RHSA-2008:0237: Important: kernel security and bug fix update
First published: Wed May 07 2008(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> the absence of a protection mechanism when attempting to access a</li> critical section of code has been found in the Linux kernel open file<br>descriptors control mechanism, fcntl. This could allow a local unprivileged<br>user to simultaneously execute code, which would otherwise be protected<br>against parallel execution. As well, a race condition when handling locks<br>in the Linux kernel fcntl functionality, may have allowed a process<br>belonging to a local unprivileged user to gain re-ordered access to the<br>descriptor table. (CVE-2008-1669, Important)<br><li> on AMD64 architectures, the possibility of a kernel crash was discovered</li> by testing the Linux kernel process-trace ability. This could allow a local<br>unprivileged user to cause a denial of service (kernel crash).<br>(CVE-2008-1615, Important)<br><li> the absence of a protection mechanism when attempting to access a</li> critical section of code, as well as a race condition, have been found<br>in the Linux kernel file system event notifier, dnotify. This could allow a<br>local unprivileged user to get inconsistent data, or to send arbitrary<br>signals to arbitrary system processes. (CVE-2008-1375, Important)<br>Red Hat would like to thank Nick Piggin for responsibly disclosing the<br>following issue:<br><li> when accessing kernel memory locations, certain Linux kernel drivers</li> registering a fault handler did not perform required range checks. A local<br>unprivileged user could use this flaw to gain read or write access to<br>arbitrary kernel memory, or possibly cause a kernel crash.<br>(CVE-2008-0007, Important)<br><li> the possibility of a kernel crash was found in the Linux kernel IPsec</li> protocol implementation, due to improper handling of fragmented ESP<br>packets. When an attacker controlling an intermediate router fragmented<br>these packets into very small pieces, it would cause a kernel crash on the<br>receiving node during packet reassembly. (CVE-2007-6282, Important)<br><li> a flaw in the MOXA serial driver could allow a local unprivileged user</li> to perform privileged operations, such as replacing firmware.<br>(CVE-2005-0504, Important)<br>As well, these updated packages fix the following bugs:<br><li> multiple buffer overflows in the neofb driver have been resolved. It was</li> not possible for an unprivileged user to exploit these issues, and as such,<br>they have not been handled as security issues.<br><li> a kernel panic, due to inconsistent detection of AGP aperture size, has</li> been resolved.<br><li> a race condition in UNIX domain sockets may have caused "recv()" to</li> return zero. In clustered configurations, this may have caused unexpected<br>failovers.<br><li> to prevent link storms, network link carrier events were delayed by up to</li> one second, causing unnecessary packet loss. Now, link carrier events are<br>scheduled immediately.<br><li> a client-side race on blocking locks caused large time delays on NFS file</li> systems.<br><li> in certain situations, the libATA sata_nv driver may have sent commands</li> with duplicate tags, which were rejected by SATA devices. This may have<br>caused infinite reboots.<br><li> running the "service network restart" command may have caused networking</li> to fail.<br><li> a bug in NFS caused cached information about directories to be stored</li> for too long, causing wrong attributes to be read.<br><li> on systems with a large highmem/lowmem ratio, NFS write performance may</li> have been very slow when using small files.<br><li> a bug, which caused network hangs when the system clock was wrapped</li> around zero, has been resolved.<br>Red Hat Enterprise Linux 4 users are advised to upgrade to these updated<br>packages, which contain backported patches to resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/weakness
- agent/severity
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/tags
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0237