(RHSA-2010:0779) Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• Information leak flaws were found in the Linux kernel Traffic Control
  Unit implementation. A local attacker could use these flaws to cause the
  kernel to leak kernel memory to user-space, possibly leading to the
  disclosure of sensitive information. (CVE-2010-2942, Moderate)

• A flaw was found in the tcf_act_police_dump() function in the Linux
  kernel network traffic policing implementation. A data structure in
  tcf_act_police_dump() was not initialized properly before being copied to
  user-space. A local, unprivileged user could use this flaw to cause an
  information leak. (CVE-2010-3477, Moderate)

• A missing upper bound integer check was found in the sys_io_submit()
  function in the Linux kernel asynchronous I/O implementation. A local,
  unprivileged user could use this flaw to cause an information leak.
  (CVE-2010-3067, Low)

Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3067.

This update also fixes the following bugs:

• When two systems using bonding devices in the adaptive load balancing
  (ALB) mode communicated with each other, an endless loop of ARP replies
  started between these two systems due to a faulty MAC address update. With
  this update, the MAC address update no longer creates unneeded ARP replies.
  (BZ#629239)

• When running the Connectathon NFS Testsuite with certain clients and Red
  Hat Enterprise Linux 4.8 as the server, nfsvers4, lock, and test2 failed
  the Connectathon test. (BZ#625535)

• For UDP/UNIX domain sockets, due to insufficient memory barriers in the
  network code, a process sleeping in select() may have missed notifications
  about new data. In rare cases, this bug may have caused a process to sleep
  forever. (BZ#640117)

• In certain situations, a bug found in either the HTB or TBF network
  packet schedulers in the Linux kernel could have caused a kernel panic when
  using Broadcom network cards with the bnx2 driver. (BZ#624363)

• Previously, allocating fallback cqr for DASD reserve/release IOCTLs
  failed because it used the memory pool of the respective device. This
  update preallocates sufficient memory for a single reserve/release request.
  (BZ#626828)

• In some situations a bug prevented “force online” succeeding for a DASD
  device. (BZ#626827)

• Using the “fsstress” utility may have caused a kernel panic. (BZ#633968)

• This update introduces additional stack guard patches. (BZ#632515)

• A bug was found in the way the megaraid_sas driver handled physical disks
  and management IOCTLs. All physical disks were exported to the disk layer,
  allowing an oops in megasas_complete_cmd_dpc() when completing the IOCTL
  command if a timeout occurred. (BZ#631903)

• Previously, a warning message was returned when a large amount of
  messages was passed through netconsole and a considerable amount of network
  load was added. With this update, the warning message is no longer
  displayed. (BZ#637729)

• Executing a large “dd” command (1 to 5GB) on an iSCSI device with the
  qla3xxx driver caused a system crash due to the incorrect storing of a
  private data structure. With this update, the size of the stored data
  structure is checked and the system crashes no longer occur. (BZ#624364)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.