- Vulnerability/
- RHSA-2009:1132
RHSA-2009:1132: Important: kernel security and bug fix update
First published: Tue Jun 30 2009(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> a flaw was found in the Intel PRO/1000 network driver in the Linux</li> kernel. Frames with sizes near the MTU of an interface may be split across<br>multiple hardware receive descriptors. Receipt of such a frame could leak<br>through a validation check, leading to a corruption of the length check. A<br>remote attacker could use this flaw to send a specially-crafted packet that<br>would cause a denial of service. (CVE-2009-1385, Important)<br><li> the Linux kernel Network File System daemon (nfsd) implementation did not</li> drop the CAP_MKNOD capability when handling requests from local,<br>unprivileged users. This flaw could possibly lead to an information leak or<br>privilege escalation. (CVE-2009-1072, Moderate)<br><li> Frank Filz reported the NFSv4 client was missing a file permission check</li> for the execute bit in some situations. This could allow local,<br>unprivileged users to run non-executable files on NFSv4 mounted file<br>systems. (CVE-2009-1630, Moderate)<br><li> a missing check was found in the hypervisor_callback() function in the</li> Linux kernel provided by the kernel-xen package. This could cause a denial<br>of service of a 32-bit guest if an application running in that guest<br>accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)<br><li> a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and</li> agp_generic_alloc_pages() functions did not zero out the memory pages they<br>allocate, which may later be available to user-space processes. This flaw<br>could possibly lead to an information leak. (CVE-2009-1192, Low)<br>These updated packages also fix the following bugs:<br><li> "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes</li> able to use the ptrace() call on a given process; however, certain<br>information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used<br>to reconstruct memory maps, making it possible to bypass the Address Space<br>Layout Randomization (ASLR) security feature. This update addresses this<br>issue. (BZ#499549)<br><li> in some situations, the link count was not decreased when renaming unused</li> files on NFS mounted file systems. This may have resulted in poor<br>performance. With this update, the link count is decreased in these<br>situations, the same as is done for other file operations, such as unlink<br>and rmdir. (BZ#501802)<br><li> tcp_ack() cleared the probes_out variable even if there were outstanding</li> packets. When low TCP keepalive intervals were used, this bug may have<br>caused problems, such as connections terminating, when using remote tools<br>such as rsh and rlogin. (BZ#501754)<br><li> off-by-one errors in the time normalization code could have caused</li> clock_gettime() to return one billion nanoseconds, rather than adding an<br>extra second. This bug could have caused the name service cache daemon<br>(nscd) to consume excessive CPU resources. (BZ#501800)<br><li> a system panic could occur when one thread read "/proc/bus/input/devices"</li> while another was removing a device. With this update, a mutex has been<br>added to protect the input_dev_list and input_handler_list variables, which<br>resolves this issue. (BZ#501804)<br><li> using netdump may have caused a kernel deadlock on some systems.</li> (BZ#504565)<br><li> the file system mask, which lists capabilities for users with a file</li> system user ID (fsuid) of 0, was missing the CAP_MKNOD and<br>CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with<br>an fsuid other than 0 to perform actions on some file system types that<br>would otherwise be prevented. This update adds these capabilities. (BZ#497269)<br>All Red Hat Enterprise Linux 4 users should upgrade to these updated<br>packages, which contain backported patches to resolve these issues. Note:<br>The system must be rebooted for this update to take effect.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=491572
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=497020
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=499549
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=500297
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=500945
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=501754
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=501800
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=501802
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=501804
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502981
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=504565
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2009:1132 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1132