-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Enterprise Linux 4.9 kernel security and
bug fix update
Advisory ID: RHSA-2011:0263-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0263.html
Issue date: 2011-02-16
CVE Names: CVE-2010-4527 CVE-2010-4655 CVE-2011-0521
=====================================================================
1. Summary:
Updated kernel packages that fix three security issues, hundreds of bugs,
and add numerous enhancements are now available as part of the ongoing
support and maintenance of Red Hat Enterprise Linux version 4. This is the
ninth regular update.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x,
x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* A buffer overflow flaw was found in the load_mixer_volumes() function in
the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC
systems, a local, unprivileged user could use this flaw to cause a denial
of service or escalate their privileges. (CVE-2010-4527, Important)
* A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel's av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)
* A missing initialization flaw was found in the ethtool_get_regs()
function in the Linux kernel's ethtool IOCTL handler. A local user who has
the CAP_NET_ADMIN capability could use this flaw to cause an information
leak. (CVE-2010-4655, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and
Kees Cook for reporting CVE-2010-4655.
These updated kernel packages also fix hundreds of bugs and add numerous
enhancements. For details on individual bug fixes and enhancements included
in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes,
linked to in the References section.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.
5. Bugs fixed (http://bugzilla.redhat.com/):
176848 - NLM: Fix Oops in nlmclnt_mark_reclaim()
189918 - kernel: serious ugliness in iget() uses by nfsd [rhel-4.9]
217829 - Powernow driver does not work properly with different voltage CPUs
247116 - RFE: Add debug to bonding driver as module option
396631 - Increase timeout for device connection on boot
427998 - RHEL4: Can enter no tick idle mode with RCU pending leading to hang
445957 - Change "decode_getfattr: xdr error %d!" to dprintk
456047 - Kernel Panic at end_bio_bh_io_sync+44
456649 - xenbus suspend_mutex remains locked after transaction failure
457519 - groups_search() cannot handle large gid correctly
459466 - kernel: binfmt_misc.c: avoid potential kernel stack overflow
[rhel-4.8]
459499 - proc_loginuid_write() uses simple_strtoul() on non-terminated array
461038 - el4u5 pv guest user coredump crashing system
462717 - IPVS wrr scheduler bug
472752 - BUG() in end_buffer_async_write()
476700 - Loss of USB HID devices when switching with a KVM
479090 - Panic in do_cciss_intr removeQ
479264 - [RHEL4] lost siginfo when a signal queue is full
480404 - kernel BUG at fs/mpage.c:417!
480937 - RHEL-4: Deadlock in Xen netfront driver.
481292 - [RHEL4.7] Original ether's status is keeping PROMISC MULTICAST
mode
481371 - PG_error bit is never cleared, even when a fresh I/O to the page
succeeds
483783 - kernel hid-input.c divide error crash
484415 - CCISS device-mapper-multipath support: missing sysfs attributes
485904 - [RHEL4] Netfilter modules unloading hangs
488931 - ACLs on NFS mounted directories disappear
490148 - Xen domU, RAID1, LVM, iscsi target export with blockio bug
491284 - [x86_64]: copy_user_c can zero more data than needed
492868 - Xen guest kernel advertises absolute mouse pointer feature which it
is incapable of setting up correctly
493780 - EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang)
494404 - [RHEL4.5] Even if a process have received data but schedule() in
select() cannot return
494688 - e1000e: sporadic hang in netdump
495858 - show_partition() oops when race with rescan_partitions().
496201 - [RHEL4] Nscd consumes many cpu resources ( nearly 100% ) continuously.
496205 - PVFB frontend can send bogus screen updates
496206 - xenkbd can crash when probe fails
496209 - PVFB frontend mouse wheel support
498012 - Bonding driver updelay parameter actual behavior doesn't match
documented behavior
499355 - e1000_clean_tx_irq: Detected Tx Unit Hang
499548 - kernel: proc: avoid information leaks to non-privileged processes
[rhel-4.9]
499848 - [RHEL4-U8] Kernel - testing NMI watchdog ... CPU#0: NMI appears to be
stuck (0)!
500637 - A bond's preferred primary setting is lost after bringing down and
up of the primary slave.
500889 - Various IPv4/v6 SNMP counter fixes
500904 - renaming file on a share w/o write permissions causes oops
501064 - [Stratus 4.9 bug] panic reading /proc/bus/input/devices during input
device removal
501335 - oops in nfs4_put_open_state
501500 - oops in nfsd_svc after forced unmount of stale nfs4 filesystem and
reboot
501844 - kernel: random: ICE at get_random_int() [rhel-4.3]
502473 - Failure logging execve with lots of arguments
502884 - NFSv4 Issue/slowdown when testing against the NetApp server
503489 - [NetApp 4.8 bug] Issues with "qioctlmod" module on RHEL4.8
hosts with QLogic FC inbox drivers
503762 - Adding bonding in balance-alb mode to bridge cause network
connectivity to be lost [rhel-4.9]
504080 - MegaRAID SAS 1078 tape I/O errors when using mt erase
504156 - rtl8139 doesn't work with bonding in alb mode [rhel-4.9]
504279 - [RHEL 4] Lookups due to infinite loops in posix_locks_deadlock
504593 - LRO patch to 4.7 breaks SANGOMA WANPIPE drivers build
504778 - FEAT RHEL4.9: Support new PCI IDS to support VX800 in via82cxxx
504988 - [RHEL4 Xen]: i386 Guest crash when host has >= 64G RAM
505081 - [RHEL4.8 Xen]: Xenbus warnings in a FV guest on shutdown
505122 - Make Aborted Command (internal target failure) retryable at SCSI layer
(sense B 44 00)
505506 - RHEL4.8: crash in do_cciss_request()
505591 - Bug in lockd prevents a locks being freed.
506875 - kernel: ptrace: don't use REMOVE_LINKS/SET_LINKS for reparenting
[rhel-4.9]
507527 - NFSD returns NFS4_OK when the owner opens a file with permission set
to 000
507847 - Balloon driver gives up too easily when ballooning up under memory
pressure
507951 - [4.8]Kernel can not increase the counter of Icmp6OutDestUnreachs when
forwarding packet with address unreachable.
509220 - i386 rhel4.8 kvm guests crashes in virtio during installation
509627 - kernel: fd leak if pipe() is called with an invalid address [rhel-4.9]
509816 - cciss: spinlock deadlock causes NMI on HP systems
510184 - NFSD returns NFS4_OK(0) when OPEN with access==read/write on a
read-denied/write-denied file
510395 - num_mtt settings of 2097152 fails in RHEL with infiniband HCA
510454 - [IPv6] No fragment header in ICMPv6 reply after packet_too_big message
511183 - kernel: build with -fno-delete-null-pointer-checks [rhel-4.9]
512641 - kernel: security: implement mmap_min_addr infrastructure [rhel-4.9]
514684 - NFS: mounted NFSv4/krb5 export inaccessible following an NFS server
reboot
515274 - /proc/net/dev sometimes contains bogus values (BCM5706)
516076 - netconsole on e1000 cause "Badness in local_bh_enable at
kernel/softirq.c:141"
516742 - CIFS - crash in small_smb_init
517162 - cthon test5 failing on nfsv4 with rhel6 client vs. rhel4 server
517329 - [RHEL4.8] igb driver doesn't allocate enough buffer for
ethtool_get_strings()
517523 - get_partstats() returns NULL and causes panic
520018 - statfs on NFS partition always returns 0
520299 - kernel: ipv4: make ip_append_data() handle NULL routing table
[rhel-4.9]
522000 - [RFE ] Connlimit kernel module support [rhel-4.9]
523983 - kernel: ipt_recent: sanity check hit count [rhel-4.9]
524884 - reading from /proc/net/ip_conntrack returns ENOSPC
525398 - RHEL4: Unable to write to file as non-root user with setuid and setgid
bit set
525941 - OOM on i686 kernel-smp
527656 - bnx2x fails when iptables is on
528066 - [Cisco/LSI 4.9 bug] mptctl module dereferences a userspace address,
triggering a crash
529063 - qla2xxx flash programming changes in 4.8 broke diskdump
531914 - [4.6] TCP conntrack doesn't handle half-open state connection
correctly
532045 - SCTP Messages out of order
532593 - Upgrade from RHEL4U7 to U8 fails to bring up networking with forcedeth
driver. [simple patch]
532858 - IBM HS22: SOL drops on bnx2 driver load
533299 - scsi device add/remove panic at sysfs_hash_and_remove
537475 - Write barrier operations not working for libata and general SCSI disks
539506 - [4.7] wait4 blocks on non-existing pid
541538 - [RHEL4 Xen]: PV guest crash on poweroff
543823 - [RHEL4]: A new xenfb thread is created on every save/restore
546251 - [RHEL4.5] select() cannot return in UDP/UNIX domain socket
546324 - TCP receive window clamping problem
547213 - ext2online resize hangs
548496 - [Emulex 4.9 bug] lpfc driver doesn't acquire lock when searching
hba for target
552953 - "forcedeth" driver issue: eth0 fails to get ip address on boot
with RHEL4 kernel
557122 - No output of xmit_hash_policy on IEEE 802.3ad Bonding
557380 - Kernel panic due to recursive lock in 3c59x driver.
558607 - e1000e: wol is broken in kernel 2.6.9-89.19
561108 - platform:ahern:rmmod hangs at 100% cpu removing usbnet module
562949 - problems with aliased dentries and case-insensitivity in CIFS readdir
code
563920 - Please implement upstream fix for potential filesystem corruption bug
568271 - [QLogic 4.9 bug] qla2xxx: Fix srb cache destroy issue on driver unload
and FDMI registration issue (8.02.10.01.04.09-d)
569668 - [RHEL4] boot hangs if scsi read capacity fails on faulty non system
drive
577178 - megaraid_sas: fix physical disk handling
577378 - NFSv3 file attributes are not updated by READDIRPLUS reply
585430 - Add log message for unhandled sense error REPORTED_LUNS_DATA_CHANGED
589897 - Lost the network in a KVM VM on top of 4.9
591938 - cifs: busy file renames across directories should fail with error
594633 - kernel: security: testing the wrong variable in create_by_name()
[rhel-4.9]
604786 - second cifs mount to samba server fails when samba using security=ADS
605455 - EXT3-fs error: do_get_write_access: OOM for frozen_buffer
607261 - Read from /proc/xen/xenbus does not honor O_NONBLOCK
607533 - Vhost:Fail to transfer file between two guests in same vlan
610236 - [4u8] Bonding in ALB mode sends ARP in loop
614559 - sky2 issue with 4.8 kernel
620485 - system crashes due to corrupt net_device_wrapper structure
621209 - [4u9] bonding: fix a race condition in calls to slave MII ioctls
623265 - bnx2: panic in bnx2_poll_work()
624117 - recording fails when usb audio device is connected to EHCI controller
(ehci_hcd)
624713 - [RHEL4] Problems with aacraid - File system going into read-only.
629143 - Assertion failure in ext3_put_super() at fs/ext3/super.c:426:
"list_empty(&sbi->s_orphan)"
630564 - kernel: additional stack guard patches [rhel-4.9]
634632 - nfs4_reclaim_open_state: unhandled error -5. Zeroing state
637556 - Bonded interface doesn't issue IGMP report (join) on slave
interface during failover
637658 - [RHEL 4.8] 32-bit pvhvm guest on 64-bit host crash w/xm mem-set
640803 - [RHEL4.8.z] soft lockup on vlan with bonding in balance-alb mode
641112 - bonding does not switch to slave
643992 - Kernel maintainer's bz for spec file changes
645220 - [RFE] kernel: modules: sysctl to block module loading [rhel-4.9]
645633 - temporary loss of path to SAN results in persistent EIO with msync
647187 - [netfront] ethtool -i should return proper information for netfront
device
647196 - RFE: Virtio nic should support "ethtool -i virtio nic"
651334 - RHEL4.9: EHCI: AMD periodic frame list table quirk
653252 - kernel: restrict unprivileged access to kernel syslog [rhel-4.9]
653505 - [4.9 Regression] network is lost after balloon-up fails
658824 - The USB storage cannot use >2TB.
662839 - [REG][4.9] Filesystem corruption happens on ext2 filesystem
667615 - CVE-2010-4527 kernel: buffer overflow in OSS load_mixer_volumes
672398 - CVE-2011-0521 kernel: av7110 negative array offset
672428 - CVE-2010-4655 kernel: heap contents leak for CAP_NET_ADMIN via ethtool
ioctl
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-100.EL.src.rpm
i386:
kernel-2.6.9-100.EL.i686.rpm
kernel-debuginfo-2.6.9-100.EL.i686.rpm
kernel-devel-2.6.9-100.EL.i686.rpm
kernel-hugemem-2.6.9-100.EL.i686.rpm
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm
kernel-smp-2.6.9-100.EL.i686.rpm
kernel-smp-devel-2.6.9-100.EL.i686.rpm
kernel-xenU-2.6.9-100.EL.i686.rpm
kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64:
kernel-2.6.9-100.EL.ia64.rpm
kernel-debuginfo-2.6.9-100.EL.ia64.rpm
kernel-devel-2.6.9-100.EL.ia64.rpm
kernel-largesmp-2.6.9-100.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-100.EL.noarch.rpm
ppc:
kernel-2.6.9-100.EL.ppc64.rpm
kernel-2.6.9-100.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-100.EL.ppc64.rpm
kernel-debuginfo-2.6.9-100.EL.ppc64iseries.rpm
kernel-devel-2.6.9-100.EL.ppc64.rpm
kernel-devel-2.6.9-100.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-100.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-100.EL.ppc64.rpm
s390:
kernel-2.6.9-100.EL.s390.rpm
kernel-debuginfo-2.6.9-100.EL.s390.rpm
kernel-devel-2.6.9-100.EL.s390.rpm
s390x:
kernel-2.6.9-100.EL.s390x.rpm
kernel-debuginfo-2.6.9-100.EL.s390x.rpm
kernel-devel-2.6.9-100.EL.s390x.rpm
x86_64:
kernel-2.6.9-100.EL.x86_64.rpm
kernel-debuginfo-2.6.9-100.EL.x86_64.rpm
kernel-devel-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm
kernel-smp-2.6.9-100.EL.x86_64.rpm
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm
kernel-xenU-2.6.9-100.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
kernel-2.6.9-100.EL.src.rpm
i386:
kernel-2.6.9-100.EL.i686.rpm
kernel-debuginfo-2.6.9-100.EL.i686.rpm
kernel-devel-2.6.9-100.EL.i686.rpm
kernel-hugemem-2.6.9-100.EL.i686.rpm
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm
kernel-smp-2.6.9-100.EL.i686.rpm
kernel-smp-devel-2.6.9-100.EL.i686.rpm
kernel-xenU-2.6.9-100.EL.i686.rpm
kernel-xenU-devel-2.6.9-100.EL.i686.rpm
noarch:
kernel-doc-2.6.9-100.EL.noarch.rpm
x86_64:
kernel-2.6.9-100.EL.x86_64.rpm
kernel-debuginfo-2.6.9-100.EL.x86_64.rpm
kernel-devel-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm
kernel-smp-2.6.9-100.EL.x86_64.rpm
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm
kernel-xenU-2.6.9-100.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-100.EL.src.rpm
i386:
kernel-2.6.9-100.EL.i686.rpm
kernel-debuginfo-2.6.9-100.EL.i686.rpm
kernel-devel-2.6.9-100.EL.i686.rpm
kernel-hugemem-2.6.9-100.EL.i686.rpm
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm
kernel-smp-2.6.9-100.EL.i686.rpm
kernel-smp-devel-2.6.9-100.EL.i686.rpm
kernel-xenU-2.6.9-100.EL.i686.rpm
kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64:
kernel-2.6.9-100.EL.ia64.rpm
kernel-debuginfo-2.6.9-100.EL.ia64.rpm
kernel-devel-2.6.9-100.EL.ia64.rpm
kernel-largesmp-2.6.9-100.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-100.EL.noarch.rpm
x86_64:
kernel-2.6.9-100.EL.x86_64.rpm
kernel-debuginfo-2.6.9-100.EL.x86_64.rpm
kernel-devel-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm
kernel-smp-2.6.9-100.EL.x86_64.rpm
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm
kernel-xenU-2.6.9-100.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-100.EL.src.rpm
i386:
kernel-2.6.9-100.EL.i686.rpm
kernel-debuginfo-2.6.9-100.EL.i686.rpm
kernel-devel-2.6.9-100.EL.i686.rpm
kernel-hugemem-2.6.9-100.EL.i686.rpm
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm
kernel-smp-2.6.9-100.EL.i686.rpm
kernel-smp-devel-2.6.9-100.EL.i686.rpm
kernel-xenU-2.6.9-100.EL.i686.rpm
kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64:
kernel-2.6.9-100.EL.ia64.rpm
kernel-debuginfo-2.6.9-100.EL.ia64.rpm
kernel-devel-2.6.9-100.EL.ia64.rpm
kernel-largesmp-2.6.9-100.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-100.EL.noarch.rpm
x86_64:
kernel-2.6.9-100.EL.x86_64.rpm
kernel-debuginfo-2.6.9-100.EL.x86_64.rpm
kernel-devel-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm
kernel-smp-2.6.9-100.EL.x86_64.rpm
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm
kernel-xenU-2.6.9-100.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-4527.html
https://www.redhat.com/security/data/cve/CVE-2010-4655.html
https://www.redhat.com/security/data/cve/CVE-2011-0521.html
https://access.redhat.com/security/updates/classification/#important
index.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFNW/dwXlSAg2UNWIIRAqY/AKC5TqPxUUfq1EKBKKmDP2IUDENX/QCfaYo6
CLBnfRP4gb/k0StaMyPPPxQ=
=pnRI
-----END PGP SIGNATURE-----
--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
