RHSA-2009:0021: Important: kernel security update
First published: Tue Feb 24 2009(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update includes backported fixes for four security issues. These<br>issues only affected users of Red Hat Enterprise Linux 5.2 Extended Update<br>Support as they have already been addressed for users of Red Hat Enterprise<br>Linux 5 in the 5.3 update, RHSA-2009:0225.<br>In accordance with the support policy, future security updates to Red Hat<br>Enterprise Linux 5.2 Extended Update Support will only include issues of<br>critical security impact.<br><li> when fput() was called to close a socket, the __scm_destroy() function</li> in the Linux kernel could make indirect recursive calls to itself. This<br>could, potentially, lead to a denial of service issue. (CVE-2008-5029,<br>Important)<br><li> the sendmsg() function in the Linux kernel did not block during UNIX</li> socket garbage collection. This could, potentially, lead to a local denial<br>of service. (CVE-2008-5300, Important)<br><li> a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A</li> local, unprivileged user could use the flaw to listen on the same socket<br>more than once, possibly causing a denial of service. (CVE-2008-5079,<br>Important)<br><li> a race condition was found in the Linux kernel "inotify" watch removal</li> and umount implementation. This could allow a local, unprivileged user<br>to cause a privilege escalation or a denial of service. (CVE-2008-5182,<br>Important)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. Note: for this update to take effect, the<br>system must be rebooted.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=470201
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=472325
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473696
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2009:0021 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:0021