Home / mailings [RHSA-2007:0488-01] Important: kernel security update
Posted on 26 June 2007
RedHat-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2007:0488-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0488.html
Issue date: 2007-06-25
Updated on: 2007-06-25
Product: Red Hat Enterprise Linux
Keywords: nahant kernel update
CVE Names: CVE-2006-5158 CVE-2006-7203 CVE-2007-0773
CVE-2007-0958 CVE-2007-1353 CVE-2007-2172
CVE-2007-2525 CVE-2007-2876 CVE-2007-3104
- ---------------------------------------------------------------------
1. Summary:
Updated kernel packages that fix several security issues and bugs in the
Red Hat Enterprise Linux 4 kernel are now available.
This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the security issues described
below:
* a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)
* a flaw in the mount handling routine for 64-bit systems that allowed a
local user to cause denial of service (crash). (CVE-2006-7203, Important)
* a flaw in the IPv4 forwarding base that allowed a local user to cause an
out-of-bounds access. (CVE-2007-2172, Important)
* a flaw in the PPP over Ethernet implementation that allowed a local user
to cause a denial of service (memory consumption) by creating a socket
using connect and then releasing it before the PPPIOCGCHAN ioctl has been
called. (CVE-2007-2525, Important)
* a flaw in the fput ioctl handling of 32-bit applications running on
64-bit platforms that allowed a local user to cause a denial of service
(panic). (CVE-2007-0773, Important)
* a flaw in the NFS locking daemon that allowed a local user to cause
denial of service (deadlock). (CVE-2006-5158, Moderate)
* a flaw in the sysfs_readdir function that allowed a local user to cause a
denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)
* a flaw in the core-dump handling that allowed a local user to create core
dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low)
* a flaw in the Bluetooth subsystem that allowed a local user to trigger an
information leak. (CVE-2007-1353, Low)
In addition, the following bugs were addressed:
* the NFS could recurse on the same spinlock. Also, NFS, under certain
conditions, did not completely clean up Posix locks on a file close,
leading to mount failures.
* the 32bit compatibility didn't return to userspace correct values for the
rt_sigtimedwait system call.
* the count for unused inodes could be incorrect at times, resulting in
dirty data not being written to disk in a timely manner.
* the cciss driver had an incorrect disk size calculation (off-by-one
error) which prevented disk dumps.
Red Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel
team for reporting issues fixed in this erratum.
All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
240855 - kernel spinlock panic in inode.c
241784 - dirty data is not flushed on a timely manner
242558 - CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir
243251 - CVE-2006-5158 NFS lockd deadlock
243252 - CVE-2007-0773 lost fput in a 32-bit ioctl on 64-bit x86 systems
243256 - CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP
243259 - CVE-2007-1353 Bluetooth setsockopt() information leaks
243261 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability
243262 - CVE-2007-2525 PPPoE socket PPPIOCGCHAN denial of service
243263 - CVE-2006-7203 oops in compat_sys_mount() when data pointer is NULL
243746 - CVE-2007-2876 {ip, nf}_conntrack_sctp: remotely triggerable NULL ptr dereference
243902 - diskdump to cciss fails due to off-by-one size calculation
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm
99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm
i386:
7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm
fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm
dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm
a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm
59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm
eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm
b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm
98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm
ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm
ia64:
c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm
7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm
6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm
24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm
6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm
noarch:
271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm
ppc:
d41d5baa1e29b246f612c1492a0d5086 kernel-2.6.9-55.0.2.EL.ppc64.rpm
a2a047d9ae3d85c55a51f8dbe029c193 kernel-2.6.9-55.0.2.EL.ppc64iseries.rpm
a06093113f7d4d2379179d59ee001377 kernel-debuginfo-2.6.9-55.0.2.EL.ppc64.rpm
fae5c3b1a858ffab5c5cd83ab19d2212 kernel-debuginfo-2.6.9-55.0.2.EL.ppc64iseries.rpm
fcf60609ac3b4893fcc6834b1f2fe6ca kernel-devel-2.6.9-55.0.2.EL.ppc64.rpm
154ac36b8c4ad1081a7a512e412a2bd2 kernel-devel-2.6.9-55.0.2.EL.ppc64iseries.rpm
9286ed2b16bf97d1986051787429e1c9 kernel-largesmp-2.6.9-55.0.2.EL.ppc64.rpm
165d186de7e13c87dc43712e4e789a3e kernel-largesmp-devel-2.6.9-55.0.2.EL.ppc64.rpm
s390:
fe466acf4194827b25458b9a1dc94e26 kernel-2.6.9-55.0.2.EL.s390.rpm
816a6a10ce4cb6a147ecfedf5f0ba4c3 kernel-debuginfo-2.6.9-55.0.2.EL.s390.rpm
bd82f6634a93798eaa1b28aa37b5f482 kernel-devel-2.6.9-55.0.2.EL.s390.rpm
s390x:
8b6383a35b1ee7f2c84150b569f2bbe3 kernel-2.6.9-55.0.2.EL.s390x.rpm
9ca5472fc06fffd848b231d22618168a kernel-debuginfo-2.6.9-55.0.2.EL.s390x.rpm
3a4b3363f578859a84e6d83af753ea6c kernel-devel-2.6.9-55.0.2.EL.s390x.rpm
x86_64:
4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm
2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm
5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm
a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm
7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm
3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm
34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm
a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm
418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm
99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm
i386:
7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm
fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm
dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm
a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm
59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm
eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm
b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm
98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm
ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm
noarch:
271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm
x86_64:
4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm
2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm
5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm
a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm
7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm
3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm
34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm
a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm
418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm
99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm
i386:
7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm
fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm
dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm
a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm
59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm
eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm
b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm
98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm
ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm
ia64:
c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm
7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm
6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm
24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm
6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm
noarch:
271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm
x86_64:
4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm
2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm
5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm
a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm
7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm
3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm
34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm
a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm
418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm
99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm
i386:
7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm
fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm
dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm
a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm
59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm
eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm
b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm
98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm
ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm
ia64:
c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm
7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm
6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm
24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm
6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm
noarch:
271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm
x86_64:
4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm
2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm
5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm
a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm
7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm
3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm
34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm
a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm
418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3104
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.