[RHSA-2009:0331-01] Important: kernel security and bug fix update

news · March 12, 2009

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

=====================================================================

Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update

Advisory ID: RHSA-2009:0331-01

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0331.html

Issue date: 2009-03-12

CVE Names: CVE-2008-5700 CVE-2009-0031 CVE-2009-0065

CVE-2009-0322

=====================================================================

1. Summary:

Updated kernel packages that resolve several security issues and fix

various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red

Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux

operating system.

This update addresses the following security issues:

* a buffer overflow was found in the Linux kernel Partial Reliable Stream

Control Transmission Protocol (PR-SCTP) implementation. This could,

potentially, lead to a denial of service if a Forward-TSN chunk is received

with a large stream ID. (CVE-2009-0065, Important)

* a memory leak was found in keyctl handling. A local, unprivileged user

could use this flaw to deplete kernel memory, eventually leading to a

denial of service. (CVE-2009-0031, Important)

* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell

systems. This could allow a local, unprivileged user to cause a denial of

service by reading zero bytes from the image_type or packet_size file in

"/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Important)

* a deficiency was found in the libATA implementation. This could,

potentially, lead to a denial of service. Note: by default, "/dev/sg*"

devices are accessible only to the root user. (CVE-2008-5700, Low)

This update also fixes the following bugs:

* when the hypervisor changed a page table entry (pte) mapping from

read-only to writable via a make_writable hypercall, accessing the changed

page immediately following the change caused a spurious page fault. When

trying to install a para-virtualized Red Hat Enterprise Linux 4 guest on a

Red Hat Enterprise Linux 5.3 dom0 host, this fault crashed the installer

with a kernel backtrace. With this update, the "spurious" page fault is

handled properly. (BZ#483748)

* net_rx_action could detect its cpu poll_list as non-empty, but have that

same list reduced to empty by the poll_napi path. This resulted in garbage

data being returned when net_rx_action calls list_entry, which subsequently

resulted in several possible crash conditions. The race condition in the

network code which caused this has been fixed. (BZ#475970, BZ#479681 &

BZ#480741)

* a misplaced memory barrier at unlock_buffer() could lead to a concurrent

h_refcounter update which produced a reference counter leak and, later, a

double free in ext3_xattr_release_block(). Consequent to the double free,

ext3 reported an error

ext3_free_blocks_sb: bit already cleared for block [block number]

and mounted itself as read-only. With this update, the memory barrier is

now placed before the buffer head lock bit, forcing the write order and

preventing the double free. (BZ#476533)

* when the iptables module was unloaded, it was assumed the correct entry

for removal had been found if "wrapper->ops->pf" matched the value passed

in by "reg->pf". If several ops ranges were registered against the same

protocol family, however, (which was likely if you had both ip_conntrack

and ip_contrack_* loaded) this assumption could lead to NULL list pointers

and cause a kernel panic. With this update, "wrapper->ops" is matched to

pointer values "reg", which ensures the correct entry is removed and

results in no NULL list pointers. (BZ#477147)

* when the pidmap page (used for tracking process ids, pids) incremented to

an even page (ie the second, fourth, sixth, etc. pidmap page), the

alloc_pidmap() routine skipped the page. This resulted in "holes" in the

allocated pids. For example, after pid 32767, you would expect 32768 to be

allocated. If the page skipping behavior presented, however, the pid

allocated after 32767 was 65536. With this update, alloc_pidmap() no longer

skips alternate pidmap pages and allocated pid holes no longer occur. This

fix also corrects an error which allowed pid_max to be set higher than the

pid_max limit has been corrected. (BZ#479182)

All Red Hat Enterprise Linux 4 users should upgrade to these updated

packages, which contain backported patches to resolve these issues. The

system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

474495 - CVE-2008-5700 kernel: enforce a minimum SG_IO timeout

475970 - oops in e1000_clean (list corruption due to race with e1000_down)

476533 - Read-only filesystem after 'ext3_free_blocks_sb: bit already cleared for block' errors

477147 - Kernel panic when unloading ip conntrack modules

478800 - CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID

479182 - RHEL4 64 bit skips all pids with bit 15 set (32768-65535, 98304-131071 etc)

479681 - oops in net_rx_action on double free of dev->poll_list

480592 - CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring

480741 - RHEL4.8 kernel crashed in net_rx_action() on IA64 machine in RHTS connectathon test

482866 - CVE-2009-0322 kernel: dell_rbu local oops

483748 - rhel4 PV guest installations busted on rhel 5.3 i386 intel dom0

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:

kernel-2.6.9-78.0.17.EL.i686.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm

kernel-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

ia64:

kernel-2.6.9-78.0.17.EL.ia64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm

kernel-devel-2.6.9-78.0.17.EL.ia64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm

noarch:

kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

ppc:

kernel-2.6.9-78.0.17.EL.ppc64.rpm

kernel-2.6.9-78.0.17.EL.ppc64iseries.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.ppc64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.ppc64iseries.rpm

kernel-devel-2.6.9-78.0.17.EL.ppc64.rpm

kernel-devel-2.6.9-78.0.17.EL.ppc64iseries.rpm

kernel-largesmp-2.6.9-78.0.17.EL.ppc64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.ppc64.rpm

s390:

kernel-2.6.9-78.0.17.EL.s390.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.s390.rpm

kernel-devel-2.6.9-78.0.17.EL.s390.rpm

s390x:

kernel-2.6.9-78.0.17.EL.s390x.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.s390x.rpm

kernel-devel-2.6.9-78.0.17.EL.s390x.rpm

x86_64:

kernel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm

kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:

kernel-2.6.9-78.0.17.EL.i686.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm

kernel-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

noarch:

kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

x86_64:

kernel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm

kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:

kernel-2.6.9-78.0.17.EL.i686.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm

kernel-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

ia64:

kernel-2.6.9-78.0.17.EL.ia64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm

kernel-devel-2.6.9-78.0.17.EL.ia64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm

noarch:

kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

x86_64:

kernel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm

kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:

kernel-2.6.9-78.0.17.EL.i686.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm

kernel-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm

kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-2.6.9-78.0.17.EL.i686.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-2.6.9-78.0.17.EL.i686.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

ia64:

kernel-2.6.9-78.0.17.EL.ia64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm

kernel-devel-2.6.9-78.0.17.EL.ia64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm

noarch:

kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

x86_64:

kernel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm

kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm

kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm

kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0031

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322

http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJuSG1XlSAg2UNWIIRAq4+AKC0WI0DQ5fzioWJlRaW0MyWrjS24gCfYECc

akyEDC7EwkyI0e61bLDjhVA=

=HZfD

-----END PGP SIGNATURE-----

--

Sign In

[RHSA-2009:0331-01] Important: kernel security and bug fix update

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity