Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

RedHat: RHSA-2008:0973-03 Important: Kernel Security Update

red hat
Calendar Grey December 17, 2008
Dist Redhat Esm H88
The latest kernel update for Red Hat resolves critical security vulnerabilities and defects. Essential advisory details are accessible.
Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update addresses the following security issues:
* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially-crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important)
* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)
* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important)
* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important)
* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)
* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)
* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)
This update also fixes the following bugs:
* the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.
* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.
* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMWare®.
All Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.

References

https://www.cve.org/CVERecord?id=CVE-2008-4210 https://www.cve.org/CVERecord?id=CVE-2008-3275 https://www.cve.org/CVERecord?id=CVE-2008-0598 https://www.cve.org/CVERecord?id=CVE-2008-2136 https://www.cve.org/CVERecord?id=CVE-2008-2812 https://www.cve.org/CVERecord?id=CVE-2007-6063 https://www.cve.org/CVERecord?id=CVE-2008-3525 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux AS version 3:
Source:
i386: kernel-2.4.21-58.EL.athlon.rpm kernel-2.4.21-58.EL.i686.rpm kernel-BOOT-2.4.21-58.EL.i386.rpm kernel-debuginfo-2.4.21-58.EL.athlon.rpm kernel-debuginfo-2.4.21-58.EL.i386.rpm kernel-debuginfo-2.4.21-58.EL.i686.rpm kernel-doc-2.4.21-58.EL.i386.rpm kernel-hugemem-2.4.21-58.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-58.EL.i686.rpm kernel-smp-2.4.21-58.EL.athlon.rpm kernel-smp-2.4.21-58.EL.i686.rpm kernel-smp-unsupported-2.4.21-58.EL.athlon.rpm kernel-smp-unsupported-2.4.21-58.EL.i686.rpm kernel-source-2.4.21-58.EL.i386.rpm kernel-unsupported-2.4.21-58.EL.athlon.rpm kernel-unsupported-2.4.21-58.EL.i686.rpm
ia64: kernel-2.4.21-58.EL.ia64.rpm kernel-debuginfo-2.4.21-58.EL.ia64.rpm kernel-doc-2.4.21-58.EL.ia64.rpm kernel-source-2.4.21-58.EL.ia64.rpm kernel-unsupported-2.4.21-58.EL.ia64.rpm
ppc: kernel-2.4.21-58.EL.ppc64iseries.rpm kernel-2.4.21-58.EL.ppc64pseries.rpm kernel-debuginfo-2.4.21-58.EL.ppc64.rpm kernel-debuginfo-2.4.21-58.EL.ppc64iseries.rpm kernel-debuginfo-2.4.21-58.EL.ppc64pseries.rpm kernel-doc-2.4.21-58.EL.ppc64.rpm kernel-source-2.4.21-58.EL.ppc64.rpm kernel-unsupported-2.4.21-58.EL.ppc64iseries.rpm kernel-unsupported-2.4.21-58.EL.ppc64pseries.rpm
s390:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2008:0973-03
Product: Red Hat Enterprise Linux
Issue date: 2008-12-16

Topic

Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red Hat Security Response Team.

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Bugs Fixed

392101 - CVE-2007-6063 Linux Kernel isdn_net_setcfg buffer overflow

433938 - CVE-2008-0598 kernel: linux x86_64 ia32 emulation leaks uninitialized data

438758 - wrong kunmap call in nfs_xdr_readlinkres

446031 - CVE-2008-2136 kernel: sit memory leak

453419 - CVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code

457858 - CVE-2008-3275 Linux kernel local filesystem DoS

460401 - CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()

463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here