these updated packages,
which contain backported patches to resolve these issues. Note: The system
must be rebooted for this update to take effect.