(RHSA-2010:0394) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

• RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium
  systems. ptrace_check_attach() was not called during certain ptrace()
  requests. Under certain circumstances, a local, unprivileged user could use
  this flaw to call ptrace() on a process they do not own, giving them
  control over that process. (CVE-2010-0729, Important)

• a flaw was found in the kernel’s Unidirectional Lightweight Encapsulation
  (ULE) implementation. A remote attacker could send a specially-crafted ISO
  MPEG-2 Transport Stream (TS) frame to a target system, resulting in a
  denial of service. (CVE-2010-1086, Important)

• a use-after-free flaw was found in tcp_rcv_state_process() in the
  kernel’s TCP/IP protocol suite implementation. If a system using IPv6 had
  the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker
  could send an IPv6 packet to that system, causing a kernel panic.
  (CVE-2010-1188, Important)

• a divide-by-zero flaw was found in azx_position_ok() in the Intel High
  Definition Audio driver, snd-hda-intel. A local, unprivileged user could
  trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate)

• an information leak flaw was found in the kernel’s USB implementation.
  Certain USB errors could result in an uninitialized kernel buffer being
  sent to user-space. An attacker with physical access to a target system
  could use this flaw to cause an information leak. (CVE-2010-1083, Low)

Red Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.

Bug fixes:

• a regression prevented the Broadcom BCM5761 network device from working
  when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems.
  Note: The card worked in the 2nd or 3rd PCI-E slot. (BZ#567205)

• the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical
  address range was set incorrectly, however, causing 32-bit,
  para-virtualized Red Hat Enterprise Linux 4.8 guests to crash when launched
  on AMD64 or Intel 64 hosts that have more than 64 GB of RAM. (BZ#574392)

• RHSA-2009:1024 introduced a regression, causing diskdump to fail on
  systems with certain adapters using the qla2xxx driver. (BZ#577234)

• a race condition caused TX to stop in a guest using the virtio_net
  driver. (BZ#580089)

• on some systems, using the “arp_validate=3” bonding option caused both
  links to show as “down” even though the arp_target was responding to ARP
  requests sent by the bonding driver. (BZ#580842)

• in some circumstances, when a Red Hat Enterprise Linux client connected
  to a re-booted Windows-based NFS server, server-side filehandle-to-inode
  mapping changes caused a kernel panic. “bad_inode_ops” handling was changed
  to prevent this. Note: filehandle-to-inode mapping changes may still cause
  errors, but not panics. (BZ#582908)

• when installing a Red Hat Enterprise Linux 4 guest via PXE, hard-coded
  fixed-size scatterlists could conflict with host requests, causing the
  guest’s kernel to panic. With this update, dynamically allocated
  scatterlists are used, resolving this issue. (BZ#582911)

Enhancements:

• kernel support for connlimit. Note: iptables errata update RHBA-2010:0395
  is also required for connlimit to work correctly. (BZ#563223)

• support for the Intel architectural performance monitoring subsystem
  (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark
  performance events and options for configuring and counting these events.
  (BZ#582913)

• kernel support for OProfile sampling of Intel microarchitecture (Nehalem)
  CPUs. This update alone does not address OProfile support for such CPUs. A
  future oprofile package update will allow OProfile to work on Intel Nehalem
  CPUs. (BZ#582241)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.