(RHSA-2010:0148) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
  in the Linux kernel Stream Control Transmission Protocol (SCTP)
  implementation. A remote attacker could send a specially-crafted SCTP
  packet to a target system, resulting in a denial of service.
  (CVE-2010-0008, Important)

• a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
  function in the Linux kernel. An attacker on the local network could
  trigger this flaw by sending IPv6 traffic to a target system, leading to a
  system crash (kernel OOPS) if dst->neighbour is NULL on the target system
  when receiving an IPv6 packet. (CVE-2010-0437, Important)

This update also fixes the following bugs:

• programs compiled on x86, and that also call sched_rr_get_interval(),
  were silently corrupted when run on 64-bit systems. With this update, when
  such programs attempt to call sched_rr_get_interval() on 64-bit systems,
  sys32_sched_rr_get_interval() is called instead, which resolves this issue.
  (BZ#557682)

• the fix for CVE-2009-4538 provided by RHSA-2010:0079 introduced a
  regression, preventing Wake on LAN (WoL) working for network devices using
  the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
  such devices resulted in the following error, even when configuring valid
  options:

“Cannot set new wake-on-lan settings: Operation not supported
not setting wol”

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559333)

• a number of bugs have been fixed in the copy_user routines for Intel 64
  and AMD64 systems, one of which could have possibly led to data corruption.
  (BZ#568305)

• on some systems, a race condition in the inode-based file event
  notifications implementation caused soft lockups and the following
  messages:

“BUG: warning at fs/inotify.c:181/set_dentry_child_flags()”
“BUG: soft lockup - CPU#[x] stuck for 10s!”

This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568662)

• if a program that calls posix_fadvise() were compiled on x86, and then
  run on a 64-bit system, that program could experience various problems,
  including performance issues and the call to posix_fadvise() failing,
  causing the program to not run as expected or even abort. With this update,
  when such programs attempt to call posix_fadvise() on 64-bit systems,
  sys32_fadvise64() is called instead, which resolves this issue. This update
  also fixes other 32-bit system calls that were mistakenly called on 64-bit
  systems (including systems running the kernel-xen kernel). (BZ#569595)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.