Synopsis: Important: kernel security, bug fix, and enhancement update Issue date: 2010-05-05 CVE Names: CVE-2010-0729 CVE-2010-1083 CVE-2010-1085 CVE-2010-1086 CVE-2010-1188 Security fixes: * Kernel update 2.6.9-89.EL introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important) * a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important) * a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important) * a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate) * an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low) Bug fixes: * a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot. (BZ#567205) * the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Scientific Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM. (BZ#574392) * Kernel update 2.6.9-89.EL introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234) * a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089) * on some systems, using the "arp_validate=3" bonding option caused both links to show as "down" even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842) * in some circumstances, when a Scientific Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic. "bad_inode_ops" handling was changed to prevent this. Note: filehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908) * when installing a Scientific Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911) Enhancements: * kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly. (BZ#563223) * support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events. (BZ#582913) * kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241) The system must be rebooted for this update to take effect. SL 4.x SRPMS: kernel-2.6.9-89.0.25.EL.src.rpm i386: kernel-2.6.9-89.0.25.EL.i686.rpm kernel-devel-2.6.9-89.0.25.EL.i686.rpm kernel-doc-2.6.9-89.0.25.EL.noarch.rpm kernel-hugemem-2.6.9-89.0.25.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.25.EL.i686.rpm kernel-smp-2.6.9-89.0.25.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.25.EL.i686.rpm kernel-xenU-2.6.9-89.0.25.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.25.EL.i686.rpm Dependancies: kernel-module-fuse-2.6.9-89.0.25.EL-2.7.3-1.SL.i686.rpm kernel-module-fuse-2.6.9-89.0.25.ELhugemem-2.7.3-1.SL.i686.rpm kernel-module-fuse-2.6.9-89.0.25.ELsmp-2.7.3-1.SL.i686.rpm kernel-module-fuse-2.6.9-89.0.25.ELxenU-2.7.3-1.SL.i686.rpm kernel-module-ipw3945-2.6.9-89.0.25.EL-1.1.0-1.SL4.i686.rpm kernel-module-ipw3945-2.6.9-89.0.25.ELhugemem-1.1.0-1.SL4.i686.rpm kernel-module-ipw3945-2.6.9-89.0.25.ELsmp-1.1.0-1.SL4.i686.rpm kernel-module-ipw3945-2.6.9-89.0.25.ELxenU-1.1.0-1.SL4.i686.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.EL-1.41-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.ELhugemem-1.41-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.ELsmp-1.41-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.ELxenU-1.41-1.SL.i686.rpm kernel-module-openafs-2.6.9-89.0.25.EL-1.4.7-68.2.SL4.i686.rpm kernel-module-openafs-2.6.9-89.0.25.ELhugemem-1.4.7-68.2.SL4.i686.rpm kernel-module-openafs-2.6.9-89.0.25.ELsmp-1.4.7-68.2.SL4.i686.rpm kernel-module-openafs-2.6.9-89.0.25.ELxenU-1.4.7-68.2.SL4.i686.rpm kernel-module-r1000-2.6.9-89.0.25.EL-2.2-2.SL4x.i686.rpm kernel-module-r1000-2.6.9-89.0.25.ELhugemem-2.2-2.SL4x.i686.rpm kernel-module-r1000-2.6.9-89.0.25.ELsmp-2.2-2.SL4x.i686.rpm kernel-module-r1000-2.6.9-89.0.25.ELxenU-2.2-2.SL4x.i686.rpm kernel-module-squashfs-2.6.9-89.0.25.EL-3.1.2-3.i686.rpm kernel-module-squashfs-2.6.9-89.0.25.ELhugemem-3.1.2-3.i686.rpm kernel-module-squashfs-2.6.9-89.0.25.ELsmp-3.1.2-3.i686.rpm kernel-module-squashfs-2.6.9-89.0.25.ELxenU-3.1.2-3.i686.rpm kernel-module-unionfs-2.6.9-89.0.25.EL-1.1.5-3.i686.rpm kernel-module-unionfs-2.6.9-89.0.25.ELsmp-1.1.5-3.i686.rpm x86_64: kernel-2.6.9-89.0.25.EL.x86_64.rpm kernel-devel-2.6.9-89.0.25.EL.x86_64.rpm kernel-doc-2.6.9-89.0.25.EL.noarch.rpm kernel-largesmp-2.6.9-89.0.25.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.25.EL.x86_64.rpm kernel-smp-2.6.9-89.0.25.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.25.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.25.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.25.EL.x86_64.rpm Dependancies: kernel-module-fuse-2.6.9-89.0.25.EL-2.7.3-1.SL.x86_64.rpm kernel-module-fuse-2.6.9-89.0.25.ELlargesmp-2.7.3-1.SL.x86_64.rpm kernel-module-fuse-2.6.9-89.0.25.ELsmp-2.7.3-1.SL.x86_64.rpm kernel-module-fuse-2.6.9-89.0.25.ELxenU-2.7.3-1.SL.x86_64.rpm kernel-module-ipw3945-2.6.9-89.0.25.EL-1.1.0-1.SL4.x86_64.rpm kernel-module-ipw3945-2.6.9-89.0.25.ELlargesmp-1.1.0-1.SL4.x86_64.rpm kernel-module-ipw3945-2.6.9-89.0.25.ELsmp-1.1.0-1.SL4.x86_64.rpm kernel-module-ipw3945-2.6.9-89.0.25.ELxenU-1.1.0-1.SL4.x86_64.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.EL-1.41-1.SL.x86_64.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.ELlargesmp-1.41-1.SL.x86_64.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.ELsmp-1.41-1.SL.x86_64.rpm kernel-module-ndiswrapper-2.6.9-89.0.25.ELxenU-1.41-1.SL.x86_64.rpm kernel-module-openafs-2.6.9-89.0.25.EL-1.4.7-68.2.SL4.x86_64.rpm kernel-module-openafs-2.6.9-89.0.25.ELlargesmp-1.4.7-68.2.SL4.x86_64.rpm kernel-module-openafs-2.6.9-89.0.25.ELsmp-1.4.7-68.2.SL4.x86_64.rpm kernel-module-openafs-2.6.9-89.0.25.ELxenU-1.4.7-68.2.SL4.x86_64.rpm kernel-module-r1000-2.6.9-89.0.25.EL-2.2-2.SL4x.x86_64.rpm kernel-module-r1000-2.6.9-89.0.25.ELlargesmp-2.2-2.SL4x.x86_64.rpm kernel-module-r1000-2.6.9-89.0.25.ELsmp-2.2-2.SL4x.x86_64.rpm kernel-module-r1000-2.6.9-89.0.25.ELxenU-2.2-2.SL4x.x86_64.rpm kernel-module-squashfs-2.6.9-89.0.25.EL-3.1.2-3.x86_64.rpm kernel-module-squashfs-2.6.9-89.0.25.ELlargesmp-3.1.2-3.x86_64.rpm kernel-module-squashfs-2.6.9-89.0.25.ELsmp-3.1.2-3.x86_64.rpm kernel-module-squashfs-2.6.9-89.0.25.ELxenU-3.1.2-3.x86_64.rpm kernel-module-unionfs-2.6.9-89.0.25.EL-1.1.5-3.x86_64.rpm kernel-module-unionfs-2.6.9-89.0.25.ELsmp-1.1.5-3.x86_64.rpm -Connie Sieh -Troy Dawson