RHSA-2006:0437: Updated kernel packages for Red Hat Enterprise Linux 3 Update 8

First published: Thu Jul 20 2006(Updated: )

The Linux kernel handles the basic functions of the operating system.<br>This is the eighth regular kernel update to Red Hat Enterprise Linux 3.<br>New features introduced by this update include:<br><li> addition of the adp94xx and dcdbas device drivers </li> <li> diskdump support on megaraid_sas, qlogic, and swap partitions </li> <li> support for new hardware via driver and SCSI white-list updates </li> There were many bug fixes in various parts of the kernel. The ongoing<br>effort to resolve these problems has resulted in a marked improvement in<br>the reliability and scalability of Red Hat Enterprise Linux 3.<br>There were numerous driver updates and security fixes (elaborated below).<br>Other key areas affected by fixes in this update include the networking<br>subsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems,<br>and architecture-specific handling affecting AMD Opteron and Intel EM64T<br>processors.<br>The following device drivers have been added or upgraded to new versions:<br>adp94xx -------- 1.0.8 (new)<br> bnx2 ----------- 1.4.38<br> cciss ---------- 2.4.60.RH1<br> dcdbas --------- 5.6.0-1 (new)<br> e1000 ---------- 7.0.33-k2<br> emulex --------- 7.3.6<br> forcedeth ------ 0.30<br> ipmi ----------- 35.13<br> qlogic --------- 7.07.04b6<br> tg3 ------------ 3.52RH<br>The following security bugs were fixed in this update:<br><li> a flaw in the USB devio handling of device removal that allowed a </li> local user to cause a denial of service (crash) (CVE-2005-3055,<br> moderate)<br><li> a flaw in the exec() handling of multi-threaded tasks using ptrace() </li> that allowed a local user to cause a denial of service (hang of a<br> user process) (CVE-2005-3107, low)<br><li> a difference in "sysretq" operation of EM64T (as opposed to Opteron) </li> processors that allowed a local user to cause a denial of service<br> (crash) upon return from certain system calls (CVE-2006-0741 and<br> CVE-2006-0744, important)<br><li> a flaw in unaligned accesses handling on Intel Itanium processors </li> that allowed a local user to cause a denial of service (crash)<br> (CVE-2006-0742, important)<br><li> an info leak on AMD-based x86 and x86_64 systems that allowed a local </li> user to retrieve the floating point exception state of a process<br> run by a different user (CVE-2006-1056, important)<br><li> a flaw in IPv4 packet output handling that allowed a remote user to </li> bypass the zero IP ID countermeasure on systems with a disabled<br> firewall (CVE-2006-1242, low)<br><li> a minor info leak in socket option handling in the network code </li> (CVE-2006-1343, low)<br><li> a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT </li> processing that allowed a remote user to cause a denial of service<br> (crash) or potential memory corruption (CVE-2006-2444, moderate)<br>Note: The kernel-unsupported package contains various drivers and modules<br>that are unsupported and therefore might contain security problems that<br>have not been addressed.<br>All Red Hat Enterprise Linux 3 users are advised to upgrade their<br>kernels to the packages associated with their machine architectures<br>and configurations as listed in this erratum.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2006:0437
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type