(RHSA-2010:0076) Important: kernel security and bug fix update

2010-02-02T05:00:00
ID RHSA-2010:0076
Type redhat
Reporter RedHat
Modified 2017-09-08T11:48:30

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

  • an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important)

  • a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially-crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important)

  • permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The "dbg_lvl" and "poll_mode_io" files on the sysfs file system ("/sys/") had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)

  • a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially-crafted HFS file system, for example, by running "ls". (CVE-2009-4020, Low)

This update also fixes the following bugs:

  • if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running "strace -f" on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)

  • a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)

  • the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver. This update implements a better solution for that issue. Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.