- Vulnerability/
- RHSA-2009:1157
RHSA-2009:1157: Important: kernel-rt security and bug fix update
First published: Tue Jul 14 2009(Updated: )
The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br>Security fixes:<br><li> a flaw was found in the Intel PRO/1000 network driver in the Linux</li> kernel. Frames with sizes near the MTU of an interface may be split across<br>multiple hardware receive descriptors. Receipt of such a frame could leak<br>through a validation check, leading to a corruption of the length check. A<br>remote attacker could use this flaw to send a specially-crafted packet that<br>would cause a denial of service or code execution. (CVE-2009-1385,<br>Important)<br><li> Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in</li> the Linux kernel. This driver allowed interfaces using this driver to<br>receive frames larger than what could be handled. This could lead to a<br>remote denial of service or code execution. (CVE-2009-1389, Important)<br><li> several flaws were found in the way the Linux kernel CIFS implementation</li> handles Unicode strings. CIFS clients convert Unicode strings sent by a<br>server to their local character sets, and then write those strings into<br>memory. If a malicious server sent a long enough string, it could write<br>past the end of the target memory region and corrupt other memory areas,<br>possibly leading to a denial of service or privilege escalation on the<br>client mounting the CIFS share. (CVE-2009-1633, Important)<br><li> Frank Filz reported the NFSv4 client was missing a file permission check</li> for the execute bit in some situations. This could allow local,<br>unprivileged users to run non-executable files on NFSv4 mounted file<br>systems. (CVE-2009-1630, Moderate)<br><li> a deadlock flaw was found in the Linux kernel splice implementation. This</li> deadlock could occur during interactions between the<br>generic_file_splice_write() and splice_from_pipe() functions, possibly<br>leading to a partial denial of service on the file system partition where<br>the deadlock occurs. (CVE-2009-1961, Moderate)<br>Bug fixes:<br><li> a stack buffer used by get_event_name() was not large enough to</li> accommodate the nul terminator that sprintf() writes. In some cases, this<br>could lead to an invalid pointer or a kernel panic. With this update, the<br>function is modified to allow space for the nul terminator. (BZ#503902)<br><li> free_bootmem() was hard-coded to use node 0. This could have caused a</li> kernel panic during boot on a NUMA system that happens to boot on a node<br>other than node 0. With this update, free_bootmem() acts on the current<br>node, resolving this issue. (BZ#503048)<br><li> CPU flag mishandling caused TSC clocksource synchronization to fail (TSC</li> was marked unstable) on the Intel? microarchitecture (Nehalem). In<br>addition, TSC clocksource checks added to the 64-bit kernel code are now<br>present for i386 systems. Also, "/proc/cpuinfo" now shows TSC-related<br>flags. (BZ#50289, BZ#508756)<br><li> barriers are used to make sure delayed work requested from threads is</li> processed before continuing. run_workqueue(), however, exited before<br>processing all barriers, causing threads to wait forever. In a reported<br>case, this bug caused missing path issues for Device Mapper Multipathing.<br>(BZ#504133)<br><li> calling pipe() with an invalid address caused a file descriptor leak.</li> (BZ#509629)<br><li> the code to add "/dev/rtc" contained a printk statement without a log</li> level prefix. (BZ#510099)<br><li> an extra check has been added to the realtime kernel to avoid a rare</li> corruption of the FPU (Floating Point Unit) stack, which could occur if a<br>task using FPU registers was preempted by an interruption. (BZ#509359)<br><li> fix a boot-up problem on HP ProLiant SL2x170z G6 and similar systems by</li> adding Intel ICH10 controllers back to the ata_piix driver. (BZ#508783)<br><li> converts a UID comparison in AGP to a more secure capability check. By</li> default, "/dev/agpgart" is accessible only to the root user. (BZ#505493)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496572
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=500297
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502893
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502981
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=503048
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=503474
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=503902
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=504133
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=504726
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=505493
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=509629
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=510099
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2009:1157 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1157