Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Red Hat: RHSA-2010:0178-02 Critical Kernel Update Fixes Key Issues

red hat
Calendar Grey March 30, 2010
Dist Redhat Esm H88
Ubuntu has unveiled a significant software patch for version 20.04 targeting major vulnerabilities and a variety of stability improvements.
Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance...

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important)
* a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate)
* a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-4307, Low)
These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html/5.5_release_notes/index
Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html-single/5.5_technical_notes/index
All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2009-4027 https://access.redhat.com/security/cve/CVE-2009-4307 https://access.redhat.com/security/cve/CVE-2010-0727 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html/5.5_release_notes/index https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html-single/5.5_technical_notes/index

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: kernel-2.6.18-194.el5.i686.rpm kernel-PAE-2.6.18-194.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.el5.i686.rpm kernel-PAE-devel-2.6.18-194.el5.i686.rpm kernel-debug-2.6.18-194.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.el5.i686.rpm kernel-debug-devel-2.6.18-194.el5.i686.rpm kernel-debuginfo-2.6.18-194.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.el5.i686.rpm kernel-devel-2.6.18-194.el5.i686.rpm kernel-headers-2.6.18-194.el5.i386.rpm kernel-xen-2.6.18-194.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.el5.i686.rpm kernel-xen-devel-2.6.18-194.el5.i686.rpm
noarch: kernel-doc-2.6.18-194.el5.noarch.rpm
x86_64: kernel-2.6.18-194.el5.x86_64.rpm kernel-debug-2.6.18-194.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.el5.x86_64.rpm kernel-devel-2.6.18-194.el5.x86_64.rpm kernel-headers-2.6.18-194.el5.x86_64.rpm kernel-xen-2.6.18-194.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: kernel-2.6.18-194.el5.i686.rpm kernel-PAE-2.6.18-194.el5.i686.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2010:0178-02
Product: Red Hat Enterprise Linux
Issue date: 2010-03-30

Topic

Updated kernel packages that fix three security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red Hat Enterprise Linux version 5.This is the fifth regular update.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

Bugs Fixed

250561 - w83627ehf sensor not supported by 2.6.18-8.1.8.el5 kernel

322881 - /proc/self/smaps unreadable after setuid

427709 - dump and large file ops are slow, please implement kernel workaround

446061 - IT87 hwmon module does not support later chipset revisions.

448130 - 50-75 % drop in cfq read performance compared to rhel 4.6+

450121 - RFE: Symbol pci_domain_nr needs to be added the whitelist for ppc64

452129 - memory mapped files not updating timestamps

456181 - Read speed of /sbin/dump command is critically slow with CFQ I/O scheduler

461100 - [PATCH]RHEL5:fix dio write returning EIO due to bh race

461442 - VLAN driver logs excessive messages in kernel message log (dmesg)

461506 - kernel BUG at mm/mempool.c:121! caused by lvcreate

466681 - pygrub uses cached and eventually outdated grub.conf, kernel and initrd

469976 - The EDAC driver not support The Intel 3200 and 3210 Chipsets

473404 - [5.3] Kdump Kernel Hangs on Dell AMD Machines

475457 - [FUJITSU 5.5] More tracepoints support - networking

476075 - use KVM pvclock code to detect/correct lost ticks

481658 - Backport partition table sanity checks to RHEL5

482756 - GFS2: After gfs2_grow, new size is not seen immediately

483646 - bridge: Fix LRO crash with tun (tun_chr_read())

485016 - HP6510b close lid cause system crash

485099 - Inconsistent behaviour in stripping SUID/SGID flags when chmod/chgrp directories

486092 - httpd Sendfile troubles reading from a CIFS share

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.