Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Red Hat 4: RHSA-2008:0665-01 Moderate: Kernel Security Issue

red hat
Calendar Grey July 24, 2008
Dist Redhat Esm H88
A significant patch for CentOS kernel modules resolves vulnerabilities in the Linux 4.8 framework.
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux 4

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Kernel Feature Support: * iostat displays I/O performance for partitions * I/O task accounting added to getrusage(), allowing comprehensive core statistics * page cache pages count added to show_mem() output * tux O_ATOMICLOOKUP flag removed from the open() system call: replaced with O_CLOEXEC * the kernel now exports process limit information to /proc/[PID]/limits * implement udp_poll() to reduce likelihood of false positives returned from select() * the TCP_RTO_MIN parameter can now be configured to a maximum of 3000 milliseconds. This is configured using "ip route" * update CIFS to version 1.50
Added Features: * nfs.enable_ino64 boot command line parameter: enable and disable 32-bit inode numbers when using NFS * tick "divider" kernel boot parameter: reduce CPU overhead, and increase efficiency at the cost of lowering timing accuracy * /proc/sys/vm/nfs-writeback-lowmem-only tunable parameter: resolve NFS read performance * /proc/sys/vm/write-mapped tunable option, allowing the option of faster NFS reads * support for Large Receive Offload as a networking module * core dump masking, allowing a core dump process to skip the shared memory segments of a process
Virtualization: * para-virtualized network and block device drivers, to increase fully-virtualized guest performance * support for more than three VNIF numbers per guest domain
Platform Support: * AMD ATI SB800 SATA controller, AMD ATI SB600 and SB700 40-pin IDE cable * 64-bit DMA support on AMD ATI SB700 * PCI device IDs to support Intel ICH10 * /dev/msr[0-n] device files * powernow-k8 as a module * SLB shadow buffer support for IBM POWER6 systems * support for CPU frequencies greater than 32-bit on IBM POWER5, IBM POWER6 * floating point load and store handler for IBM POWER6
Added Drivers and Updates: * ixgbe 1.1.18, for the Intel 82598 10GB ethernet controller * bnx2x 1.40.22, for network adapters on the Broadcom 5710 chipset * dm-hp-sw 1.0.0, for HP Active/Standby * zfcp version and bug fixes * qdio to fix FCP/SCSI write I/O expiring on LPARs * cio bug fixes * eHEA latest upstream, and netdump and netconsole support * ipr driver support for dual SAS RAID controllers * correct CPU cache info and SATA support for Intel Tolapai * i5000_edac support for Intel 5000 chipsets * i3000_edac support for Intel 3000 and 3010 chipsets * add i2c_piix4 module on 64-bit systems to support AMD ATI SB600, 700 and 800 * i2c-i801 support for Intel Tolapai * qla4xxx: 5.01.01-d2 to 5.01.02-d4-rhel4.7-00 * qla2xxx: 8.01.07-d4 to 8.01.07-d4-rhel4.7-02 * cciss: 2.6.16 to 2.6.20 * mptfusion: 3.02.99.00rh to 3.12.19.00rh * lpfc:0: 8.0.16.34 to 8.0.16.40 * megaraid_sas: 00.00.03.13 to 00.00.03.18-rh1 * stex: 3.0.0.1 to 3.6.0101.2 * arcmsr: 1.20.00.13 to 1.20.00.15.rh4u7 * aacraid: 1.1-5[2441] to 1.1.5[2455]
Miscellaneous Updates: * OFED 1.3 support * wacom driver to add support for Cintiq 20WSX, Wacom Intuos3 12x19, 12x12 and 4x6 tablets * sata_svw driver to support Broadcom HT-1100 chipsets * libata to un-blacklist Hitachi drives to enable NCQ * ide driver allows command line option to disable ide drivers * psmouse support for cortps protocol
These updated packages fix the following security issues:
* NULL pointer access due to missing checks for terminal validity. (CVE-2008-2812, Moderate)
* a security flaw was found in the Linux kernel Universal Disk Format file system. (CVE-2006-4145, Low)
For further details, refer to the latest Red Hat Enterprise Linux 4.7 release notes: redhat.com/docs/manuals/enterprise

References

https://www.cve.org/CVERecord?id=CVE-2006-4145 https://www.cve.org/CVERecord?id=CVE-2008-2812 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Enterprise Linux AS version 4:
Source:
i386: kernel-2.6.9-78.EL.i686.rpm kernel-debuginfo-2.6.9-78.EL.i686.rpm kernel-devel-2.6.9-78.EL.i686.rpm kernel-hugemem-2.6.9-78.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.EL.i686.rpm kernel-smp-2.6.9-78.EL.i686.rpm kernel-smp-devel-2.6.9-78.EL.i686.rpm kernel-xenU-2.6.9-78.EL.i686.rpm kernel-xenU-devel-2.6.9-78.EL.i686.rpm
ia64: kernel-2.6.9-78.EL.ia64.rpm kernel-debuginfo-2.6.9-78.EL.ia64.rpm kernel-devel-2.6.9-78.EL.ia64.rpm kernel-largesmp-2.6.9-78.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.EL.ia64.rpm
noarch: kernel-doc-2.6.9-78.EL.noarch.rpm
ppc: kernel-2.6.9-78.EL.ppc64.rpm kernel-2.6.9-78.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.EL.ppc64.rpm kernel-devel-2.6.9-78.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.EL.ppc64.rpm
s390: kernel-2.6.9-78.EL.s390.rpm kernel-debuginfo-2.6.9-78.EL.s390.rpm kernel-devel-2.6.9-78.EL.s390.rpm
s390x: kernel-2.6.9-78.EL.s390x.rpm kernel-debuginfo-2.6.9-78.EL.s390x.rpm kernel-devel-2.6.9-78.EL.s390x.rpm
x86_64: kernel-2.6.9-78.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.EL.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2008:0665-01
Product: Red Hat Enterprise Linux
Issue date: 2008-07-24
Keywords: nahant kernel update
Obsoletes: RHBA-2007:0791

Topic

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux 4. This is the seventh regular update.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

Bugs Fixed

151085 - mount are not interruptible

166038 - ext2online can't resize: No space left on device

171712 - A NFS export mounted using version 4 and TCP shows up as UDP in /proc/mounts

179201 - pvmove causes kernel panic

183119 - Assertion failure in journal_next_log_block

185202 - Kernel build requires "High Memory Support"

186606 - Incorrect suggestion on when to install largesmp kernel

194585 - mdadm --grow -n 2 (old: 3) fails on particular raid1 devices

195685 - RFE: Add dm-hp-sw to kernel to allow use of active/passive sans with dm multipathing

204309 - kernel retries portmap query indefinitely when statd is down

205966 - Firewall - Premature ip_conntrack timer expiry on 3+ ack or window size advertisements - (hanging tomcat threads problem)

206113 - [PATCH][RHEL4U4] Fix estimate-mistake (e820-memory-hole and numnodes) of available_memory in x86_64

212321 - [PATCH][RHEL4U4] Backported udp_poll() function (Fix the problem that select() returns in RHEL4 though select() must not return essentially when kernel receives broken UDP packet(s))

212922 - /sbin/service iptables stop hangs on modprobe -r ipt_state

219639 - Crash dump fails on IA64 with block_order set to 10

227610 - READDIR on a NFSv4 directory containing a referral returns -EIO for entire directory

233234 - Missing definition for mutex_destroy in linux/kernel.h

247446 - RHEL4-U5: "cdrom open failed" message in /var/log/messages on every reboot

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here