-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2008.1060 -- [RedHat]
               Important: kernel security and bug fix update
                             20 November 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              kernel
Publisher:            Red Hat
Operating System:     Red Hat Enterprise Linux 4
Impact:               Denial of Service
                      Access Privileged Data
Access:               Existing Account
CVE Names:            CVE-2008-4210 CVE-2008-3528 CVE-2008-3272
                      CVE-2008-1514 CVE-2007-6716 CVE-2007-5093

Ref:                  ESB-2008.0953
                      ESB-2008.0969
                      AA-2007.0099

Original Bulletin:    https://rhn.redhat.com/errata/RHSA-2008-0972.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2008:0972-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0972.html
Issue date:        2008-11-19
CVE Names:         CVE-2008-3272 CVE-2007-6716 CVE-2007-5093 
                   CVE-2008-1514 CVE-2008-3528 CVE-2008-4210 
=====================================================================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* a flaw was found in the Linux kernel's Direct-IO implementation. This
could have allowed a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)

* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
kernel, a local unprivileged user could cause a denial of service by
reading from or writing into a padding area in the user_regs_struct32
structure. (CVE-2008-1514, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could have allowed a local unprivileged
user to obtain access to privileged information. (CVE-2008-4210, Important)

* Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could have led to an
information leak. (CVE-2008-3272, Moderate)

* a potential denial of service attack was discovered in the Linux kernel's
PWC USB video driver. A local unprivileged user could have used this flaw
to bring the kernel USB subsystem into the busy-waiting state.
(CVE-2007-5093, Low)

* the ext2 and ext3 file systems code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)

In addition, these updated packages fix the following bugs:

* when using the CIFS "forcedirectio" option, appending to an open file on
a CIFS share resulted in that file being overwritten with the data to be
appended.

* a kernel panic occurred when a device with PCI ID 8086:10c8 was present
on a system with a loaded ixgbe driver.

* due to an aacraid driver regression, the kernel failed to boot when trying
to load the aacraid driver and printed the following error message:
"aac_srb: aac_fib_send failed with status: 8195".

* due to an mpt driver regression, when RAID 1 was configured on Primergy
systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked
during boot.

* the mpt driver produced a large number of extraneous debugging messages
when performing a "Host reset" operation.

* due to a regression in the sym driver, the kernel panicked when a SCSI
hot swap was performed using MCP18 hardware.

* all cores on a multi-core system now scale their frequencies in
accordance with the policy set by the system's CPU frequency governor.

* the netdump subsystem suffered from several stability issues. These are
addressed in this updated kernel.

* under certain conditions, the ext3 file system reported a negative count
of used blocks.

* reading /proc/self/mem incorrectly returned "Invalid argument" instead of
"input/output error" due to a regression.

* under certain conditions, the kernel panicked when a USB device was
removed while the system was busy accessing the device.

* a race condition in the kernel could have led to a kernel crash during
the creation of a new process.

All Red Hat Enterprise Linux 4 Users should upgrade to these updated
packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network.  Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

306591 - CVE-2007-5093 kernel PWC driver DoS
438147 - CVE-2008-1514 kernel: ptrace: Padding area write - unprivileged kernel crash
455770 - RHEL 4.6: scsi hot swap broken (sym / Nokia MCP18)
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
459577 - CVE-2008-3528 Linux kernel ext[234] directory corruption denial of service
461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually
463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group
464494 - CIFS option forcedirectio fails to allow the appending of text to files.
464496 - Negative used blocks reported with ext3 on RHEL4
464747 - regression, rhel4.7+, on the try to read /proc/self/mem getting improper return value
465232 - [4.7] When the USB device is removed while the system is accessing the USB device, the panic is done.
465265 - mpt 3.12.19.00rh on RHEL4.7 causes panic if a RAID 1 is configured.
465735 - RHEL 4.7 ixgbe driver has a recursive stack corruption problem.
466113 - netdump fails when bnx2 has remote copper PHY - Badness in local_bh_enable at kernel/softirq.c:141
466214 - kernel BUG at kernel/signal.c:369! (attempt to free tsk->signal twice)
466217 - [REG][4.7]Outputting large amount of log message when issuing host reset to adapter.
468151 - aac_fib_send failed with status 8195
469647 - add multi-core support to cpufreq driver

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.8.EL.ppc64.rpm
kernel-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.8.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.8.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.s390.rpm
kernel-devel-2.6.9-78.0.8.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.8.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.s390x.rpm
kernel-devel-2.6.9-78.0.8.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJJBxUXlSAg2UNWIIRAnxGAJ9JUO/VmbhWd28xy61Q0b0KQMuguwCgsZ4A
iKqjVwzHqrz7EJNLWSiDIOg=
=lz+0
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSSSgBih9+71yA2DNAQIm6AP+KDbAY/pQswPfQQxmcclaM5EvQbtxRcb0
lLByAPSSKn8GfMob7KeDkYaQzr5c48aV8HR+eDxN2ixblFU6ovbSWSFruH3JBFzc
29n2OClRbN18VS3r6EtxtkAFNgpMKWBXRZUqCTfk09m31N5IN/URnVyteRCyh2Pm
PMpdDgAtHPI=
=h87j
-----END PGP SIGNATURE-----