RedHat: Important: kernel security update RHSA-2007:0939-01
Summary
Summary
The Linux kernel is the core of the operating system. These updated kernel packages contain fixes for the following security issues: * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the CIFS file system. This could cause the umask values of a process to not be honored on CIFS file systems where UNIX extensions are supported. (CVE-2007-3740, Important) * A flaw was found in the VFAT compat ioctl handling on 64-bit systems. This allowed a local user to corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878, Important) * A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate) * A flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped which could lead to a denial of service. (CVE-2006-6921, Moderate) * A flaw was found in the CIFS file system handling. The mount option "sec=" did not enable integrity checking or produce an error message if used. (CVE-2007-3843, Low) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. This flaw could be exploited if the root user raised the default wakeup threshold over the size of the output pool. (CVE-2007-3105, Low) Additionally, the following bugs were fixed: * A flaw was found in the kernel netpoll code, creating a potential deadlock condition. If the xmit_lock for a given network interface is held, and a subsequent netpoll event is generated from within the lock owning context (a console message for example), deadlock on that cpu will result, because the netpoll code will attempt to re-acquire the xmit_lock. The fix is to, in the netpoll code, only attempt to take the lock, and fail if it is already acquired (rather than block on it), and queue the message to be sent for later delivery. Any user of netpoll code in the kernel (netdump or netconsole services), is exposed to this problem, and should resolve the issue by upgrading to this kernel release immediately. * A flaw was found where, under 64-bit mode (x86_64), AMD processors were not able to address greater than a 40-bit physical address space; and Intel processors were only able to address up to a 36-bit physical address space. The fix is to increase the physical addressing for an AMD processor to 48 bits, and an Intel processor to 38 bits. Please see the Red Hat Knowledgebase for more detailed information. * A flaw was found in the xenU kernel that may prevent a paravirtualized guest with more than one CPU from starting when running under an Enterprise Linux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP guests to boot under a 5.1 hypervisor. Please see the Red Hat Knowledgebase for more detailed information. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
247726 - CVE-2007-2878 VFAT compat ioctls DoS on 64-bit
248126 - autofs problem with symbolic links
248325 - CVE-2007-3105 Bound check ordering issue in random driver
250972 - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG
252309 - CVE-2007-4308 Missing ioctl() permission checks in aacraid driver
275881 - CVE-2007-3740 CIFS should honor umask
275901 - CVE-2007-3843 CIFS signing sec= mount options don't work correctly
282351 - [PATCH] Fix memory leak of dma_alloc_coherent() on x86_64
288961 - CVE-2007-4571 ALSA memory disclosure flaw
294941 - CVE-2007-3739 LTC36188-Don't allow the stack to grow into hugetlb reserved regions
302921 - CVE-2006-6921 denial of service with wedged processes
320791 - EL4.5: Improperly flushed TLBs may lead to Machine check errors
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm
i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm
ia64:
5b0f989940a5674f891afca5c01908a6 kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40 kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107 kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm
noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm
ppc:
54843a74a5870f93d67cc67363426524 kernel-2.6.9-55.0.12.EL.ppc64.rpm
d518efa6e99b1d20efec593cab333c91 kernel-2.6.9-55.0.12.EL.ppc64iseries.rpm
d148cbdb91d2744a01a5428d145a7c69 kernel-debuginfo-2.6.9-55.0.12.EL.ppc64.rpm
3840facd65c5d75a69a6ad6f241138f9 kernel-debuginfo-2.6.9-55.0.12.EL.ppc64iseries.rpm
2ce87d2e205bcba663afc222b9506c1c kernel-devel-2.6.9-55.0.12.EL.ppc64.rpm
e2710ec08d15547dc24c1ed9d287f04d kernel-devel-2.6.9-55.0.12.EL.ppc64iseries.rpm
cf26e13843a00f1c85b70444cf5f9c1b kernel-largesmp-2.6.9-55.0.12.EL.ppc64.rpm
1e1258a0c4f4ae4f17b385f7916e0b2f kernel-largesmp-devel-2.6.9-55.0.12.EL.ppc64.rpm
s390:
313162103b8a455a3d83db5ea9b4c84f kernel-2.6.9-55.0.12.EL.s390.rpm
bf5c132eb2f9cc56e429d13a29a8e524 kernel-debuginfo-2.6.9-55.0.12.EL.s390.rpm
27305956f172c034301649f12bd7c6c8 kernel-devel-2.6.9-55.0.12.EL.s390.rpm
s390x:
cdef1657e7a0e86b00700374c3c76242 kernel-2.6.9-55.0.12.EL.s390x.rpm
319e563576da0b695b348927c503740e kernel-debuginfo-2.6.9-55.0.12.EL.s390x.rpm
e3b4ae4f46b2cdd8c94d296b85a54330 kernel-devel-2.6.9-55.0.12.EL.s390x.rpm
x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm
i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm
noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm
x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm
i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm
ia64:
5b0f989940a5674f891afca5c01908a6 kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40 kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107 kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm
noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm
x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm
i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm
ia64:
5b0f989940a5674f891afca5c01908a6 kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40 kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107 kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm
noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm
x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6921 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571 http://www.redhat.com/security/updates/classification/#important
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
Bugs Fixed