Home / mailingsPDF  

[RHSA-2007:0939-01] Important: kernel security update

Posted on 01 November 2007
RedHat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2007:0939-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0939.html
Issue date: 2007-11-01
Updated on: 2007-11-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6921 CVE-2007-2878 CVE-2007-3105
CVE-2007-3739 CVE-2007-3740 CVE-2007-3843
CVE-2007-3848 CVE-2007-4308 CVE-2007-4571
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix various security issues in the Red Hat
Enterprise Linux 4 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Problem description:

The Linux kernel is the core of the operating system.

These updated kernel packages contain fixes for the following security
issues:

* A flaw was found in the handling of process death signals. This allowed a
local user to send arbitrary signals to the suid-process executed by that
user. A successful exploitation of this flaw depends on the structure of
the suid-program and its signal handling. (CVE-2007-3848, Important)

* A flaw was found in the CIFS file system. This could cause the umask
values of a process to not be honored on CIFS file systems where UNIX
extensions are supported. (CVE-2007-3740, Important)

* A flaw was found in the VFAT compat ioctl handling on 64-bit systems.
This allowed a local user to corrupt a kernel_dirent struct and cause a
denial of service. (CVE-2007-2878, Important)

* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local
user who had the ability to read the /proc/driver/snd-page-alloc file could
see portions of kernel memory. (CVE-2007-4571, Moderate)

* A flaw was found in the aacraid SCSI driver. This allowed a local user to
make ioctl calls to the driver that should be restricted to privileged
users. (CVE-2007-4308, Moderate)

* A flaw was found in the stack expansion when using the hugetlb kernel on
PowerPC systems. This allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

* A flaw was found in the handling of zombie processes. A local user could
create processes that would not be properly reaped which could lead to a
denial of service. (CVE-2006-6921, Moderate)

* A flaw was found in the CIFS file system handling. The mount option
"sec=" did not enable integrity checking or produce an error message if
used. (CVE-2007-3843, Low)

* A flaw was found in the random number generator implementation that
allowed a local user to cause a denial of service or possibly gain
privileges. This flaw could be exploited if the root user raised the
default wakeup threshold over the size of the output pool.
(CVE-2007-3105, Low)

Additionally, the following bugs were fixed:

* A flaw was found in the kernel netpoll code, creating a potential
deadlock condition. If the xmit_lock for a given network interface is
held, and a subsequent netpoll event is generated from within the lock
owning context (a console message for example), deadlock on that cpu will
result, because the netpoll code will attempt to re-acquire the xmit_lock.
The fix is to, in the netpoll code, only attempt to take the lock, and
fail if it is already acquired (rather than block on it), and queue the
message to be sent for later delivery. Any user of netpoll code in the
kernel (netdump or netconsole services), is exposed to this problem, and
should resolve the issue by upgrading to this kernel release immediately.

* A flaw was found where, under 64-bit mode (x86_64), AMD processors were
not able to address greater than a 40-bit physical address space; and Intel
processors were only able to address up to a 36-bit physical address space.
The fix is to increase the physical addressing for an AMD processor to 48
bits, and an Intel processor to 38 bits. Please see the Red Hat
Knowledgebase for more detailed information.

* A flaw was found in the xenU kernel that may prevent a paravirtualized
guest with more than one CPU from starting when running under an Enterprise
Linux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP
guests to boot under a 5.1 hypervisor. Please see the Red Hat Knowledgebase
for more detailed information.

Red Hat Enterprise Linux 4 users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

247726 - CVE-2007-2878 VFAT compat ioctls DoS on 64-bit
248126 - autofs problem with symbolic links
248325 - CVE-2007-3105 Bound check ordering issue in random driver
250972 - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG
252309 - CVE-2007-4308 Missing ioctl() permission checks in aacraid driver
275881 - CVE-2007-3740 CIFS should honor umask
275901 - CVE-2007-3843 CIFS signing sec= mount options don't work correctly
282351 - [PATCH] Fix memory leak of dma_alloc_coherent() on x86_64
288961 - CVE-2007-4571 ALSA memory disclosure flaw
294941 - CVE-2007-3739 LTC36188-Don't allow the stack to grow into hugetlb reserved regions
302921 - CVE-2006-6921 denial of service with wedged processes
320791 - EL4.5: Improperly flushed TLBs may lead to Machine check errors

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

ia64:
5b0f989940a5674f891afca5c01908a6 kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40 kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107 kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

ppc:
54843a74a5870f93d67cc67363426524 kernel-2.6.9-55.0.12.EL.ppc64.rpm
d518efa6e99b1d20efec593cab333c91 kernel-2.6.9-55.0.12.EL.ppc64iseries.rpm
d148cbdb91d2744a01a5428d145a7c69 kernel-debuginfo-2.6.9-55.0.12.EL.ppc64.rpm
3840facd65c5d75a69a6ad6f241138f9 kernel-debuginfo-2.6.9-55.0.12.EL.ppc64iseries.rpm
2ce87d2e205bcba663afc222b9506c1c kernel-devel-2.6.9-55.0.12.EL.ppc64.rpm
e2710ec08d15547dc24c1ed9d287f04d kernel-devel-2.6.9-55.0.12.EL.ppc64iseries.rpm
cf26e13843a00f1c85b70444cf5f9c1b kernel-largesmp-2.6.9-55.0.12.EL.ppc64.rpm
1e1258a0c4f4ae4f17b385f7916e0b2f kernel-largesmp-devel-2.6.9-55.0.12.EL.ppc64.rpm

s390:
313162103b8a455a3d83db5ea9b4c84f kernel-2.6.9-55.0.12.EL.s390.rpm
bf5c132eb2f9cc56e429d13a29a8e524 kernel-debuginfo-2.6.9-55.0.12.EL.s390.rpm
27305956f172c034301649f12bd7c6c8 kernel-devel-2.6.9-55.0.12.EL.s390.rpm

s390x:
cdef1657e7a0e86b00700374c3c76242 kernel-2.6.9-55.0.12.EL.s390x.rpm
319e563576da0b695b348927c503740e kernel-debuginfo-2.6.9-55.0.12.EL.s390x.rpm
e3b4ae4f46b2cdd8c94d296b85a54330 kernel-devel-2.6.9-55.0.12.EL.s390x.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

ia64:
5b0f989940a5674f891afca5c01908a6 kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40 kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107 kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1 kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378 kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3 kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00 kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4 kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1 kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23 kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

ia64:
5b0f989940a5674f891afca5c01908a6 kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40 kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107 kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534 kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631 kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69 kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571
http://kbase.redhat.com/
http://kbase.redhat.com/faq/FAQ_42_11697.shtm
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

 

TOP