RHSA-2009:1211: Important: kernel security and bug fix update
First published: Thu Aug 13 2009(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in</li> the Linux kernel. This driver allowed interfaces using this driver to<br>receive frames larger than what could be handled. This could lead to a<br>remote denial of service or code execution. (CVE-2009-1389, Important)<br><li> a buffer overflow flaw was found in the CIFSTCon() function of the Linux</li> kernel Common Internet File System (CIFS) implementation. When mounting a<br>CIFS share, a malicious server could send an overly-long string to the<br>client, possibly leading to a denial of service or privilege escalation on<br>the client mounting the CIFS share. (CVE-2009-1439, Important)<br><li> several flaws were found in the way the Linux kernel CIFS implementation</li> handles Unicode strings. CIFS clients convert Unicode strings sent by a<br>server to their local character sets, and then write those strings into<br>memory. If a malicious server sent a long enough string, it could write<br>past the end of the target memory region and corrupt other memory areas,<br>possibly leading to a denial of service or privilege escalation on the<br>client mounting the CIFS share. (CVE-2009-1633, Important)<br>These updated packages also fix the following bugs:<br><li> when using network bonding in the "balance-tlb" or "balance-alb" mode,</li> the primary setting for the primary slave device was lost when said<br>device was brought down (ifdown). Bringing the slave interface back up<br>(ifup) did not restore the primary setting (the device was not made the<br>active slave). (BZ#507563)<br><li> a bug in timer_interrupt() may have caused the system time to move up to</li> two days or more into the future, or to be delayed for several minutes.<br>This bug only affected Intel 64 and AMD64 systems that have the High<br>Precision Event Timer (HPET) enabled in the BIOS, and could have caused<br>problems for applications that require timing to be accurate. (BZ#508835)<br><li> a race condition was resolved in the Linux kernel block layer between</li> show_partition() and rescan_partitions(). This could have caused a NULL<br>pointer dereference in show_partition(), leading to a system crash (kernel<br>panic). This issue was most likely to occur on systems running monitoring<br>software that regularly scanned hard disk partitions, or from repeatedly<br>running commands that probe for partition information. (BZ#512310)<br><li> previously, the Stratus memory tracker missed certain modified pages.</li> With this update, information about the type of page (small page or<br>huge page) is passed to the Stratus memory tracker, which resolves this<br>issue. The fix for this issue does not affect systems that do not use<br>memory tracking. (BZ#513182)<br><li> a bug may have caused a system crash when using the cciss driver, due to</li> an uninitialized kernel structure. A reported case of this issue occurred<br>after issuing consecutive SCSI TUR commands (sg_turs sends SCSI<br>test-unit-ready commands in a loop). (BZ#513189)<br><li> a bug in the SCSI implementation caused "Aborted Command - internal</li> target failure" errors to be sent to Device-Mapper Multipath, without<br>retries, resulting in Device-Mapper Multipath marking the path as failed<br>and making a path group switch. With this update, all errors that return a<br>sense key in the SCSI mid layer (including "Aborted Command - internal<br>target failure") are retried. (BZ#514007)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494275
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496572
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=504726
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=507563
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=508835
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=512310
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=513182
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=513189
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=514007
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2009:1211 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1211
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness