7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.969 High
EPSS
Percentile
99.6%
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
several flaws were found in the way the Linux kernel CIFS implementation
handles Unicode strings. CIFS clients convert Unicode strings sent by a
server to their local character sets, and then write those strings into
memory. If a malicious server sent a long enough string, it could write
past the end of the target memory region and corrupt other memory areas,
possibly leading to a denial of service or privilege escalation on the
client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)
the Linux kernel Network File System daemon (nfsd) implementation did not
drop the CAP_MKNOD capability when handling requests from local,
unprivileged users. This flaw could possibly lead to an information leak or
privilege escalation. (CVE-2009-1072, Moderate)
Frank Filz reported the NFSv4 client was missing a file permission check
for the execute bit in some situations. This could allow local,
unprivileged users to run non-executable files on NFSv4 mounted file
systems. (CVE-2009-1630, Moderate)
a missing check was found in the hypervisor_callback() function in the
Linux kernel provided by the kernel-xen package. This could cause a denial
of service of a 32-bit guest if an application running in that guest
accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)
a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
agp_generic_alloc_pages() functions did not zero out the memory pages they
allocate, which may later be available to user-space processes. This flaw
could possibly lead to an information leak. (CVE-2009-1192, Low)
Bug fixes:
a race in the NFS client between destroying cached access rights and
unmounting an NFS file system could have caused a system crash. “Busy
inodes” messages may have been logged. (BZ#498653)
nanosleep() could sleep several milliseconds less than the specified time
on Intel Itanium®-based systems. (BZ#500349)
LEDs for disk drives in AHCI mode may have displayed a fault state when
there were no faults. (BZ#500120)
ptrace_do_wait() reported tasks were stopped each time the process doing
the trace called wait(), instead of reporting it once. (BZ#486945)
epoll_wait() may have caused a system lockup and problems for
applications. (BZ#497322)
missing capabilities could possibly allow users with an fsuid other than
0 to perform actions on some file system types that would otherwise be
prevented. (BZ#497271)
on NFS mounted file systems, heavy write loads may have blocked
nfs_getattr() for long periods, causing commands that use stat(2), such as
ls, to hang. (BZ#486926)
in rare circumstances, if an application performed multiple O_DIRECT
reads per virtual memory page and also performed fork(2), the buffer
storing the result of the I/O may have ended up with invalid data.
(BZ#486921)
when using GFS2, gfs2_quotad may have entered an uninterpretable sleep
state. (BZ#501742)
with this update, get_random_int() is more random and no longer uses a
common seed value, reducing the possibility of predicting the values
returned. (BZ#499783)
the “-fwrapv” flag was added to the gcc build options to prevent gcc from
optimizing away wrapping. (BZ#501751)
a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)
using the Broadcom NetXtreme BCM5704 network device with the tg3 driver
caused high system load and very bad performance. (BZ#502837)
“/proc/[pid]/maps” and “/proc/[pid]/smaps” can only be read by processes
able to use the ptrace() call on a given process; however, certain
information from “/proc/[pid]/stat” and “/proc/[pid]/wchan” could be used
to reconstruct memory maps. (BZ#499546)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | kernel-xen-devel | < 2.6.18-128.1.14.el5 | kernel-xen-devel-2.6.18-128.1.14.el5.x86_64.rpm |
RedHat | 5 | ia64 | kernel-xen | < 2.6.18-128.1.14.el5 | kernel-xen-2.6.18-128.1.14.el5.ia64.rpm |
RedHat | 5 | ppc64 | kernel-debug | < 2.6.18-128.1.14.el5 | kernel-debug-2.6.18-128.1.14.el5.ppc64.rpm |
RedHat | 5 | ppc64 | kernel | < 2.6.18-128.1.14.el5 | kernel-2.6.18-128.1.14.el5.ppc64.rpm |
RedHat | 5 | ia64 | kernel-debug-devel | < 2.6.18-128.1.14.el5 | kernel-debug-devel-2.6.18-128.1.14.el5.ia64.rpm |
RedHat | 5 | ia64 | kernel-debug | < 2.6.18-128.1.14.el5 | kernel-debug-2.6.18-128.1.14.el5.ia64.rpm |
RedHat | 5 | s390x | kernel | < 2.6.18-128.1.14.el5 | kernel-2.6.18-128.1.14.el5.s390x.rpm |
RedHat | 5 | s390x | kernel-kdump | < 2.6.18-128.1.14.el5 | kernel-kdump-2.6.18-128.1.14.el5.s390x.rpm |
RedHat | 5 | s390x | kernel-headers | < 2.6.18-128.1.14.el5 | kernel-headers-2.6.18-128.1.14.el5.s390x.rpm |
RedHat | 5 | ppc64 | kernel-debug-devel | < 2.6.18-128.1.14.el5 | kernel-debug-devel-2.6.18-128.1.14.el5.ppc64.rpm |