Related Vulnerabilities: CVE-2009-1337 CVE-2009-1336 CVE-2009-1337 CVE-2009-1336 CVE-2009-1337 CVE-2009-1336

Source

Synopsis

Important: Red Hat Enterprise Linux 4.8 kernel security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated kernel packages are now available as part of the ongoing support
and maintenance of Red Hat Enterprise Linux version 4. This is the eighth
regular update.

These updated packages fix two security issues, hundreds of bugs, and add
numerous enhancements. Space precludes a detailed description of each of
these in this advisory. Refer to the Red Hat Enterprise Linux 4.8 Release
Notes for information on 22 of the most significant of these changes. For
more detailed information on specific bug fixes or enhancements, refer to
the Bugzilla numbers associated with this advisory.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fixes:

the exit_notify() function in the Linux kernel did not properly reset the
exit signal if a process executed a set user ID (setuid) application before
exiting. This could allow a local, unprivileged user to elevate their
privileges. (CVE-2009-1337, Important)
the Linux kernel implementation of the Network File System (NFS) did not
properly initialize the file name limit in the nfs_server data structure.
This flaw could possibly lead to a denial of service on a client mounting
an NFS share. (CVE-2009-1336, Moderate)

Bug Fixes and Enhancements:

Kernel Feature Support:

added a new allowable value to "/proc/sys/kernel/wake_balance" to allow
the scheduler to run the thread on any available CPU rather than scheduling
it on the optimal CPU.
added "max_writeback_pages" tunable parameter to /proc/sys/vm/ to allow
the maximum number of modified pages kupdate writes to disk, per iteration
per run.
added "swap_token_timeout" tunable parameter to /proc/sys/vm/ to provide
a valid hold time for the swap out protection token.
added diskdump support to sata_svw driver.
limited physical memory to 64GB for 32-bit kernels running on systems
with more than 64GB of physical memory to prevent boot failures.
improved reliability of autofs.
added support for 'rdattr_error' in NFSv4 readdir requests.
fixed various short packet handling issues for NFSv4 readdir and sunrpc.
fixed several CIFS bugs.

Networking and IPv6 Enablement:

added router solicitation support.
enforced sg requires tx csum in ethtool.

Platform Support:

x86, AMD64, Intel 64, IBM System z

added support for a new Intel chipset.
added initialization vendor info in boot_cpu_data.
added support for N_Port ID Virtualization (NPIV) for IBM System z guests
using zFCP.
added HDMI support for some AMD and ATI chipsets.
updated HDA driver in ALSA to latest upstream as of 2008-07-22.
added support for affected_cpus for cpufreq.
removed polling timer from i8042.
fixed PM-Timer when using the ASUS A8V Deluxe motherboard.
backported usbfs_mutex in usbfs.

64-bit PowerPC:

updated eHEA driver from version 0078-04 to 0078-08.
updated logging of checksum errors in the eHEA driver.

Network Driver Updates:

updated forcedeth driver to latest upstream version 0.61.
fixed various e1000 issues when using Intel ESB2 hardware.
updated e1000e driver to upstream version 0.3.3.3-k6.
updated igb to upstream version 1.2.45-k2.
updated tg3 to upstream version 3.96.
updated ixgbe to upstream version 1.3.18-k4.
updated bnx2 to upstream version 1.7.9.
updated bnx2x to upstream version 1.45.23.
fixed bugs and added enhancements for the NetXen NX2031 and NX3031
products.
updated Realtek r8169 driver to support newer network chipsets. All
variants of RTL810x/RTL8168(9) are now supported.

Storage Driver Updates:

fixed various SCSI issues. Also, the SCSI sd driver now calls the
revalidate_disk wrapper.
fixed a dmraid reduced I/O delay bug in certain configurations.
removed quirk aac_quirk_scsi_32 for some aacraid controllers.
updated FCP driver on IBM System z systems with support for
point-to-point connections.
updated lpfc to version 8.0.16.46.
updated megaraid_sas to version 4.01-RH1.
updated MPT Fusion driver to version 3.12.29.00rh.
updated qla2xxx firmware to 4.06.01 for 4GB/s and 8GB/s adapters.
updated qla2xxx driver to version 8.02.09.00.04.08-d.
fixed sata_nv in libsata to disable ADMA mode by default.

Miscellaneous Updates:

upgraded OpenFabrics Alliance Enterprise Distribution (OFED) to version
1.4.
added driver support and fixes for various Wacom tablets.

Users should install this update, which resolves these issues and adds
these enhancements.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 161590 - sr_get_mcn: check for kmalloc failure
BZ - 161594 - drivers/scsi/sg.c: fix check after use
BZ - 169129 - remove tape during error handling -> "illegal state transition"
BZ - 175189 - Debug: sleeping function called from invalid context at include/linux/rwsem.h:43
BZ - 175830 - dm-snap.c: Data read from snapshot may be corrupt if origin is being written to simultaneously
BZ - 182687 - lm_sensors fails with piix4_smbus errors on ServerWorks Grand Champion SL/w83781d
BZ - 183651 - sd data corrupter
BZ - 185585 - Hangs when registering modules to handle ioctls in kernel compatibility mode
BZ - 191764 - [PATCH] Don't match tcp/udp source/destination port for IP fragments
BZ - 191767 - [PATCH] NET: Ensure device name passed to SO_BINDTODEVICE is NULL terminated.
BZ - 191770 - [PATCH] Netfilter ip_queue: Fix wrong skb->len == nlmsg_len assumption
BZ - 191777 - [PATCH] Fix deadlock in br_stp_disable_bridge
BZ - 191797 - [PATCH] Fix extra dst release when ip_options_echo fails
BZ - 203235 - PMTimer doesn't get detected in an Asus A8V Deluxe motherboard
BZ - 243067 - Kernel panic using USB serial I/O
BZ - 248666 - Serious problems during the diskdump, can cause the machine to hang and not reboot.
BZ - 249775 - Request to backport zFCP NPIV support to RHEL 4
BZ - 249867 - Kernel can BUG() in low memory conditions
BZ - 253754 - use after free in nlm subsystem
BZ - 294821 - RHEL4.5: PM Timer appears in top-level make menuconfig
BZ - 298811 - pci_alloc_consistent() for 64k on 16gig machine -> return value is not multiple of 64k
BZ - 329201 - scsi hot swapp mechanism not working with SATA HDD under RHEL4U5
BZ - 334411 - Watchdog timeout e1000 (7.3.20-k2-NAPI)
BZ - 367661 - Getting Cpu stuck messages on boot up
BZ - 430997 - tx checksum offload settings reported incorrectly
BZ - 432364 - e1000e: Wakeup-on-Lan does not work
BZ - 432393 - memory leak on size-8192 buckets with NFSV4
BZ - 432881 - kernel: NFS: v4 server returned a bad sequence-id error!
BZ - 437410 - ip tunnel can't be bound to another device
BZ - 437555 - via-rhine may lose link
BZ - 437674 - Kernel Panic in tcp_retransmit_skb
BZ - 437881 - ptrace: orig_rax 0x00000000ffffffff not recognized as -1
BZ - 437921 - [PATCH] NFSv3: mode of the symlink can be update
BZ - 439043 - Swap Token issue with RHEL4
BZ - 439431 - include patch to add FATTR4_RDATTR_ERROR to readdir calls
BZ - 439548 - A deadlock can occur between mmap/munmap and journaling(ext3).
BZ - 439920 - entropy generation in bnx2 driver not consistent with other network drivers on RHEL4
BZ - 439921 - align per-cpu section to configured cache bytes
BZ - 440467 - ethttool -S on r8169 version 2.2LK hangs when interface is down
BZ - 441707 - ADMA problems with sata_nv
BZ - 441794 - intermittant mount failures
BZ - 442579 - Backport fix for possible data corruption in mark_buffer_dirty on SMP
BZ - 443044 - fix setuid/setgid clearing by knfsd
BZ - 443655 - Clean up handling of short readdir packets in NFS client
BZ - 445054 - 8250 serial port lock recursion
BZ - 445412 - clean up CIFS build warnings
BZ - 445795 - /proc filesystem in RHEL4 doesn't follow usual unix filesystem conventions
BZ - 446083 - Ensure that 'noac' and/or 'actimeo=0' turn off attribute caching
BZ - 446396 - crm #1790828 Kernel 2.6.9-67.ELsmp panics in nfs4_free_client
BZ - 447397 - CIFS: slab error in kmem_cache_destroy(): cache `cifs_request': Can't free all objects
BZ - 447401 - CIFS VFS: Send error in FindClose = -9
BZ - 447413 - CIFS: clear DFS bit in header_assemble
BZ - 447569 - mounting CIFS subshare doesn't autoconvert prepath delimiters
BZ - 447741 - JBD: Fix typo that could result in filesystem corruption.
BZ - 448076 - memory corruption due to portmap call succeeding after parent rpc_clnt has been freed
BZ - 448603 - holding files under /proc/net open no longer adds to module refcount
BZ - 448777 - Backport FCP point-to-point to RHEL 4
BZ - 450953 - el4u6 xenU guest kernel lockup due to mm_unpinned_lock and runqueue spinlock deadlock
BZ - 451819 - process hangs in async direct IO / possible race between dio_bio_end_aio() and dio_await_one() ?
BZ - 452287 - [Intel 4.8 FEAT] e1000e driver update to latest upstream
BZ - 452289 - [Intel 4.8 FEAT] igb driver update to latest upstream
BZ - 452292 - [Intel 4.8 FEAT] ixgbe driver update to latest upstream
BZ - 452390 - PATH and EXECVE audit records contain bogus newlines
BZ - 452706 - kernel BUG at kernel/signal.c:369! (attempt to free tsk->signal twice)
BZ - 452846 - FEAT: RHEL 4.8 HDA ALSA driver update from mainstream
BZ - 453053 - RHSA-2008:0508 linux-2.6.9-x86_64-copy_user-zero-tail.patch broken
BZ - 453171 - kernel: usbhid: probe of 3-1:1.0 failed with error -5
BZ - 453359 - page keeps non uptodate
BZ - 453507 - kernel panic with kernel version 2.6.9-67.0.20.EL
BZ - 454050 - Fail to build kernel when enable CONFIG_ACPI_DEBUG in .config
BZ - 454417 - Inconsistent documentation regarding pci_alloc_consistent
BZ - 454793 - document divider= option in kernel docs
BZ - 454838 - LTC:4.8:201714:Update the ehea driver to sync with mainline kernel
BZ - 454872 - [NetApp 4.8 bug] online resize of filesystem does not work
BZ - 455253 - [4.7] /proc/acpi/dsdt: No such device
BZ - 455756 - [RHEL4/Xen]: Allow attach of > 16 xvd devices
BZ - 455843 - Kernel panic at hcd_pci_release+16
BZ - 455917 - fattr structs being used uninitialized in nfs3_proc_getacl and nfs3_proc_setacls
BZ - 456051 - kernel: fix array out of bounds when mounting with selinux options [rhel-4.8]
BZ - 456078 - Timeouts in wait_drive_not_busy with TEAC DV-W28ECW and similar
BZ - 456425 - Crash dump fails on IA64 with block_order set to 10
BZ - 456438 - [RHEL4.7 Beta] Wake on LAN function does not operate with LAN card which uses igb driver
BZ - 456653 - Crash due to incorrect inet{,6} device initialization order
BZ - 456664 - Kernel panic when unloading ip conntrack modules
BZ - 456686 - race in aio_complete() leads to process hang
BZ - 456911 - RHEL4 scheduler optimizations for financial applications
BZ - 457009 - ipv6: use timer pending to fix bridge reference count problem [rhel-4.8]
BZ - 457015 - pppoe: Check packet length on all receive paths [rhel-4.8]
BZ - 457020 - pppoe: Unshare skb before anything else [rhel-4.8]
BZ - 457028 - ide-cd: fix oops when using growisofs [rhel-4.8]
BZ - 457310 - RTL8101E with driver r8169 does not work on 1000 network
BZ - 457409 - [RHEL4.6] x86_64 race condition at shutdown/panic
BZ - 457552 - aac_fib_send failed with status 8195
BZ - 458022 - kernel: random32: seeding improvement [rhel-4.8]
BZ - 458805 - missing infiniband kernel headers
BZ - 458863 - Backport NetXen nic driver from upstream kernel to RHEL4
BZ - 458955 - Badness in __writeback_single_inode at fs/fs-writeback.c:248
BZ - 459063 - pppoe: Fix skb_unshare_check call position [rhel-4.8]
BZ - 459222 - RHEL4.8: Patch to support new HDMI Audio
BZ - 459644 - [RHEL4] nmi watchdog: include fix for Pentium 4 D processors
BZ - 460083 - Kernel part of AutoFS still having issues with expiration of submount maps
BZ - 460106 - regression, rhel4.7+, on the try to read /proc/self/mem getting improper return value
BZ - 460859 - kernel: devmem: add range_is_allowed() check to mmap_mem() [rhel-4.8]
BZ - 460874 - lost packets when live migrating (RHEL4 XEN)
BZ - 461005 - CIFS option forcedirectio fails to allow the appending of text to files.
BZ - 461014 - netdump fails when bnx2 has remote copper PHY - Badness in local_bh_enable at kernel/softirq.c:141
BZ - 461085 - lockd: return NLM_LCK_DENIED_GRACE_PERIOD after long periods
BZ - 461246 - RHEL4 64 bit skips all pids with bit 15 set (32768-65535, 98304-131071 etc)
BZ - 462277 - find using an automounted directory results in 'No such file or directory'
BZ - 462278 - do_mount_indirect: indirect trigger not valid
BZ - 462459 - Update CIFS for RHEL4.8
BZ - 463897 - [RHEL4 PV-on-HVM]: Crash in xen-vbd when trying to attach disks
BZ - 464676 - virtual ethernet device stops working on reception of duplicate backend state change signals
BZ - 465360 - openib creates multiple /proc/net/sdp files
BZ - 465366 - add multi-core support to cpufreq driver
BZ - 465487 - Fix compile warnings caused by adding roundup() to kernel.h
BZ - 465914 - rhel4 PV guest installations busted on rhel 5.3 i386 intel dom0
BZ - 466127 - dasd: fix loop in request expiration handling
BZ - 467442 - Concurrent CIFS mount/umount processes to same windows machine, different shares hangs umount processes or crashes kernel
BZ - 467669 - kernel panic related to autofs4_catatonic_mode when stopping autofs
BZ - 467714 - Kernel BUG at include/linux/module.h:397
BZ - 467829 - md: pass down BIO_RW_SYNC in raid{1,10}' applied to RHEL4 kernel
BZ - 468890 - BUG() call in net/core/skbuff.c in function ___pksb_trim()
BZ - 471560 - [4.7.z] Unable to Unload "ohci-hcd " And to Reboot
BZ - 472005 - [Stratus 4.8 bug REVERT] panic reading /proc/bus/input/devices during input device removal
BZ - 472557 - futex missreporting ETIMEDOUT instead of EINVAL
BZ - 472568 - CRM #1862478 xen guest installation panics when installing 100th guest
BZ - 472572 - RHEL4.7 guest will crash, if creating with only RTL8139 emulation NIC
BZ - 473258 - [4.7] ethtool operation to the slave device of bonding makes the system hang up.
BZ - 474055 - [RHEL-4] wacomexpresskeys: fix Graphire support
BZ - 474479 - RHEL4.8 kernel crashed in net_rx_action() on IA64 machine in RHTS connectathon test
BZ - 474667 - Need to build xen-platform-pci as a module and not into the kernel
BZ - 475715 - [autofs4] Incorrect "active offset mount" messages in syslog
BZ - 475849 - [RHEL 4.7 Xen]: Guest hang on FV save/restore
BZ - 476461 - panic in kcopyd during snapshot I/O
BZ - 476704 - [QLogic 4.8 bug] qla2xxx - Properly support programmable devices
BZ - 476726 - [nfs] actimeo=0 not enforced during ftruncate operations, resulting in database crashes
BZ - 477202 - oops in net_rx_action on double free of dev->poll_list
BZ - 477280 - [QLogic 4.8 bug] qla4xxx - Driver Update Patches - bugs, cleanups
BZ - 477635 - If diskdump fails, panic information should be displayed.
BZ - 477945 - Kernel Panic with Bnx2 - Badness in local_bh_enable at kernel/softirq.c:141
BZ - 478687 - LTC:4.8:200770:Include Open Fabric Enterprise Distribution
BZ - 478798 - fix scsi device cleanup when sysfs addition fails
BZ - 479094 - [QLogic 4.8 bug] qla2xxx - Updates from standard and upstream drivers
BZ - 479728 - NFS: unable to unmount file system
BZ - 479764 - Leap second message can hang the kernel
BZ - 479845 - Kernel maintainer's bz for committing some maintenance patches
BZ - 479862 - [QLogic 4.8 bug] qla4xxx - Correct version number
BZ - 479910 - Kernel Panic on AMD-K6
BZ - 480137 - Improve udp port randomization
BZ - 480158 - RHEL 4.8 mpt driver fails to bring up device
BZ - 480666 - [EMULEX 4.8 bug] scsi messages correlate with silent data corruption, but no i/o errors
BZ - 481207 - netdump generates incomplete vmcore logs with Broadcom BCM5754
BZ - 482822 - Intel E1000 doesn't work on NVIDIA MCP51 motherboards
BZ - 483535 - RHEL4 kvm virtio: kernel driver updates
BZ - 484261 - cifs mounted home directory breaks ssh security checks on authorized_keys file
BZ - 484319 - Random crashing in dm snapshots because of a race condition
BZ - 484376 - netdump is broken on igb and ixgbe devices in recent update
BZ - 484667 - Dropping packets in bnx2 since 1.7.9 bnx2 version
BZ - 485092 - [Qlogic 4.8 bug] qla4xxx: properly support the Async Msg PDU
BZ - 485421 - Kernel panic when running xen-vnif enabled FV guest image on KVM
BZ - 488018 - NMI appears to be stuck (460) - NMI received for unknown reason 21
BZ - 489300 - fix dst cache leak
BZ - 489768 - [RHEL4u4] Kernel panic was caused by page_symlink() when kernel has to shrink caches
BZ - 490021 - Creation of mirrored logical volume with VG extent-size of 1K fails
BZ - 490744 - UNDERRUN and TIMEOUT status with qla2xxx
BZ - 491154 - divider option does not work with TSC clocksource
BZ - 491784 - [QLogic 4.8 bug] qla2xxx - fixes for flash, loop resets and HBA traversal
BZ - 492156 - [QLogic 4.8 bug] qla2xxx - firmware update for blade servers
BZ - 493771 - CVE-2009-1337 kernel: exit_notify: kill the wrong capable(CAP_KILL) check
BZ - 494074 - CVE-2009-1336 kernel: nfsv4 client can be crashed by stating a long filename
BZ - 495673 - kernel dm crypt: memory corruption when invalid mapping parameters provided

Important: Red Hat Enterprise Linux 4.8 kernel security and bug fix update

Synopsis

Type/Severity

Topic

Description

Solution

Affected Products

Fixes

CVEs

References

Vulmon Search

About

Products

Connect