LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: kernel security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 4 kernel are now available. A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2007:0939-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0939.html
Issue date:        2007-11-01
Updated on:        2007-11-01
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-6921 CVE-2007-2878 CVE-2007-3105 
                   CVE-2007-3739 CVE-2007-3740 CVE-2007-3843 
                   CVE-2007-3848 CVE-2007-4308 CVE-2007-4571 
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix various security issues in the Red Hat
Enterprise Linux 4 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Problem description:

The Linux kernel is the core of the operating system.

These updated kernel packages contain fixes for the following security
issues:

* A flaw was found in the handling of process death signals. This allowed a
local user to send arbitrary signals to the suid-process executed by that
user. A successful exploitation of this flaw depends on the structure of
the suid-program and its signal handling. (CVE-2007-3848, Important)

* A flaw was found in the CIFS file system. This could cause the umask
values of a process to not be honored on CIFS file systems where UNIX
extensions are supported. (CVE-2007-3740, Important)

* A flaw was found in the VFAT compat ioctl handling on 64-bit systems. 
This allowed a local user to corrupt a kernel_dirent struct and cause a
denial of service. (CVE-2007-2878, Important) 

* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local
user who had the ability to read the /proc/driver/snd-page-alloc file could
see portions of kernel memory. (CVE-2007-4571, Moderate) 

* A flaw was found in the aacraid SCSI driver. This allowed a local user to
make ioctl calls to the driver that should be restricted to privileged
users. (CVE-2007-4308, Moderate) 

* A flaw was found in the stack expansion when using the hugetlb kernel on
PowerPC systems. This allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate) 

* A flaw was found in the handling of zombie processes. A local user could
create processes that would not be properly reaped which could lead to a
denial of service. (CVE-2006-6921, Moderate)

* A flaw was found in the CIFS file system handling. The mount option
"sec=" did not enable integrity checking or produce an error message if
used. (CVE-2007-3843, Low)

* A flaw was found in the random number generator implementation that
allowed a local user to cause a denial of service or possibly gain
privileges. This flaw could be exploited if the root user raised the
default wakeup threshold over the size of the output pool.
(CVE-2007-3105, Low)

Additionally, the following bugs were fixed:

* A flaw was found in the kernel netpoll code, creating a potential
deadlock condition.  If the xmit_lock for a given network interface is
held, and a subsequent netpoll event is generated from within the lock
owning context (a console message for example), deadlock on that cpu will
result, because the netpoll code will attempt to re-acquire the xmit_lock.
 The fix is to, in the netpoll code, only attempt to take the lock, and
fail if it is already acquired (rather than block on it), and queue the
message to be sent for later delivery.  Any user of netpoll code in the
kernel (netdump or netconsole services), is exposed to this problem, and
should resolve the issue by upgrading to this kernel release immediately.

* A flaw was found where, under 64-bit mode (x86_64), AMD processors were
not able to address greater than a 40-bit physical address space; and Intel
processors were only able to address up to a 36-bit physical address space. 
The fix is to increase the physical addressing for an AMD processor to 48
bits, and an Intel processor to 38 bits.  Please see the Red Hat
Knowledgebase for more detailed information.

* A flaw was found in the xenU kernel that may prevent a paravirtualized
guest with more than one CPU from starting when running under an Enterprise
Linux 5.1 hypervisor.  The fix is to allow your Enterprise Linux 4 Xen SMP
guests to boot under a 5.1 hypervisor. Please see the Red Hat Knowledgebase
for more detailed information.
 
Red Hat Enterprise Linux 4 users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

247726 - CVE-2007-2878 VFAT compat ioctls DoS on 64-bit
248126 - autofs problem with symbolic links
248325 - CVE-2007-3105 Bound check ordering issue in random driver
250972 - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG
252309 - CVE-2007-4308 Missing ioctl() permission checks in aacraid driver
275881 - CVE-2007-3740 CIFS should honor umask
275901 - CVE-2007-3843 CIFS signing sec= mount options don't work correctly
282351 - [PATCH] Fix memory leak of dma_alloc_coherent() on x86_64
288961 - CVE-2007-4571 ALSA memory disclosure flaw
294941 - CVE-2007-3739 LTC36188-Don't allow the stack to grow into hugetlb reserved regions
302921 - CVE-2006-6921 denial of service with wedged processes
320791 - EL4.5: Improperly flushed TLBs may lead to Machine check errors

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1  kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378  kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e  kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3  kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e  kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c  kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00  kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4  kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1  kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23  kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

ia64:
5b0f989940a5674f891afca5c01908a6  kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d  kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40  kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af  kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107  kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c  kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

ppc:
54843a74a5870f93d67cc67363426524  kernel-2.6.9-55.0.12.EL.ppc64.rpm
d518efa6e99b1d20efec593cab333c91  kernel-2.6.9-55.0.12.EL.ppc64iseries.rpm
d148cbdb91d2744a01a5428d145a7c69  kernel-debuginfo-2.6.9-55.0.12.EL.ppc64.rpm
3840facd65c5d75a69a6ad6f241138f9  kernel-debuginfo-2.6.9-55.0.12.EL.ppc64iseries.rpm
2ce87d2e205bcba663afc222b9506c1c  kernel-devel-2.6.9-55.0.12.EL.ppc64.rpm
e2710ec08d15547dc24c1ed9d287f04d  kernel-devel-2.6.9-55.0.12.EL.ppc64iseries.rpm
cf26e13843a00f1c85b70444cf5f9c1b  kernel-largesmp-2.6.9-55.0.12.EL.ppc64.rpm
1e1258a0c4f4ae4f17b385f7916e0b2f  kernel-largesmp-devel-2.6.9-55.0.12.EL.ppc64.rpm

s390:
313162103b8a455a3d83db5ea9b4c84f  kernel-2.6.9-55.0.12.EL.s390.rpm
bf5c132eb2f9cc56e429d13a29a8e524  kernel-debuginfo-2.6.9-55.0.12.EL.s390.rpm
27305956f172c034301649f12bd7c6c8  kernel-devel-2.6.9-55.0.12.EL.s390.rpm

s390x:
cdef1657e7a0e86b00700374c3c76242  kernel-2.6.9-55.0.12.EL.s390x.rpm
319e563576da0b695b348927c503740e  kernel-debuginfo-2.6.9-55.0.12.EL.s390x.rpm
e3b4ae4f46b2cdd8c94d296b85a54330  kernel-devel-2.6.9-55.0.12.EL.s390x.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e  kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c  kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534  kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a  kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631  kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69  kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c  kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b  kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a  kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1  kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378  kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e  kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3  kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e  kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c  kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00  kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4  kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1  kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23  kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c  kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e  kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c  kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534  kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a  kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631  kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69  kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c  kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b  kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a  kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1  kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378  kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e  kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3  kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e  kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c  kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00  kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4  kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1  kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23  kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

ia64:
5b0f989940a5674f891afca5c01908a6  kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d  kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40  kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af  kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107  kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c  kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e  kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c  kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534  kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a  kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631  kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69  kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c  kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b  kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a  kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-55.0.12.EL.src.rpm
05de745759b5c8a22ca6b5e3ca43d9c1  kernel-2.6.9-55.0.12.EL.src.rpm

i386:
e4502cfa841859482a9e656a00dfa378  kernel-2.6.9-55.0.12.EL.i686.rpm
265629a984fdf2e1ce7839ce56a66d0e  kernel-debuginfo-2.6.9-55.0.12.EL.i686.rpm
4c8f00e190b9776a76c9166fae07f4d3  kernel-devel-2.6.9-55.0.12.EL.i686.rpm
3415929d9860d0ce93a62e3bed2a1c4e  kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
affd7729217f9d7e2cc4b67b8aaa3e0c  kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
e1d8a0aa1c0fc1a7320a5cddae9d4b00  kernel-smp-2.6.9-55.0.12.EL.i686.rpm
31855f5d50144c07ac1d9b33ee4b83c4  kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
86ba089d0c80db2a3e0be5b780628bb1  kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
9083f2e35e2c34c6750f6d0415641b23  kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm

ia64:
5b0f989940a5674f891afca5c01908a6  kernel-2.6.9-55.0.12.EL.ia64.rpm
1a270633d11ea644a36b11d710239d1d  kernel-debuginfo-2.6.9-55.0.12.EL.ia64.rpm
8758ee9e4b451c34122d5988b9e43a40  kernel-devel-2.6.9-55.0.12.EL.ia64.rpm
fbc45681c832a80c66dfe7716d76d0af  kernel-largesmp-2.6.9-55.0.12.EL.ia64.rpm
8daedec74af48be4e0a1a783533a3107  kernel-largesmp-devel-2.6.9-55.0.12.EL.ia64.rpm

noarch:
01a3c553a08e89baebbdf5b1f511279c  kernel-doc-2.6.9-55.0.12.EL.noarch.rpm

x86_64:
ca11df7a9e610c5ad9bac211f002677e  kernel-2.6.9-55.0.12.EL.x86_64.rpm
76fea225ad7e2f050effcfb929ee130c  kernel-debuginfo-2.6.9-55.0.12.EL.x86_64.rpm
907f67f0036f60e010b77eef5712c534  kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
faeb64ba6233c9f076d2e56ffc25a70a  kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
3bc2b6e31638997ef62ce46163d63631  kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
52b44370c80747d3635d3f08843ddb69  kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
a619ed2995512e918c9452311b38b25c  kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
3e61075647e1d82e91933b191d68d04b  kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
4694b9d4f08f0950a8c87f60cdac749a  kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571
http://kbase.redhat.com/
http://kbase.redhat.com/faq/FAQ_42_11697.shtm
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Encryption goof fixed in TorrentLocker file-locking malware
Qubes: The Open Source OS Built for Security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.