Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.1129 -- [RedHat]
Important: kernel security and bug fix update
17 December 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Red Hat
Operating System: Red Hat Linux 5
Impact: Increased Privileges
Modify Arbitrary Files
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2008-4576 CVE-2008-4554 CVE-2008-3831
Ref: ESB-2008.0984
ESB-2008.1054
ESB-2008.1095
ESB-2008.1128
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2008-1017.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:1017-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-1017.html
Issue date: 2008-12-16
CVE Names: CVE-2008-3831 CVE-2008-4554 CVE-2008-4576
=====================================================================
1. Summary:
Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
* Olaf Kirch reported a flaw in the i915 kernel driver that only affects
the Intel G33 series and newer. This flaw could, potentially, lead to local
privilege escalation. (CVE-2008-3831, Important)
* Miklos Szeredi reported a missing check for files opened with O_APPEND in
the sys_splice(). This could allow a local, unprivileged user to bypass the
append-only file restrictions. (CVE-2008-4554, Important)
* a deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. This could lead to a possible denial of
service if one end of a SCTP connection did not support the AUTH extension.
(CVE-2008-4576, Important)
In addition, these updated packages fix the following bugs:
* on Itanium® systems, when a multithreaded program was traced using the
command "strace -f", messages similar to the following ones were displayed,
after which the trace would stop:
PANIC: attached pid 10740 exited
PANIC: handle_group_exit: 10740 leader 10721
PANIC: attached pid 10739 exited
PANIC: handle_group_exit: 10739 leader 10721
...
In these updated packages, tracing a multithreaded program using the
"strace -f" command no longer results in these error messages, and strace
terminates normally after tracing all threads.
* on big-endian systems such as PowerPC, the getsockopt() function
incorrectly returned 0 depending on the parameters passed to it when the
time to live (TTL) value equaled 255.
* when using an NFSv4 file system, accessing the same file with two
separate processes simultaneously resulted in the NFS client process
becoming unresponsive.
* on AMD64 and Intel® 64 hypervisor-enabled systems, in cases in which a
syscall correctly returned '-1' in code compiled on Red Hat Enterprise
Linux 5, the same code, when run with the strace utility, would incorrectly
return an invalid return value. This has been fixed so that on AMD64 and
Intel® 64 hypervisor-enabled systems, syscalls in compiled code return the
same, correct values as syscalls do when run with strace.
* on the Itanium® architecture, fully-virtualized guest domains which were
created using more than 64 GB of memory caused other guest domains not to
receive interrupts, which caused a soft lockup on other guests. All guest
domains are now able to receive interrupts regardless of their allotted memory.
* when user-space used SIGIO notification, which wasn't disabled before
closing a file descriptor, and was then re-enabled in a different process,
an attempt by the kernel to dereference a stale pointer led to a kernel
crash. With this fix, such a situation no longer causes a kernel crash.
* modifications to certain pages made through a memory-mapped region could
have been lost in cases when the NFS client needed to invalidate the page
cache for that particular memory-mapped file.
* fully-virtualized Windows guests became unresponsive due to the vIOSAPIC
component being multiprocessor-unsafe. With this fix, vIOSAPIC is
multiprocessor-safe and Windows guests do not become unresponsive.
* on certain systems, keyboard controllers were not able to withstand a
continuous flow of requests to switch keyboard LEDs on or off, which
resulted in some or all key presses not being registered by the system.
* on the Itanium® architecture, setting the "vm.nr_hugepages" sysctl
parameter caused a kernel stack overflow resulting in a kernel panic, and
possibly stack corruption. With this fix, setting vm.nr_hugepages works
correctly.
* hugepages allow the Linux kernel to utilize the multiple page size
capabilities of modern hardware architectures. In certain configurations,
systems with large amounts of memory could fail to allocate most of memory
for hugepages even if it was free, which could have resulted, for example,
in database restart failures.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.22.el5.src.rpm
i386:
kernel-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.i686.rpm
kernel-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-headers-2.6.18-92.1.22.el5.i386.rpm
kernel-xen-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.i686.rpm
noarch:
kernel-doc-2.6.18-92.1.22.el5.noarch.rpm
x86_64:
kernel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.22.el5.src.rpm
i386:
kernel-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.i686.rpm
kernel-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-headers-2.6.18-92.1.22.el5.i386.rpm
kernel-xen-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.i686.rpm
ia64:
kernel-2.6.18-92.1.22.el5.ia64.rpm
kernel-debug-2.6.18-92.1.22.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.ia64.rpm
kernel-devel-2.6.18-92.1.22.el5.ia64.rpm
kernel-headers-2.6.18-92.1.22.el5.ia64.rpm
kernel-xen-2.6.18-92.1.22.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-92.1.22.el5.noarch.rpm
ppc:
kernel-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.22.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.22.el5.ppc.rpm
kernel-headers-2.6.18-92.1.22.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.22.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.22.el5.ppc64.rpm
s390x:
kernel-2.6.18-92.1.22.el5.s390x.rpm
kernel-debug-2.6.18-92.1.22.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.s390x.rpm
kernel-devel-2.6.18-92.1.22.el5.s390x.rpm
kernel-headers-2.6.18-92.1.22.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.22.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.22.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.22.el5.s390x.rpm
x86_64:
kernel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
6. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4576
http://www.redhat.com/security/updates/classification/#important
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFJR2NcXlSAg2UNWIIRAtJdAKCqKJueg3rKLpmuhO5WlE2pF+PNYACeLp5p
ZpKKOdpNV4hA3IdyoKUUwi4=
=Y0cQ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSUhB9yh9+71yA2DNAQJy5QQAmGq31fSl0mSTveebyMBFb4uyNaBPbOgJ
tO5d4n0F8EVIL+q2vD52ocf4PNRPqUgckwy1WXtk+qODedvbbum4TfuOh21edzfQ
aOSYcHcNuKlzic6sMcEipoQeKOa/9FDh7GlyD8Tdh1D1glM+UkHxxwobusr6iVt/
y22kujndhFk=
=d2eS
-----END PGP SIGNATURE-----