====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2010:0146-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2010-0146.html
Issue date:        2010-03-16
CVE Names:         CVE-2009-4271 CVE-2010-0003 CVE-2010-0007 
                   CVE-2010-0008 CVE-2010-0307 
====================================================================
1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a NULL pointer dereference flaw was found in the Linux kernel. During a
core dump, the kernel did not check if the Virtual Dynamically-linked
Shared Object page was accessible. On Intel 64 and AMD64 systems, a local,
unprivileged user could use this flaw to cause a kernel panic by running a
crafted 32-bit application. (CVE-2009-4271, Important)

* an information leak was found in the print_fatal_signal() implementation
in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to
1 (the default value is 0), memory that is reachable by the kernel could be
leaked to user-space. This issue could also result in a system crash. Note
that this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)

* on AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the SET_PERSONALITY
macro. A local attacker could use this flaw to cause a denial of service by
running a 32-bit application that attempts to execute a 64-bit application.
(CVE-2010-0307, Moderate)

* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

This update also fixes the following bugs:

* under some circumstances, a locking bug could have caused an online ext3
file system resize to deadlock, which may have, in turn, caused the file
system or the entire system to become unresponsive. In either case, a
reboot was required after the deadlock. With this update, using resize2fs
to perform an online resize of an ext3 file system works as expected.
(BZ#553135)

* some ATA and SCSI devices were not honoring the barrier=1 mount option,
which could result in data loss after a crash or power loss. This update
applies a patch to the Linux SCSI driver to ensure ordered write caching.
This solution does not provide cache flushes; however, it does provide
data integrity on devices that have no write caching (or where write
caching is disabled) and no command queuing. For systems that have command
queuing or write cache enabled there is no guarantee of data integrity
after a crash. (BZ#560563)

* it was found that lpfc_find_target() could loop continuously when
scanning a list of nodes due to a missing spinlock. This missing spinlock
allowed the list to be changed after the list_empty() test, resulting in a
NULL value, causing the loop. This update adds the spinlock, resolving the
issue. (BZ#561453)

* the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:

"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#565496)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

5. Bugs fixed (https://bugzilla.redhat.com/):

548876 - CVE-2009-4271 kernel: 32bit process on 64bit system can trigger a kernel panic
553135 - ext2online resize hangs [rhel-4.8.z]
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
555658 - CVE-2010-0008 kernel: sctp remote denial of service
560547 - CVE-2010-0307 kernel: DoS on x86_64
560563 - Write barrier operations not working for libata and general SCSI disks [rhel-4.8.z]
561453 - [Emulex 4.9 bug] lpfc driver doesn't acquire lock when searching hba for target [rhel-4.8.z]
565496 - e1000e: wol is broken in kernel 2.6.9-89.19 [rhel-4.8.z]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

ppc:
kernel-2.6.9-89.0.23.EL.ppc64.rpm
kernel-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.23.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ppc64.rpm

s390:
kernel-2.6.9-89.0.23.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.s390.rpm
kernel-devel-2.6.9-89.0.23.EL.s390.rpm

s390x:
kernel-2.6.9-89.0.23.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.s390x.rpm
kernel-devel-2.6.9-89.0.23.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4271.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0307.html
https://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.