RHSA-2008:0972: Important: kernel security and bug fix update

First published: Wed Nov 19 2008(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> a flaw was found in the Linux kernel's Direct-IO implementation. This</li> could have allowed a local unprivileged user to cause a denial of service.<br>(CVE-2007-6716, Important)<br><li> when running ptrace in 31-bit mode on an IBM S/390 or IBM System z</li> kernel, a local unprivileged user could cause a denial of service by<br>reading from or writing into a padding area in the user_regs_struct32<br>structure. (CVE-2008-1514, Important)<br><li> the do_truncate() and generic_file_splice_write() functions did not clear</li> the setuid and setgid bits. This could have allowed a local unprivileged<br>user to obtain access to privileged information. (CVE-2008-4210, Important)<br><li> Tobias Klein reported a missing check in the Linux kernel's Open Sound</li> System (OSS) implementation. This deficiency could have led to an<br>information leak. (CVE-2008-3272, Moderate)<br><li> a potential denial of service attack was discovered in the Linux kernel's</li> PWC USB video driver. A local unprivileged user could have used this flaw<br>to bring the kernel USB subsystem into the busy-waiting state.<br>(CVE-2007-5093, Low)<br><li> the ext2 and ext3 file systems code failed to properly handle corrupted</li> data structures, leading to a possible local denial of service issue when<br>read or write operations were performed. (CVE-2008-3528, Low)<br>In addition, these updated packages fix the following bugs:<br><li> when using the CIFS "forcedirectio" option, appending to an open file on</li> a CIFS share resulted in that file being overwritten with the data to be<br>appended.<br><li> a kernel panic occurred when a device with PCI ID 8086:10c8 was present</li> on a system with a loaded ixgbe driver.<br><li> due to an aacraid driver regression, the kernel failed to boot when trying</li> to load the aacraid driver and printed the following error message:<br>"aac_srb: aac_fib_send failed with status: 8195".<br><li> due to an mpt driver regression, when RAID 1 was configured on Primergy</li> systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked<br>during boot.<br><li> the mpt driver produced a large number of extraneous debugging messages</li> when performing a "Host reset" operation.<br><li> due to a regression in the sym driver, the kernel panicked when a SCSI</li> hot swap was performed using MCP18 hardware.<br><li> all cores on a multi-core system now scale their frequencies in</li> accordance with the policy set by the system's CPU frequency governor.<br><li> the netdump subsystem suffered from several stability issues. These are</li> addressed in this updated kernel.<br><li> under certain conditions, the ext3 file system reported a negative count</li> of used blocks.<br><li> reading /proc/self/mem incorrectly returned "Invalid argument" instead of</li> "input/output error" due to a regression.<br><li> under certain conditions, the kernel panicked when a USB device was</li> removed while the system was busy accessing the device.<br><li> a race condition in the kernel could have led to a kernel crash during</li> the creation of a new process.<br>All Red Hat Enterprise Linux 4 Users should upgrade to these updated<br>packages, which contain backported patches to correct these issues.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2008:0972
• agent/severity
• agent/references
• agent/type
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/title
• agent/weakness
• agent/remedy
• agent/description
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/red hat
• canonical/red hat enterprise linux
• vendor/linux
• canonical/linux kernel