Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.1643
Important: kernel security and bug fix update
16 December 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux WS/Desktop 5
Red Hat Enterprise Linux Server 5.2.z
Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Enterprise Linux Desktop 4
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Increased Privileges -- Existing Account
Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2009-3726 CVE-2009-3621 CVE-2009-3620
CVE-2009-3613 CVE-2009-3612 CVE-2009-3547
CVE-2009-2910 CVE-2009-2695
Reference: ESB-2009.1588
ESB-2009.1581
ESB-2009.1542
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2009-1670.html
https://rhn.redhat.com/errata/RHSA-2009-1671.html
https://rhn.redhat.com/errata/RHSA-2009-1672.html
Comment: This bulletin contains three (3) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2009:1670-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1670.html
Issue date: 2009-12-15
CVE Names: CVE-2009-3612 CVE-2009-3620 CVE-2009-3621
CVE-2009-3726
=====================================================================
1. Summary:
Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
* NULL pointer dereference flaws in the r128 driver. Checks to test if the
Concurrent Command Engine state was initialized were missing in private
IOCTL functions. An attacker could use these flaws to cause a local denial
of service or escalate their privileges. (CVE-2009-3620, Important)
* a NULL pointer dereference flaw in the NFSv4 implementation. Several
NFSv4 file locking functions failed to check whether a file had been opened
on the server before performing locking operations on it. A local user on a
system with an NFSv4 share mounted could possibly use this flaw to cause a
denial of service or escalate their privileges. (CVE-2009-3726, Important)
* a flaw in tcf_fill_node(). A certain data structure in this function was
not initialized properly before being copied to user-space. This could lead
to an information leak. (CVE-2009-3612, Moderate)
* unix_stream_connect() did not check if a UNIX domain socket was in the
shutdown state. This could lead to a deadlock. A local, unprivileged user
could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate)
Knowledgebase DOC-20536 has steps to mitigate NULL pointer dereference
flaws.
Bug fixes:
* frequently changing a CPU between online and offline caused a kernel
panic on some systems. (BZ#545583)
* for the LSI Logic LSI53C1030 Ultra320 SCSI controller, read commands sent
could receive incorrect data, preventing correct data transfer. (BZ#529308)
* pciehp could not detect PCI Express hot plug slots on some systems.
(BZ#530383)
* soft lockups: inotify race and contention on dcache_lock. (BZ#533822,
BZ#537019)
* priority ordered lists are now used for threads waiting for a given
mutex. (BZ#533858)
* a deadlock in DLM could cause GFS2 file systems to lock up. (BZ#533859)
* use-after-free bug in the audit subsystem crashed certain systems when
running usermod. (BZ#533861)
* on certain hardware configurations, a kernel panic when the Broadcom
iSCSI offload driver (bnx2i.ko and cnic.ko) was loaded. (BZ#537014)
* qla2xxx: Enabled MSI-X, and correctly handle the module parameter to
control it. This improves performance for certain systems. (BZ#537020)
* system crash when reading the cpuaffinity file on a system. (BZ#537346)
* suspend-resume problems on systems with lots of logical CPUs, e.g. BX-EX.
(BZ#539674)
* off-by-one error in the legacy PCI bus check. (BZ#539675)
* TSC was not made available on systems with multi-clustered APICs. This
could cause slow performance for time-sensitive applications. (BZ#539676)
* ACPI: ARB_DISABLE now disabled on platforms that do not need it.
(BZ#539677)
* fix node to core and power-aware scheduling issues, and a kernel panic
during boot on certain AMD Opteron processors. (BZ#539678, BZ#540469,
BZ#539680, BZ#539682)
* APIC timer interrupt issues on some AMD Opteron systems prevented
achieving full power savings. (BZ#539681)
* general OProfile support for some newer Intel processors. (BZ#539683)
* system crash during boot when NUMA is enabled on systems using MC and
kernel-xen. (BZ#539684)
* on some larger systems, performance issues due to a spinlock. (BZ#539685)
* APIC errors when IOMMU is enabled on some AMD Opteron systems.
(BZ#539687)
* on some AMD Opteron systems, repeatedly taking a CPU offline then online
caused a system hang. (BZ#539688)
* I/O page fault errors on some systems. (BZ#539689)
* certain memory configurations could cause the kernel-xen kernel to fail
to boot on some AMD Opteron systems. (BZ#539690)
* NMI watchdog is now disabled for offline CPUs. (BZ#539691)
* duplicate directories in /proc/acpi/processor/ on BX-EX systems.
(BZ#539692)
* links did not come up when using bnx2x with certain Broadcom devices.
(BZ#540381)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
529227 - CVE-2009-3726 kernel: nfsv4: kernel panic in nfs4_proc_lock()
529308 - [5.4]The errata 28 fix on LSI53C1030 hasn't been included yet. [rhel-5.4.z]
529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket
530383 - [5.3] PCIe hotplug slot detection failure [rhel-5.4.z]
533822 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.4.z]
533858 - threads on pthread_mutex_lock wake in fifo order, but posix specifies by priority [rhel-5.4.z]
533859 - dlm_recv deadlock under memory pressure while processing GFP_KERNEL locks. [rhel-5.4.z]
533861 - system crashes in audit_update_watch() [rhel-5.4.z]
537014 - Panic on boot when loading iscsid with broadcom NIC [rhel-5.4.z]
537019 - kernel: BUG: soft lockup with dcache_lock [rhel-5.4.z]
537020 - [QLogic 5.4.z bug] qla2xxx - enable MSI-X and correct/cleanup irq request code [rhel-5.4.z]
537346 - kernel: NULL pointer dereference in pci_bus_show_cpuaffinity() [rhel-5.4.z]
539675 - [Intel 5.5 FEAT] Add ability to access Nehalem uncore config space [rhel-5.4.z]
539676 - [Intel 5.5 FEAT] Support Intel multi-APIC-cluster systems [rhel-5.4.z]
539677 - [Intel 5.5 FEAT] ACPI: Disable ARB_DISABLE on platforms where it is not needed [rhel-5.4.z]
539678 - Fix node to core association [rhel-5.4.z]
539680 - Fix Power-aware scheduling [rhel-5.4.z]
539681 - Fix AMD erratum - server C1E [rhel-5.4.z]
539682 - Fix kernel panic while booting RHEL5 32-bit kernel [rhel-5.4.z]
539683 - [Intel 5.5 FEAT] Oprofile: Add support for arch perfmon - kernel component [rhel-5.4.z]
539684 - EXPERIMENTAL EX/MC: Fix Xen NUMA [rhel-5.4.z]
539685 - [Intel 5.5 FEAT] Fix spinlock issue which causes performance impact on large systems [rhel-5.4.z]
539687 - EXPERIMENTAL MC/EX: Fix APIC error IOMMU issues [rhel-5.4.z]
539688 - EXPERIMENTAL MC/EX: Issue when bringing CPU offline and online with 32-bit kernel [rhel-5.4.z]
539689 - EXPERIMENTAL EX/MC: AMD IOMMU Linux driver with latest BIOS has IO PAGE FAULTS [rhel-5.4.z]
539690 - EXPERIMENTAL MC/EX: Incorrect memory setup can cause Xen crash [rhel-5.4.z]
539691 - [Intel 5.5 BUG] NMI and Watchdog are not disabled on CPU when CPU is off-lined [rhel-5.4.z]
540381 - Broadcom Everest Dual port 10Gb with SFP+ (57711) NIC fails with no link [rhel-5.4.z]
540469 - EXPERIMENTAL EX/MC: Fix node to core issue [rhel-5.4.z]
545583 - kernel panic when doing cpu offline/online frequently on hp-dl785g5-01.rhts.eng.bos.redhat.com [rhel-5.4.z]
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.9.1.el5.src.rpm
i386:
kernel-2.6.18-164.9.1.el5.i686.rpm
kernel-PAE-2.6.18-164.9.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.9.1.el5.i686.rpm
kernel-debug-2.6.18-164.9.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.i686.rpm
kernel-devel-2.6.18-164.9.1.el5.i686.rpm
kernel-headers-2.6.18-164.9.1.el5.i386.rpm
kernel-xen-2.6.18-164.9.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.9.1.el5.i686.rpm
noarch:
kernel-doc-2.6.18-164.9.1.el5.noarch.rpm
x86_64:
kernel-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.9.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.9.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.9.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.9.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.9.1.el5.src.rpm
i386:
kernel-2.6.18-164.9.1.el5.i686.rpm
kernel-PAE-2.6.18-164.9.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.9.1.el5.i686.rpm
kernel-debug-2.6.18-164.9.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.i686.rpm
kernel-devel-2.6.18-164.9.1.el5.i686.rpm
kernel-headers-2.6.18-164.9.1.el5.i386.rpm
kernel-xen-2.6.18-164.9.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.9.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.9.1.el5.i686.rpm
ia64:
kernel-2.6.18-164.9.1.el5.ia64.rpm
kernel-debug-2.6.18-164.9.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.ia64.rpm
kernel-devel-2.6.18-164.9.1.el5.ia64.rpm
kernel-headers-2.6.18-164.9.1.el5.ia64.rpm
kernel-xen-2.6.18-164.9.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-164.9.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.9.1.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-164.9.1.el5.noarch.rpm
ppc:
kernel-2.6.18-164.9.1.el5.ppc64.rpm
kernel-debug-2.6.18-164.9.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.ppc64.rpm
kernel-devel-2.6.18-164.9.1.el5.ppc64.rpm
kernel-headers-2.6.18-164.9.1.el5.ppc.rpm
kernel-headers-2.6.18-164.9.1.el5.ppc64.rpm
kernel-kdump-2.6.18-164.9.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-164.9.1.el5.ppc64.rpm
s390x:
kernel-2.6.18-164.9.1.el5.s390x.rpm
kernel-debug-2.6.18-164.9.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.s390x.rpm
kernel-devel-2.6.18-164.9.1.el5.s390x.rpm
kernel-headers-2.6.18-164.9.1.el5.s390x.rpm
kernel-kdump-2.6.18-164.9.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-164.9.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-164.9.1.el5.s390x.rpm
x86_64:
kernel-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.9.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.9.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.9.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.9.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.9.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2009-3612.html
https://www.redhat.com/security/data/cve/CVE-2009-3620.html
https://www.redhat.com/security/data/cve/CVE-2009-3621.html
https://www.redhat.com/security/data/cve/CVE-2009-3726.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-20536
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2009 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLJ8maXlSAg2UNWIIRAspdAJ9snL9coMoBs6EsIPtbeGSFN1rkVwCfZoZ4
GF10zDJTMEN78Yztkoy4UAU=
=vFYn
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2009:1671-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1671.html
Issue date: 2009-12-15
CVE Names: CVE-2009-2910 CVE-2009-3613 CVE-2009-3620
CVE-2009-3621
=====================================================================
1. Summary:
Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* a flaw was found in the Realtek r8169 Ethernet driver in the Linux
kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU
space exhaustion and a system crash. An attacker on the local network could
trigger this flaw by using jumbo frames for large amounts of network
traffic. (CVE-2009-3613, Important)
* NULL pointer dereference flaws were found in the r128 driver in the Linux
kernel. Checks to test if the Concurrent Command Engine state was
initialized were missing in private IOCTL functions. An attacker could use
these flaws to cause a local denial of service or escalate their
privileges. (CVE-2009-3620, Important)
* an information leak was found in the Linux kernel. On AMD64 systems,
32-bit processes could access and read certain 64-bit registers by
temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)
* the unix_stream_connect() function in the Linux kernel did not check if a
UNIX domain socket was in the shutdown state. This could lead to a
deadlock. A local, unprivileged user could use this flaw to cause a denial
of service. (CVE-2009-3621, Moderate)
This update also fixes the following bugs:
* an iptables rule with the recent module and a hit count value greater
than the ip_pkt_list_tot parameter (the default is 20), did not have any
effect over packets, as the hit count could not be reached. (BZ#529306)
* in environments that use dual-controller storage devices with the cciss
driver, Device-Mapper Multipath maps could not be detected and configured,
due to the cciss driver not exporting the bus attribute via sysfs. This
attribute is now exported. (BZ#529309)
* the kernel crashed with a divide error when a certain joystick was
attached. (BZ#532027)
* a bug in the mptctl_do_mpt_command() function in the mpt driver may have
resulted in crashes during boot on i386 systems with certain adapters using
the mpt driver, and also running the hugemem kernel. (BZ#533798)
* on certain hardware, the igb driver was unable to detect link statuses
correctly. This may have caused problems for network bonding, such as
failover not occurring. (BZ#534105)
* the RHSA-2009:1024 update introduced a regression. After updating to Red
Hat Enterprise Linux 4.8 and rebooting, network links often failed to be
brought up for interfaces using the forcedeth driver. "no link during
initialization" messages may have been logged. (BZ#534112)
* the RHSA-2009:1024 update introduced a second regression. On certain
systems, PS/2 keyboards failed to work. (BZ#537344)
* a bug in checksum offload calculations could have crashed the bnx2x
firmware when the iptable_nat module was loaded, causing network traffic
to stop. (BZ#537013)
* a check has been added to the IPv4 code to make sure that the routing
table data structure, rt, is not NULL, to help prevent future bugs in
functions that call ip_append_data() from being exploitable. (BZ#537016)
* possible kernel pointer dereferences on systems with several NFS mounts
(a mixture of "-o lock" and "-o nolock"), which in rare cases may have
caused a system crash, have been resolved. (BZ#537017)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
526788 - CVE-2009-2910 kernel: x86_64 32 bit process register leak
529137 - CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
529306 - kernel: ipt_recent: sanity check hit count [rhel-4.9] [rhel-4.8.z]
529309 - CCISS device-mapper-multipath support: missing sysfs attributes [rhel-4.8.z]
529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket
532027 - kernel hid-input.c divide error crash [rhel-4.8.z]
533798 - [Cisco/LSI 4.8.z bug] mptctl module dereferences a userspace address, triggering a crash [rhel-4.8.z]
534105 - EL4.8: igb driver fails to detect link status change on SERDES interface [rhel-4.8.z]
534112 - Upgrade from RHEL4U7 to U8 fails to bring up networking with forcedeth driver. [simple patch] [rhel-4.8.z]
537013 - bnx2x fails when iptables is on [rhel-4.8.z]
537016 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-4.8.z]
537017 - NLM: Fix Oops in nlmclnt_mark_reclaim() [rhel-4.8.z]
537344 - RHEL4.8 regression: PS/2 keyboard doesn't work on PRIMERGY TX120S1 [rhel-4.8.z]
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm
i386:
kernel-2.6.9-89.0.18.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm
kernel-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm
ia64:
kernel-2.6.9-89.0.18.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm
kernel-devel-2.6.9-89.0.18.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-89.0.18.EL.noarch.rpm
ppc:
kernel-2.6.9-89.0.18.EL.ppc64.rpm
kernel-2.6.9-89.0.18.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.18.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.18.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.18.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.ppc64.rpm
s390:
kernel-2.6.9-89.0.18.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.s390.rpm
kernel-devel-2.6.9-89.0.18.EL.s390.rpm
s390x:
kernel-2.6.9-89.0.18.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.s390x.rpm
kernel-devel-2.6.9-89.0.18.EL.s390x.rpm
x86_64:
kernel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm
i386:
kernel-2.6.9-89.0.18.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm
kernel-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm
noarch:
kernel-doc-2.6.9-89.0.18.EL.noarch.rpm
x86_64:
kernel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm
i386:
kernel-2.6.9-89.0.18.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm
kernel-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm
ia64:
kernel-2.6.9-89.0.18.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm
kernel-devel-2.6.9-89.0.18.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-89.0.18.EL.noarch.rpm
x86_64:
kernel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm
i386:
kernel-2.6.9-89.0.18.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm
kernel-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-2.6.9-89.0.18.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-2.6.9-89.0.18.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm
ia64:
kernel-2.6.9-89.0.18.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm
kernel-devel-2.6.9-89.0.18.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-89.0.18.EL.noarch.rpm
x86_64:
kernel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2009-2910.html
https://www.redhat.com/security/data/cve/CVE-2009-3613.html
https://www.redhat.com/security/data/cve/CVE-2009-3620.html
https://www.redhat.com/security/data/cve/CVE-2009-3621.html
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2009 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLJ8m7XlSAg2UNWIIRAsWJAJ4mEMYJQj0Ip6III9iOvjX2Sy8IUwCfQn4X
Fcu+dr6IYIeh7sWonyPng2A=
=Sw46
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2009:1672-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1672.html
Issue date: 2009-12-15
CVE Names: CVE-2009-2695 CVE-2009-3547
=====================================================================
1. Summary:
Updated kernel packages that fix multiple security issues and one bug are
now available for Red Hat Enterprise Linux 5.2 Extended Update Support.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* a system with SELinux enforced was more permissive in allowing local
users in the unconfined_t domain to map low memory areas even if the
mmap_min_addr restriction was enabled. This could aid in the local
exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)
* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
be released by other processes before it is used to update the pipe's
reader and writer counters. This could lead to a local denial of service or
privilege escalation. (CVE-2009-3547, Important)
This update also fixes the following bug:
* a bug in the IPv6 implementation in the Linux kernel could have caused an
unbalanced reference count. When using network bonding, this bug may have
caused a hang when shutting the system down via "shutdown -h", or prevented
the network service from being stopped via "service network stop".
(BZ#538409)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
517830 - CVE-2009-2695 kernel: SELinux and mmap_min_addr
530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference
538409 - Unbalance reference count in ndisc_recv_ns [rhel-5.2.z]
6. Package List:
Red Hat Enterprise Linux (v. 5.2.z server):
Source:
kernel-2.6.18-92.1.32.el5.src.rpm
i386:
kernel-2.6.18-92.1.32.el5.i686.rpm
kernel-PAE-2.6.18-92.1.32.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.32.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.32.el5.i686.rpm
kernel-debug-2.6.18-92.1.32.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.32.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.32.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.32.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.32.el5.i686.rpm
kernel-devel-2.6.18-92.1.32.el5.i686.rpm
kernel-headers-2.6.18-92.1.32.el5.i386.rpm
kernel-xen-2.6.18-92.1.32.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.32.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.32.el5.i686.rpm
ia64:
kernel-2.6.18-92.1.32.el5.ia64.rpm
kernel-debug-2.6.18-92.1.32.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.32.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.32.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.32.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.32.el5.ia64.rpm
kernel-devel-2.6.18-92.1.32.el5.ia64.rpm
kernel-headers-2.6.18-92.1.32.el5.ia64.rpm
kernel-xen-2.6.18-92.1.32.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.32.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.32.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-92.1.32.el5.noarch.rpm
ppc:
kernel-2.6.18-92.1.32.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.32.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.32.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.32.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.32.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.32.el5.ppc.rpm
kernel-headers-2.6.18-92.1.32.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.32.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.32.el5.ppc64.rpm
s390x:
kernel-2.6.18-92.1.32.el5.s390x.rpm
kernel-debug-2.6.18-92.1.32.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.32.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.32.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.32.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.32.el5.s390x.rpm
kernel-devel-2.6.18-92.1.32.el5.s390x.rpm
kernel-headers-2.6.18-92.1.32.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.32.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.32.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.32.el5.s390x.rpm
x86_64:
kernel-2.6.18-92.1.32.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.32.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.32.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.32.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.32.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.32.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.32.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.32.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2009-2695.html
https://www.redhat.com/security/data/cve/CVE-2009-3547.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-20481
http://kbase.redhat.com/faq/docs/DOC-18042
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2009 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLJ8nSXlSAg2UNWIIRAuGnAJ9efdo7qm9BIyy6BShaIuL/xM/gYQCgmi+Q
lJzYPF4hmKplmx4ibhEhB4Y=
=Q//E
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLKDg6NVH5XJJInbgRAvL7AJ9M7Y1NUCNAlU7WtcHEOc0JxYBX6QCfcETk
FaWrBxSObtyXqcIokCzgozQ=
=3T6G
-----END PGP SIGNATURE-----