RHSA-2009:1106: Important: kernel security and bug fix update

First published: Tue Jun 16 2009(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>Security fixes:<br><li> several flaws were found in the way the Linux kernel CIFS implementation</li> handles Unicode strings. CIFS clients convert Unicode strings sent by a<br>server to their local character sets, and then write those strings into<br>memory. If a malicious server sent a long enough string, it could write<br>past the end of the target memory region and corrupt other memory areas,<br>possibly leading to a denial of service or privilege escalation on the<br>client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)<br><li> the Linux kernel Network File System daemon (nfsd) implementation did not</li> drop the CAP_MKNOD capability when handling requests from local,<br>unprivileged users. This flaw could possibly lead to an information leak or<br>privilege escalation. (CVE-2009-1072, Moderate)<br><li> Frank Filz reported the NFSv4 client was missing a file permission check</li> for the execute bit in some situations. This could allow local,<br>unprivileged users to run non-executable files on NFSv4 mounted file<br>systems. (CVE-2009-1630, Moderate)<br><li> a missing check was found in the hypervisor_callback() function in the</li> Linux kernel provided by the kernel-xen package. This could cause a denial<br>of service of a 32-bit guest if an application running in that guest<br>accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)<br><li> a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and</li> agp_generic_alloc_pages() functions did not zero out the memory pages they<br>allocate, which may later be available to user-space processes. This flaw<br>could possibly lead to an information leak. (CVE-2009-1192, Low)<br>Bug fixes:<br><li> a race in the NFS client between destroying cached access rights and</li> unmounting an NFS file system could have caused a system crash. "Busy<br>inodes" messages may have been logged. (BZ#498653)<br><li> nanosleep() could sleep several milliseconds less than the specified time</li> on Intel Itanium(r)-based systems. (BZ#500349)<br><li> LEDs for disk drives in AHCI mode may have displayed a fault state when</li> there were no faults. (BZ#500120)<br><li> ptrace_do_wait() reported tasks were stopped each time the process doing</li> the trace called wait(), instead of reporting it once. (BZ#486945)<br><li> epoll_wait() may have caused a system lockup and problems for</li> applications. (BZ#497322)<br><li> missing capabilities could possibly allow users with an fsuid other than</li> 0 to perform actions on some file system types that would otherwise be<br>prevented. (BZ#497271)<br><li> on NFS mounted file systems, heavy write loads may have blocked</li> nfs_getattr() for long periods, causing commands that use stat(2), such as<br>ls, to hang. (BZ#486926)<br><li> in rare circumstances, if an application performed multiple O_DIRECT</li> reads per virtual memory page and also performed fork(2), the buffer<br>storing the result of the I/O may have ended up with invalid data.<br>(BZ#486921)<br><li> when using GFS2, gfs2_quotad may have entered an uninterpretable sleep</li> state. (BZ#501742)<br><li> with this update, get_random_int() is more random and no longer uses a</li> common seed value, reducing the possibility of predicting the values<br>returned. (BZ#499783)<br><li> the "-fwrapv" flag was added to the gcc build options to prevent gcc from</li> optimizing away wrapping. (BZ#501751)<br><li> a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)</li> <li> using the Broadcom NetXtreme BCM5704 network device with the tg3 driver</li> caused high system load and very bad performance. (BZ#502837)<br><li> "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes</li> able to use the ptrace() call on a given process; however, certain<br>information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used<br>to reconstruct memory maps. (BZ#499546)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/references
• agent/title
• agent/severity
• agent/description
• agent/remedy
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:1106
• agent/software-canonical-lookup
• agent/event
• agent/trending
• agent/tags
• agent/source
• package-manager/redhat