-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Enterprise Linux 4.9 kernel security and bug fix update Advisory ID: RHSA-2011:0263-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0263.html Issue date: 2011-02-16 CVE Names: CVE-2010-4527 CVE-2010-4655 CVE-2011-0521 =====================================================================
1. Summary:
Updated kernel packages that fix three security issues, hundreds of bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the ninth regular update.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* A buffer overflow flaw was found in the load_mixer_volumes() function in the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4527, Important)
* A missing boundary check was found in the dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important)
* A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and Kees Cook for reporting CVE-2010-4655.
These updated kernel packages also fix hundreds of bugs and add numerous enhancements. For details on individual bug fixes and enhancements included in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes, linked to in the References section.
Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259
To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.
5. Bugs fixed (http://bugzilla.redhat.com/):
176848 - NLM: Fix Oops in nlmclnt_mark_reclaim() 189918 - kernel: serious ugliness in iget() uses by nfsd [rhel-4.9] 217829 - Powernow driver does not work properly with different voltage CPUs 247116 - RFE: Add debug to bonding driver as module option 396631 - Increase timeout for device connection on boot 427998 - RHEL4: Can enter no tick idle mode with RCU pending leading to hang 445957 - Change "decode_getfattr: xdr error %d!" to dprintk 456047 - Kernel Panic at end_bio_bh_io_sync+44 456649 - xenbus suspend_mutex remains locked after transaction failure 457519 - groups_search() cannot handle large gid correctly 459466 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [rhel-4.8] 459499 - proc_loginuid_write() uses simple_strtoul() on non-terminated array 461038 - el4u5 pv guest user coredump crashing system 462717 - IPVS wrr scheduler bug 472752 - BUG() in end_buffer_async_write() 476700 - Loss of USB HID devices when switching with a KVM 479090 - Panic in do_cciss_intr removeQ 479264 - [RHEL4] lost siginfo when a signal queue is full 480404 - kernel BUG at fs/mpage.c:417! 480937 - RHEL-4: Deadlock in Xen netfront driver. 481292 - [RHEL4.7] Original ether's status is keeping PROMISC MULTICAST mode 481371 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds 483783 - kernel hid-input.c divide error crash 484415 - CCISS device-mapper-multipath support: missing sysfs attributes 485904 - [RHEL4] Netfilter modules unloading hangs 488931 - ACLs on NFS mounted directories disappear 490148 - Xen domU, RAID1, LVM, iscsi target export with blockio bug 491284 - [x86_64]: copy_user_c can zero more data than needed 492868 - Xen guest kernel advertises absolute mouse pointer feature which it is incapable of setting up correctly 493780 - EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang) 494404 - [RHEL4.5] Even if a process have received data but schedule() in select() cannot return 494688 - e1000e: sporadic hang in netdump 495858 - show_partition() oops when race with rescan_partitions(). 496201 - [RHEL4] Nscd consumes many cpu resources ( nearly 100% ) continuously. 496205 - PVFB frontend can send bogus screen updates 496206 - xenkbd can crash when probe fails 496209 - PVFB frontend mouse wheel support 498012 - Bonding driver updelay parameter actual behavior doesn't match documented behavior 499355 - e1000_clean_tx_irq: Detected Tx Unit Hang 499548 - kernel: proc: avoid information leaks to non-privileged processes [rhel-4.9] 499848 - [RHEL4-U8] Kernel - testing NMI watchdog ... CPU#0: NMI appears to be stuck (0)! 500637 - A bond's preferred primary setting is lost after bringing down and up of the primary slave. 500889 - Various IPv4/v6 SNMP counter fixes 500904 - renaming file on a share w/o write permissions causes oops 501064 - [Stratus 4.9 bug] panic reading /proc/bus/input/devices during input device removal 501335 - oops in nfs4_put_open_state 501500 - oops in nfsd_svc after forced unmount of stale nfs4 filesystem and reboot 501844 - kernel: random: ICE at get_random_int() [rhel-4.3] 502473 - Failure logging execve with lots of arguments 502884 - NFSv4 Issue/slowdown when testing against the NetApp server 503489 - [NetApp 4.8 bug] Issues with "qioctlmod" module on RHEL4.8 hosts with QLogic FC inbox drivers 503762 - Adding bonding in balance-alb mode to bridge cause network connectivity to be lost [rhel-4.9] 504080 - MegaRAID SAS 1078 tape I/O errors when using mt erase 504156 - rtl8139 doesn't work with bonding in alb mode [rhel-4.9] 504279 - [RHEL 4] Lookups due to infinite loops in posix_locks_deadlock 504593 - LRO patch to 4.7 breaks SANGOMA WANPIPE drivers build 504778 - FEAT RHEL4.9: Support new PCI IDS to support VX800 in via82cxxx 504988 - [RHEL4 Xen]: i386 Guest crash when host has >= 64G RAM 505081 - [RHEL4.8 Xen]: Xenbus warnings in a FV guest on shutdown 505122 - Make Aborted Command (internal target failure) retryable at SCSI layer (sense B 44 00) 505506 - RHEL4.8: crash in do_cciss_request() 505591 - Bug in lockd prevents a locks being freed. 506875 - kernel: ptrace: don't use REMOVE_LINKS/SET_LINKS for reparenting [rhel-4.9] 507527 - NFSD returns NFS4_OK when the owner opens a file with permission set to 000 507847 - Balloon driver gives up too easily when ballooning up under memory pressure 507951 - [4.8]Kernel can not increase the counter of Icmp6OutDestUnreachs when forwarding packet with address unreachable. 509220 - i386 rhel4.8 kvm guests crashes in virtio during installation 509627 - kernel: fd leak if pipe() is called with an invalid address [rhel-4.9] 509816 - cciss: spinlock deadlock causes NMI on HP systems 510184 - NFSD returns NFS4_OK(0) when OPEN with access==read/write on a read-denied/write-denied file 510395 - num_mtt settings of 2097152 fails in RHEL with infiniband HCA 510454 - [IPv6] No fragment header in ICMPv6 reply after packet_too_big message 511183 - kernel: build with -fno-delete-null-pointer-checks [rhel-4.9] 512641 - kernel: security: implement mmap_min_addr infrastructure [rhel-4.9] 514684 - NFS: mounted NFSv4/krb5 export inaccessible following an NFS server reboot 515274 - /proc/net/dev sometimes contains bogus values (BCM5706) 516076 - netconsole on e1000 cause "Badness in local_bh_enable at kernel/softirq.c:141" 516742 - CIFS - crash in small_smb_init 517162 - cthon test5 failing on nfsv4 with rhel6 client vs. rhel4 server 517329 - [RHEL4.8] igb driver doesn't allocate enough buffer for ethtool_get_strings() 517523 - get_partstats() returns NULL and causes panic 520018 - statfs on NFS partition always returns 0 520299 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-4.9] 522000 - [RFE ] Connlimit kernel module support [rhel-4.9] 523983 - kernel: ipt_recent: sanity check hit count [rhel-4.9] 524884 - reading from /proc/net/ip_conntrack returns ENOSPC 525398 - RHEL4: Unable to write to file as non-root user with setuid and setgid bit set 525941 - OOM on i686 kernel-smp 527656 - bnx2x fails when iptables is on 528066 - [Cisco/LSI 4.9 bug] mptctl module dereferences a userspace address, triggering a crash 529063 - qla2xxx flash programming changes in 4.8 broke diskdump 531914 - [4.6] TCP conntrack doesn't handle half-open state connection correctly 532045 - SCTP Messages out of order 532593 - Upgrade from RHEL4U7 to U8 fails to bring up networking with forcedeth driver. [simple patch] 532858 - IBM HS22: SOL drops on bnx2 driver load 533299 - scsi device add/remove panic at sysfs_hash_and_remove 537475 - Write barrier operations not working for libata and general SCSI disks 539506 - [4.7] wait4 blocks on non-existing pid 541538 - [RHEL4 Xen]: PV guest crash on poweroff 543823 - [RHEL4]: A new xenfb thread is created on every save/restore 546251 - [RHEL4.5] select() cannot return in UDP/UNIX domain socket 546324 - TCP receive window clamping problem 547213 - ext2online resize hangs 548496 - [Emulex 4.9 bug] lpfc driver doesn't acquire lock when searching hba for target 552953 - "forcedeth" driver issue: eth0 fails to get ip address on boot with RHEL4 kernel 557122 - No output of xmit_hash_policy on IEEE 802.3ad Bonding 557380 - Kernel panic due to recursive lock in 3c59x driver. 558607 - e1000e: wol is broken in kernel 2.6.9-89.19 561108 - platform:ahern:rmmod hangs at 100% cpu removing usbnet module 562949 - problems with aliased dentries and case-insensitivity in CIFS readdir code 563920 - Please implement upstream fix for potential filesystem corruption bug 568271 - [QLogic 4.9 bug] qla2xxx: Fix srb cache destroy issue on driver unload and FDMI registration issue (8.02.10.01.04.09-d) 569668 - [RHEL4] boot hangs if scsi read capacity fails on faulty non system drive 577178 - megaraid_sas: fix physical disk handling 577378 - NFSv3 file attributes are not updated by READDIRPLUS reply 585430 - Add log message for unhandled sense error REPORTED_LUNS_DATA_CHANGED 589897 - Lost the network in a KVM VM on top of 4.9 591938 - cifs: busy file renames across directories should fail with error 594633 - kernel: security: testing the wrong variable in create_by_name() [rhel-4.9] 604786 - second cifs mount to samba server fails when samba using security=ADS 605455 - EXT3-fs error: do_get_write_access: OOM for frozen_buffer 607261 - Read from /proc/xen/xenbus does not honor O_NONBLOCK 607533 - Vhost:Fail to transfer file between two guests in same vlan 610236 - [4u8] Bonding in ALB mode sends ARP in loop 614559 - sky2 issue with 4.8 kernel 620485 - system crashes due to corrupt net_device_wrapper structure 621209 - [4u9] bonding: fix a race condition in calls to slave MII ioctls 623265 - bnx2: panic in bnx2_poll_work() 624117 - recording fails when usb audio device is connected to EHCI controller (ehci_hcd) 624713 - [RHEL4] Problems with aacraid - File system going into read-only. 629143 - Assertion failure in ext3_put_super() at fs/ext3/super.c:426: "list_empty(&sbi->s_orphan)" 630564 - kernel: additional stack guard patches [rhel-4.9] 634632 - nfs4_reclaim_open_state: unhandled error -5. Zeroing state 637556 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover 637658 - [RHEL 4.8] 32-bit pvhvm guest on 64-bit host crash w/xm mem-set 640803 - [RHEL4.8.z] soft lockup on vlan with bonding in balance-alb mode 641112 - bonding does not switch to slave 643992 - Kernel maintainer's bz for spec file changes 645220 - [RFE] kernel: modules: sysctl to block module loading [rhel-4.9] 645633 - temporary loss of path to SAN results in persistent EIO with msync 647187 - [netfront] ethtool -i should return proper information for netfront device 647196 - RFE: Virtio nic should support "ethtool -i virtio nic" 651334 - RHEL4.9: EHCI: AMD periodic frame list table quirk 653252 - kernel: restrict unprivileged access to kernel syslog [rhel-4.9] 653505 - [4.9 Regression] network is lost after balloon-up fails 658824 - The USB storage cannot use >2TB. 662839 - [REG][4.9] Filesystem corruption happens on ext2 filesystem 667615 - CVE-2010-4527 kernel: buffer overflow in OSS load_mixer_volumes 672398 - CVE-2011-0521 kernel: av7110 negative array offset 672428 - CVE-2010-4655 kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-100.EL.src.rpm
i386: kernel-2.6.9-100.EL.i686.rpm kernel-debuginfo-2.6.9-100.EL.i686.rpm kernel-devel-2.6.9-100.EL.i686.rpm kernel-hugemem-2.6.9-100.EL.i686.rpm kernel-hugemem-devel-2.6.9-100.EL.i686.rpm kernel-smp-2.6.9-100.EL.i686.rpm kernel-smp-devel-2.6.9-100.EL.i686.rpm kernel-xenU-2.6.9-100.EL.i686.rpm kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64: kernel-2.6.9-100.EL.ia64.rpm kernel-debuginfo-2.6.9-100.EL.ia64.rpm kernel-devel-2.6.9-100.EL.ia64.rpm kernel-largesmp-2.6.9-100.EL.ia64.rpm kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch: kernel-doc-2.6.9-100.EL.noarch.rpm
ppc: kernel-2.6.9-100.EL.ppc64.rpm kernel-2.6.9-100.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-100.EL.ppc64.rpm kernel-debuginfo-2.6.9-100.EL.ppc64iseries.rpm kernel-devel-2.6.9-100.EL.ppc64.rpm kernel-devel-2.6.9-100.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-100.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-100.EL.ppc64.rpm
s390: kernel-2.6.9-100.EL.s390.rpm kernel-debuginfo-2.6.9-100.EL.s390.rpm kernel-devel-2.6.9-100.EL.s390.rpm
s390x: kernel-2.6.9-100.EL.s390x.rpm kernel-debuginfo-2.6.9-100.EL.s390x.rpm kernel-devel-2.6.9-100.EL.s390x.rpm
x86_64: kernel-2.6.9-100.EL.x86_64.rpm kernel-debuginfo-2.6.9-100.EL.x86_64.rpm kernel-devel-2.6.9-100.EL.x86_64.rpm kernel-largesmp-2.6.9-100.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm kernel-smp-2.6.9-100.EL.x86_64.rpm kernel-smp-devel-2.6.9-100.EL.x86_64.rpm kernel-xenU-2.6.9-100.EL.x86_64.rpm kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source: kernel-2.6.9-100.EL.src.rpm
i386: kernel-2.6.9-100.EL.i686.rpm kernel-debuginfo-2.6.9-100.EL.i686.rpm kernel-devel-2.6.9-100.EL.i686.rpm kernel-hugemem-2.6.9-100.EL.i686.rpm kernel-hugemem-devel-2.6.9-100.EL.i686.rpm kernel-smp-2.6.9-100.EL.i686.rpm kernel-smp-devel-2.6.9-100.EL.i686.rpm kernel-xenU-2.6.9-100.EL.i686.rpm kernel-xenU-devel-2.6.9-100.EL.i686.rpm
noarch: kernel-doc-2.6.9-100.EL.noarch.rpm
x86_64: kernel-2.6.9-100.EL.x86_64.rpm kernel-debuginfo-2.6.9-100.EL.x86_64.rpm kernel-devel-2.6.9-100.EL.x86_64.rpm kernel-largesmp-2.6.9-100.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm kernel-smp-2.6.9-100.EL.x86_64.rpm kernel-smp-devel-2.6.9-100.EL.x86_64.rpm kernel-xenU-2.6.9-100.EL.x86_64.rpm kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-100.EL.src.rpm
i386: kernel-2.6.9-100.EL.i686.rpm kernel-debuginfo-2.6.9-100.EL.i686.rpm kernel-devel-2.6.9-100.EL.i686.rpm kernel-hugemem-2.6.9-100.EL.i686.rpm kernel-hugemem-devel-2.6.9-100.EL.i686.rpm kernel-smp-2.6.9-100.EL.i686.rpm kernel-smp-devel-2.6.9-100.EL.i686.rpm kernel-xenU-2.6.9-100.EL.i686.rpm kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64: kernel-2.6.9-100.EL.ia64.rpm kernel-debuginfo-2.6.9-100.EL.ia64.rpm kernel-devel-2.6.9-100.EL.ia64.rpm kernel-largesmp-2.6.9-100.EL.ia64.rpm kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch: kernel-doc-2.6.9-100.EL.noarch.rpm
x86_64: kernel-2.6.9-100.EL.x86_64.rpm kernel-debuginfo-2.6.9-100.EL.x86_64.rpm kernel-devel-2.6.9-100.EL.x86_64.rpm kernel-largesmp-2.6.9-100.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm kernel-smp-2.6.9-100.EL.x86_64.rpm kernel-smp-devel-2.6.9-100.EL.x86_64.rpm kernel-xenU-2.6.9-100.EL.x86_64.rpm kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-100.EL.src.rpm
i386: kernel-2.6.9-100.EL.i686.rpm kernel-debuginfo-2.6.9-100.EL.i686.rpm kernel-devel-2.6.9-100.EL.i686.rpm kernel-hugemem-2.6.9-100.EL.i686.rpm kernel-hugemem-devel-2.6.9-100.EL.i686.rpm kernel-smp-2.6.9-100.EL.i686.rpm kernel-smp-devel-2.6.9-100.EL.i686.rpm kernel-xenU-2.6.9-100.EL.i686.rpm kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64: kernel-2.6.9-100.EL.ia64.rpm kernel-debuginfo-2.6.9-100.EL.ia64.rpm kernel-devel-2.6.9-100.EL.ia64.rpm kernel-largesmp-2.6.9-100.EL.ia64.rpm kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch: kernel-doc-2.6.9-100.EL.noarch.rpm
x86_64: kernel-2.6.9-100.EL.x86_64.rpm kernel-debuginfo-2.6.9-100.EL.x86_64.rpm kernel-devel-2.6.9-100.EL.x86_64.rpm kernel-largesmp-2.6.9-100.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm kernel-smp-2.6.9-100.EL.x86_64.rpm kernel-smp-devel-2.6.9-100.EL.x86_64.rpm kernel-xenU-2.6.9-100.EL.x86_64.rpm kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-4527.html https://www.redhat.com/security/data/cve/CVE-2010-4655.html https://www.redhat.com/security/data/cve/CVE-2011-0521.html https://access.redhat.com/security/updates/classification/#important index.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFNW/dwXlSAg2UNWIIRAqY/AKC5TqPxUUfq1EKBKKmDP2IUDENX/QCfaYo6 CLBnfRP4gb/k0StaMyPPPxQ= =pnRI -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|