RHSA-2009:1239: Important: kernel-rt security and bug fix update
First published: Tue Sep 01 2009(Updated: )
The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> Tavis Ormandy and Julien Tinnes of the Google Security Team reported a</li> flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not<br>initialize the sendpage operation in the proto_ops structure correctly. A<br>local, unprivileged user could use this flaw to cause a local denial of<br>service or escalate their privileges. (CVE-2009-2692, Important)<br><li> it was discovered that, when executing a new process, the clear_child_tid</li> pointer in the Linux kernel is not cleared. If this pointer points to a<br>writable portion of the memory of the new program, the kernel could corrupt<br>four bytes of memory, possibly leading to a local denial of service or<br>privilege escalation. (CVE-2009-2848, Important)<br><li> a flaw was found in the way the do_sigaltstack() function in the Linux</li> kernel copies the stack_t structure to user-space. On 64-bit machines, this<br>flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)<br>This update also fixes the following bugs:<br><li> the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel</li> build options. This prevents gcc from optimizing out NULL pointer checks<br>after the first use of a pointer. NULL pointer bugs are often exploited by<br>attackers, and keeping these checks is considered a safety measure.<br>(BZ#511187) <br><li> a bug in the locking strategy for the free_pages_bulk() kernel function</li> was found, where a lock in a code branch was not held. This could have<br>created a "double free" problem that resulted in a kernel panic.<br>(BZ#513715)<br><li> udevd and multipathd were unable to service events fast enough when a</li> Fibre Channel cable was unplugged. This caused the cable state to be out of<br>sync if the cable was plugged back in quickly, possibly resulting in<br>devices being removed, or path issues when using Device-Mapper Multipath.<br>This has been changed so that users can specify devices that should not be<br>removed if a cable is unplugged. (BZ#514541)<br><li> a race condition in exit_thread() could have eventually caused a kernel</li> oops. (BZ#514587)<br><li> a race condition was fixed between kthread_stop() and kthread_create().</li> Kernel subsystems creating and stopping threads at a fast pace could hit<br>this issue. Several inexplicable backtraces observed during tests<br>caused this race condition. (BZ#518967)<br><li> HPET_EMULATE_RTC was being disabled during kernel compile. This was</li> caused by an incorrect requirement in the related Kconfig entry. This issue<br>led to failures when accessing the RTC (real time clock) in machines that<br>had the RTC emulated by HPET (High Precision Event Timer). (BZ#519433)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=515423
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=516949
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=511187
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=514541
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=515392
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2009:1239 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1239
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness