Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat 5.4 RHSA-2009:1243-02 Important Kernel Security Update

red hat
Calendar Grey September 2, 2009
Dist Redhat Esm H88
Significant kernel upgrade for Red Hat Enterprise Linux 5.4 tackles security vulnerabilities and offers various improvements.
Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of R...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated packages fix the following security issues:
* it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)
* a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)
* a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially-crafted ext4 file system. (CVE-2009-0745, Low)
* multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low)
These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes:
https://docs.redhat.com/en/ Release_Notes/
Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes:
https://docs.redhat.com/en/ Technical_Notes/kernel.html
All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.

References

https://www.cve.org/CVERecord?id=CVE-2009-0745 https://www.cve.org/CVERecord?id=CVE-2009-0746 https://www.cve.org/CVERecord?id=CVE-2009-0747 https://www.cve.org/CVERecord?id=CVE-2009-0748 https://www.cve.org/CVERecord?id=CVE-2009-2847 https://www.cve.org/CVERecord?id=CVE-2009-2848 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html/5.4_release_notes/index https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html-single/5.4_technical_notes/index

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: kernel-2.6.18-164.el5.i686.rpm kernel-PAE-2.6.18-164.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.el5.i686.rpm kernel-PAE-devel-2.6.18-164.el5.i686.rpm kernel-debug-2.6.18-164.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.el5.i686.rpm kernel-debug-devel-2.6.18-164.el5.i686.rpm kernel-debuginfo-2.6.18-164.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.el5.i686.rpm kernel-devel-2.6.18-164.el5.i686.rpm kernel-headers-2.6.18-164.el5.i386.rpm kernel-xen-2.6.18-164.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.el5.i686.rpm kernel-xen-devel-2.6.18-164.el5.i686.rpm
noarch: kernel-doc-2.6.18-164.el5.noarch.rpm
x86_64: kernel-2.6.18-164.el5.x86_64.rpm kernel-debug-2.6.18-164.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm kernel-devel-2.6.18-164.el5.x86_64.rpm kernel-headers-2.6.18-164.el5.x86_64.rpm kernel-xen-2.6.18-164.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: kernel-2.6.18-164.el5.i686.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2009:1243-02
Product: Red Hat Enterprise Linux
Issue date: 2009-09-02
Keywords: kernel update

Topic

Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update.

This update has been rated as having important security impact by the Red Hat Security Response Team.

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

Bugs Fixed

223947 - raid10_make_request bug: can't convert block across chunks or bigger than 64k..

233801 - PCI devices disappear in Xen Paravirtual DomU on reboot/reset

240429 - RHEL5 Kernel crash when specifying mem= or highmem= kernel parameter

242696 - Add Filesystem Label to GFS2

244967 - Frequent path failures during I/O on DM multipath devices

290701 - pci: MSI/HT problems with some nvidia bridge chips

396621 - Increase timeout for device connection on boot

427588 - [RHEL 5.2]: Tick divider bug when using clocksource=pit

436791 - Kernel BUG at drivers/scsi/iscsi_tcp.c:387 - invalid opcode: 0000

439898 - module load option to enable entropy generation from e1000,bnx2 network cards

443541 - Online resize2fs error: Invalid argument While trying to add group #15625

445433 - A deadlock can occur between mmap/munmap and journaling(ext3).

446086 - crash formatting a DVD under libata

448115 - Guest crash when host has >= 64G RAM

448588 - RFE: improve gettimeofday performance on hypervisors

448929 - [RHEL5 U1] Kernel NFS Connectathon Test#12, 12.1 Failing

449175 - E1000 driver enables TSOv6 for hardware that doesn't support it

449346 - SMP 32bit RHEL5u1 and RHEL5u2 HVM domain might stop booting when start udev service

450862 - scsi_add_host() returns success even if the work_q was not created

451849 - ptrace(PTRACE_CONT, sig) kills app even if sig is blocked

452120 - lazy umount causes pwd to fail silently (kernel)

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here