Lucene search

K
redhatRedHatRHSA-2010:0149
HistoryMar 16, 2010 - 12:00 a.m.

(RHSA-2010:0149) Important: kernel security and bug fix update

2010-03-1600:00:00
access.redhat.com
35

EPSS

0.144

Percentile

95.8%

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

  • a deficiency was found in the fasync_helper() implementation. This could
    allow a local, unprivileged user to leverage a use-after-free of locked,
    asynchronous file descriptors to cause a denial of service or privilege
    escalation. (CVE-2009-4141, Important)

  • a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
    in the Linux kernel Stream Control Transmission Protocol (SCTP)
    implementation. A remote attacker could send a specially-crafted SCTP
    packet to a target system, resulting in a denial of service.
    (CVE-2010-0008, Important)

  • a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
    function in the Linux kernel. An attacker on the local network could
    trigger this flaw by sending IPv6 traffic to a target system, leading to a
    system crash (kernel OOPS) if dst->neighbour is NULL on the target system
    when receiving an IPv6 packet. (CVE-2010-0437, Important)

This update also fixes the following bugs:

  • programs compiled on x86, and that also call sched_rr_get_interval(),
    were silently corrupted when run on 64-bit systems. With this update, when
    such programs attempt to call sched_rr_get_interval() on 64-bit systems,
    sys32_sched_rr_get_interval() is called instead, which resolves this issue.
    (BZ#557683)

  • the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a
    regression, preventing Wake on LAN (WoL) working for network devices using
    the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
    such devices resulted in the following error, even when configuring valid
    options:

“Cannot set new wake-on-lan settings: Operation not supported
not setting wol”

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559334)

  • a number of bugs have been fixed in the copy_user routines for Intel 64
    and AMD64 systems, one of which could have possibly led to data corruption.
    (BZ#568307)

  • on some systems, a race condition in the inode-based file event
    notifications implementation caused soft lockups and the following
    messages:

“BUG: warning at fs/inotify.c:181/set_dentry_child_flags()”
“BUG: soft lockup - CPU#[x] stuck for 10s!”

This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568663)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.