RHSA-2008:0585: Important: kernel security and bug fix update
First published: Tue Aug 26 2008(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> the possibility of a timeout value overflow was found in the Linux kernel</li> high-resolution timers functionality, hrtimer. This could allow a local<br>unprivileged user to execute arbitrary code, or cause a denial of service<br>(kernel panic). (CVE-2007-5966, Important)<br><li> the possibility of a kernel crash was found in the Linux kernel IPsec</li> protocol implementation, due to improper handling of fragmented ESP<br>packets. When an attacker controlling an intermediate router fragmented<br>these packets into very small pieces, it would cause a kernel crash on the<br>receiving node during packet reassembly. (CVE-2007-6282, Important)<br><li> on 64-bit architectures, the possibility of a timer-expiration value</li> overflow was found in the Linux kernel high-resolution timers<br>functionality, hrtimer. This could allow a local unprivileged user to set<br>up a large interval value, forcing the timer expiry value to become<br>negative, causing a denial of service (kernel hang). <br>(CVE-2007-6712, Important)<br><li> on AMD64 architectures, the possibility of a kernel crash was discovered</li> by testing the Linux kernel process-trace ability. This could allow a local<br>unprivileged user to cause a denial of service (kernel crash).<br>(CVE-2008-1615, Important)<br><li> a possible kernel memory leak was found in the Linux kernel Simple</li> Internet Transition (SIT) INET6 implementation. This could allow a local<br>unprivileged user to cause a denial of service. (CVE-2008-2136, Important)<br><li> a flaw was found in the Linux kernel utimensat system call. File</li> permissions were not checked when UTIME_NOW and UTIME_OMIT combinations<br>were used. This could allow a local unprivileged user to modify file times<br>of arbitrary files, possibly leading to a denial of service.<br>(CVE-2008-2148, Important)<br><li> a security flaw was found in the Linux kernel memory copy routines, when</li> running on certain AMD64 architectures. If an unsuccessful attempt to copy<br>kernel memory from source to destination memory locations occurred, the<br>copy routines did not zero the content at the destination memory location.<br>This could allow a local unprivileged user to view potentially sensitive<br>data. (CVE-2008-2729, Important)<br><li> Gabriel Campana discovered a possible integer overflow flaw in the Linux </li> kernel Stream Control Transmission Protocol (SCTP) implementation. This<br>deficiency could lead to privilege escalation. (CVE-2008-2826, Important)<br><li> a deficiency was found in the Linux kernel virtual memory implementation.</li> This could allow a local unprivileged user to make a large number of calls<br>to the get_user_pages function, possibly causing a denial of service.<br>(CVE-2008-2372, Low)<br>Also, these updated packages fix the following bugs:<br><li> gdb set orig_rax to 0x00000000ffffffff, which is recognized by the</li> upstream kernel as "-1", but not by the Red Hat Enterprise MRG kernel.<br><li> if the POSIX timer was programmed to fire immediately, the timer's</li> signal was sometimes not delivered (timer does not fire).<br><li> rwlock caused crashes and application hangs.</li> <li> running oprofile caused system panics.</li> <li> threads releasing a mutex may have received an EPERM error.</li> <li> booting the RT kernel with the "nmi_watchdog=2" kernel option caused a</li> kernel panic, and an "Unable to handle kernel paging request" error.<br><li> "echo 0 > /sys/devices/system/cpu/cpu1/online" caused crashes.</li> <li> a crash on a JTC machine.</li> <li> added a new "FUTEX_WAIT_BITSET" system call, identical to FUTEX_WAIT,</li> that accepts absolute time as a timeout.<br>Red Hat Enterprise MRG 1.0 users are advised to upgrade to these updated<br>packages, which contain backported patches to resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=404291
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=429290
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431430
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=439999
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=446031
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=446060
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=446397
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=446777
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=449676
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=451271
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=452478
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=452666
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=452692
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=452693
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=452974
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=453135
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=453677
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=454913
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=455275
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=455747
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2008:0585 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0585