Synopsis: Important: kernel security and bug fix update
Issue date: 2010-06-15
CVE Names: CVE-2009-3726 CVE-2010-1173 CVE-2010-1437
Security fixes:
* a NULL pointer dereference flaw was found in the Linux kernel NFSv4
implementation. Several of the NFSv4 file locking functions failed to
check whether a file had been opened on the server before performing
locking operations on it. A local, unprivileged user on a system with an
NFSv4 share mounted could possibly use this flaw to cause a kernel panic
(denial of service) or escalate their privileges. (CVE-2009-3726, Important)
* a flaw was found in the sctp_process_unk_param() function in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. A
remote attacker could send a specially-crafted SCTP packet to an SCTP
listening port on a target system, causing a kernel panic (denial of
service). (CVE-2010-1173, Important)
* a race condition between finding a keyring by name and destroying a
freed keyring was found in the Linux kernel key management facility. A
local, unprivileged user could use this flaw to cause a kernel panic
(denial of service) or escalate their privileges. (CVE-2010-1437, Important)
Red Hat would like to thank Simon Vallet for responsibly reporting
CVE-2009-3726; and Jukka Taimisto and Olli Jarva of Codenomicon Ltd,
Nokia Siemens Networks, and Wind River on behalf of their customer, for
responsibly reporting CVE-2010-1173.
Bug fixes:
* RHBA-2007:0791 introduced a regression in the Journaling Block Device
(JBD). Under certain circumstances, removing a large file (such as 300
MB or more) did not result in inactive memory being freed, leading to
the system having a large amount of inactive memory. Now, the memory is
correctly freed. (BZ#589155)
* the timer_interrupt() routine did not scale lost real ticks to logical
ticks correctly, possibly causing time drift for 64-bit Scientific Linux
4 KVM (Kernel-based Virtual Machine) guests that were booted with the
"divider=x" kernel parameter set to a value greater than 1. "warning:
many lost ticks" messages may have been logged on the affected guest
systems. (BZ#590551)
* a bug could have prevented NFSv3 clients from having the most
up-to-date file attributes for files on a given NFSv3 file system. In
cases where a file type changed, such as if a file was removed and
replaced with a directory of the same name, the NFSv3 client may not
have noticed this change until stat(2) was called (for example, by
running "ls -l"). (BZ#596372)
* RHBA-2007:0791 introduced bugs in the Linux kernel PCI-X subsystem.
These could have caused a system deadlock on some systems where the BIOS
set the default Maximum Memory Read Byte Count (MMRBC) to 4096, and that
also use the Intel PRO/1000 Linux driver, e1000. Errors such as "e1000:
eth[x]: e1000_clean_tx_irq: Detected Tx Unit Hang" were logged. (BZ#596374)
* an out of memory condition in a KVM guest, using the virtio-net
network driver and also under heavy network stress, could have resulted
in that guest being unable to receive network traffic. Users had to
manually remove and re-add the virtio_net module and restart the network
service before networking worked as expected. Such memory conditions no
longer prevent KVM guests receiving network traffic. (BZ#597310)
* when an SFQ qdisc that limited the queue size to two packets was added
to a network interface, sending traffic through that interface resulted
in a kernel crash. Such a qdisc no longer results in a kernel crash.
(BZ#597312)
* when an NFS client opened a file with the O_TRUNC flag set, it
received a valid stateid, but did not use that stateid to perform the
SETATTR call. Such cases were rejected by Red Hat Enterprise Linux 4 NFS
servers with an "NFS4ERR_BAD_STATEID" error, possibly preventing some
NFS clients from writing files to an NFS file system. (BZ#597314)
The system must be rebooted for this update to take effect.
SL 4.x
SRPMS:
kernel-2.6.9-89.0.26.EL.src.rpm
Dependancies:
cman-kernel-2.6.9-56.7.el4_8.15.src.rpm
cmirror-kernel-2.6.9-43.12.el4_8.12.src.rpm
dlm-kernel-2.6.9-58.6.el4_8.17.src.rpm
GFS-kernel-2.6.9-85.2.el4_8.13.src.rpm
gnbd-kernel-2.6.9-10.56.el4_8.14.src.rpm
i386:
kernel-2.6.9-89.0.26.EL.i686.rpm
kernel-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-doc-2.6.9-89.0.26.EL.noarch.rpm
kernel-hugemem-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.i686.rpm
Dependancy:
cman-kernel-2.6.9-56.7.el4_8.15.i686.rpm
cman-kernel-hugemem-2.6.9-56.7.el4_8.15.i686.rpm
cman-kernel-smp-2.6.9-56.7.el4_8.15.i686.rpm
cman-kernel-xenU-2.6.9-56.7.el4_8.15.i686.rpm
cman-kernheaders-2.6.9-56.7.el4_8.15.i686.rpm
cmirror-kernel-2.6.9-43.12.el4_8.12.i686.rpm
cmirror-kernel-hugemem-2.6.9-43.12.el4_8.12.i686.rpm
cmirror-kernel-smp-2.6.9-43.12.el4_8.12.i686.rpm
cmirror-kernel-xenU-2.6.9-43.12.el4_8.12.i686.rpm
dlm-kernel-2.6.9-58.6.el4_8.17.i686.rpm
dlm-kernel-hugemem-2.6.9-58.6.el4_8.17.i686.rpm
dlm-kernel-smp-2.6.9-58.6.el4_8.17.i686.rpm
dlm-kernel-xenU-2.6.9-58.6.el4_8.17.i686.rpm
dlm-kernheaders-2.6.9-58.6.el4_8.17.i686.rpm
GFS-kernel-2.6.9-85.2.el4_8.13.i686.rpm
GFS-kernel-hugemem-2.6.9-85.2.el4_8.13.i686.rpm
GFS-kernel-smp-2.6.9-85.2.el4_8.13.i686.rpm
GFS-kernel-xenU-2.6.9-85.2.el4_8.13.i686.rpm
GFS-kernheaders-2.6.9-85.2.el4_8.13.i686.rpm
gnbd-kernel-2.6.9-10.56.el4_8.14.i686.rpm
gnbd-kernel-hugemem-2.6.9-10.56.el4_8.14.i686.rpm
gnbd-kernel-smp-2.6.9-10.56.el4_8.14.i686.rpm
gnbd-kernel-xenU-2.6.9-10.56.el4_8.14.i686.rpm
gnbd-kernheaders-2.6.9-10.56.el4_8.14.i686.rpm
kernel-module-fuse-2.6.9-89.0.26.EL-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-89.0.26.ELhugemem-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-89.0.26.ELsmp-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-89.0.26.ELxenU-2.7.3-1.SL.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.26.EL-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.26.ELhugemem-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.26.ELsmp-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.26.ELxenU-1.1.0-1.SL4.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.EL-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.ELhugemem-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.ELsmp-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.ELxenU-1.41-1.SL.i686.rpm
kernel-module-openafs-2.6.9-89.0.26.EL-1.4.7-68.2.SL4.i686.rpm
kernel-module-openafs-2.6.9-89.0.26.ELhugemem-1.4.7-68.2.SL4.i686.rpm
kernel-module-openafs-2.6.9-89.0.26.ELsmp-1.4.7-68.2.SL4.i686.rpm
kernel-module-openafs-2.6.9-89.0.26.ELxenU-1.4.7-68.2.SL4.i686.rpm
kernel-module-r1000-2.6.9-89.0.26.EL-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-89.0.26.ELhugemem-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-89.0.26.ELsmp-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-89.0.26.ELxenU-2.2-2.SL4x.i686.rpm
kernel-module-squashfs-2.6.9-89.0.26.EL-3.1.2-3.i686.rpm
kernel-module-squashfs-2.6.9-89.0.26.ELhugemem-3.1.2-3.i686.rpm
kernel-module-squashfs-2.6.9-89.0.26.ELsmp-3.1.2-3.i686.rpm
kernel-module-squashfs-2.6.9-89.0.26.ELxenU-3.1.2-3.i686.rpm
kernel-module-unionfs-2.6.9-89.0.26.EL-1.1.5-3.i686.rpm
kernel-module-unionfs-2.6.9-89.0.26.ELsmp-1.1.5-3.i686.rpm
x86_64:
kernel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-doc-2.6.9-89.0.26.EL.noarch.rpm
kernel-largesmp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.x86_64.rpm
Dependancies:
cman-kernel-2.6.9-56.7.el4_8.15.x86_64.rpm
cman-kernel-largesmp-2.6.9-56.7.el4_8.15.x86_64.rpm
cman-kernel-smp-2.6.9-56.7.el4_8.15.x86_64.rpm
cman-kernel-xenU-2.6.9-56.7.el4_8.15.x86_64.rpm
cman-kernheaders-2.6.9-56.7.el4_8.15.x86_64.rpm
cmirror-kernel-2.6.9-43.12.el4_8.12.x86_64.rpm
cmirror-kernel-largesmp-2.6.9-43.12.el4_8.12.x86_64.rpm
cmirror-kernel-smp-2.6.9-43.12.el4_8.12.x86_64.rpm
cmirror-kernel-xenU-2.6.9-43.12.el4_8.12.x86_64.rpm
dlm-kernel-2.6.9-58.6.el4_8.17.x86_64.rpm
dlm-kernel-largesmp-2.6.9-58.6.el4_8.17.x86_64.rpm
dlm-kernel-smp-2.6.9-58.6.el4_8.17.x86_64.rpm
dlm-kernel-xenU-2.6.9-58.6.el4_8.17.x86_64.rpm
dlm-kernheaders-2.6.9-58.6.el4_8.17.x86_64.rpm
GFS-kernel-2.6.9-85.2.el4_8.13.x86_64.rpm
GFS-kernel-largesmp-2.6.9-85.2.el4_8.13.x86_64.rpm
GFS-kernel-smp-2.6.9-85.2.el4_8.13.x86_64.rpm
GFS-kernel-xenU-2.6.9-85.2.el4_8.13.x86_64.rpm
GFS-kernheaders-2.6.9-85.2.el4_8.13.x86_64.rpm
gnbd-kernel-2.6.9-10.56.el4_8.14.x86_64.rpm
gnbd-kernel-largesmp-2.6.9-10.56.el4_8.14.x86_64.rpm
gnbd-kernel-smp-2.6.9-10.56.el4_8.14.x86_64.rpm
gnbd-kernel-xenU-2.6.9-10.56.el4_8.14.x86_64.rpm
gnbd-kernheaders-2.6.9-10.56.el4_8.14.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.26.EL-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.26.ELlargesmp-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.26.ELsmp-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.26.ELxenU-2.7.3-1.SL.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.26.EL-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.26.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.26.ELsmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.26.ELxenU-1.1.0-1.SL4.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.EL-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.ELlargesmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.ELsmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.26.ELxenU-1.41-1.SL.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.26.EL-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.26.ELlargesmp-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.26.ELsmp-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.26.ELxenU-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.26.EL-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.26.ELlargesmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.26.ELsmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.26.ELxenU-2.2-2.SL4x.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.26.EL-3.1.2-3.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.26.ELlargesmp-3.1.2-3.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.26.ELsmp-3.1.2-3.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.26.ELxenU-3.1.2-3.x86_64.rpm
kernel-module-unionfs-2.6.9-89.0.26.EL-1.1.5-3.x86_64.rpm
kernel-module-unionfs-2.6.9-89.0.26.ELsmp-1.1.5-3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|