RHSA-2009:1081: Important: kernel-rt security and bug fix update
First published: Wed Jun 03 2009(Updated: )
The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> a buffer overflow flaw was found in the CIFSTCon() function of the Linux</li> kernel Common Internet File System (CIFS) implementation. When mounting a<br>CIFS share, a malicious server could send an overly-long string to the<br>client, possibly leading to a denial of service or privilege escalation on<br>the client mounting the CIFS share. (CVE-2009-1439, Important)<br><li> the Linux kernel Network File System daemon (nfsd) implementation did not</li> drop the CAP_MKNOD capability when handling requests from local,<br>unprivileged users. This flaw could possibly lead to an information leak or<br>privilege escalation. (CVE-2009-1072, Moderate)<br><li> a deficiency was found in the Linux kernel signals implementation. The</li> kill_something_info() function did not check if a process was outside the<br>caller's namespace before sending the kill signal, making it possible to<br>kill processes in all process ID (PID) namespaces, breaking PID namespace<br>isolation. (CVE-2009-1338, Moderate)<br><li> a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and</li> agp_generic_alloc_pages() functions did not zero out the memory pages they<br>allocate, which may later be available to user-space processes. This flaw<br>could possibly lead to an information leak. (CVE-2009-1192, Low)<br>These updated packages also fix the following bugs:<br><li> the "-fwrapv" flag was added to the gcc build options to prevent gcc from</li> optimizing away wrapping arithmetic, as optimizing away wrapping may lead<br>to unexpected results. (BZ#491264)<br><li> the bnx2x driver may have failed when highly-stressed by network</li> stress-tests, resulting in network access being unavailable. This driver<br>has been updated to resolve this issue. (BZ#495472)<br><li> the file system mask, which lists capabilities for users with a file</li> system user ID (fsuid) of 0, was missing the CAP_MKNOD and<br>CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with<br>an fsuid other than 0 to perform actions on some file system types that<br>would otherwise be prevented. This update adds these capabilities.<br>(BZ#497047)<br><li> "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes</li> able to use the ptrace() call on a given process; however, certain<br>information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used<br>to reconstruct memory maps, making it possible to bypass the Address Space<br>Layout Randomization (ASLR) security feature. This update addresses this<br>issue. (BZ#499550)<br><li> the get_random_int() function returned the same number until the jiffies</li> counter (which ticks at a clock interrupt frequency) or process ID (PID)<br>changed, making it possible to predict the random numbers. This may have<br>helped to bypass the ASLR security feature. With this update,<br>get_random_int() is more random and no longer uses a common seed value.<br>This reduces the possibility of predicting the values get_random_int()<br>returns. (BZ#499787)<br>All Red Hat Enterprise MRG users should upgrade to these updated packages,<br>which contain backported patches to resolve these issues. Note: The system<br>must be rebooted for this update to take effect.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=491264
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=491572
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494275
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495472
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496031
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=497020
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=497047
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=499550
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=499787
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2009:1081 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2009:1081?
RHSA-2009:1081 has a critical severity rating due to the identified buffer overflow vulnerabilities.
How do I fix RHSA-2009:1081?
To fix RHSA-2009:1081, you should apply the updated kernel-rt packages provided by Red Hat.
What systems are affected by RHSA-2009:1081?
The systems affected by RHSA-2009:1081 include any installations using the Red Hat Linux kernel.
What vulnerabilities are addressed in RHSA-2009:1081?
RHSA-2009:1081 addresses buffer overflow vulnerabilities found in the CIFSTCon() function of the CIFS implementation.
Is RHSA-2009:1081 related to Samba?
RHSA-2009:1081 is related to CIFS, which is a component of the Samba file sharing protocol.
- agent/severity
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1081
- agent/references
- agent/weakness
- agent/title
- agent/remedy
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat linux