First published: Tue Dec 16 2008(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update addresses the following security issues:<br><li> Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and</li> 64-bit emulation. This could allow a local, unprivileged user to prepare<br>and run a specially-crafted binary which would use this deficiency to leak<br>uninitialized and potentially sensitive data. (CVE-2008-0598, Important)<br><li> a possible kernel memory leak was found in the Linux kernel Simple</li> Internet Transition (SIT) INET6 implementation. This could allow a local,<br>unprivileged user to cause a denial of service. (CVE-2008-2136, Important)<br><li> missing capability checks were found in the SBNI WAN driver which could</li> allow a local user to bypass intended capability restrictions.<br>(CVE-2008-3525, Important)<br><li> the do_truncate() and generic_file_splice_write() functions did not clear</li> the setuid and setgid bits. This could allow a local, unprivileged user to<br>obtain access to privileged information. (CVE-2008-4210, Important)<br><li> a buffer overflow flaw was found in Integrated Services Digital Network</li> (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a<br>denial of service. (CVE-2007-6063, Moderate)<br><li> multiple NULL pointer dereferences were found in various Linux kernel</li> network drivers. These drivers were missing checks for terminal validity,<br>which could allow privilege escalation. (CVE-2008-2812, Moderate)<br><li> a deficiency was found in the Linux kernel virtual filesystem (VFS)</li> implementation. This could allow a local, unprivileged user to attempt file<br>creation within deleted directories, possibly causing a denial of service.<br>(CVE-2008-3275, Moderate)<br>This update also fixes the following bugs:<br><li> the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap()</li> was used where kunmap_atomic() should have been. As a consequence, if an<br>NFSv2 or NFSv3 server exported a volume containing a symlink which included<br>a path equal to or longer than the local system's PATH_MAX, accessing the<br>link caused a kernel oops. This has been corrected in this update.<br><li> mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a</li> pointer. This caused a kernel panic in mptctl_gettargetinfo in some<br>circumstances. A check has been added which prevents this.<br><li> lost tick compensation code in the timer interrupt routine triggered</li> without apparent cause. When running as a fully-virtualized client, this<br>spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3<br>to present highly inaccurate times. With this update the lost tick<br>compensation code is turned off when the operating system is running as a<br>fully-virtualized client under Xen or VMWare®.<br>All Red Hat Enterprise Linux 3 users should install this updated kernel<br>which addresses these vulnerabilities and fixes these bugs.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.