RHSA-2009:1243: Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update

First published: Tue Sep 01 2009(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>These updated packages fix the following security issues:<br><li> it was discovered that, when executing a new process, the clear_child_tid</li> pointer in the Linux kernel is not cleared. If this pointer points to a<br>writable portion of the memory of the new program, the kernel could corrupt<br>four bytes of memory, possibly leading to a local denial of service or<br>privilege escalation. (CVE-2009-2848, Important)<br><li> a flaw was found in the way the do_sigaltstack() function in the Linux</li> kernel copies the stack_t structure to user-space. On 64-bit machines, this<br>flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)<br><li> a flaw was found in the ext4 file system code. A local attacker could use</li> this flaw to cause a denial of service by performing a resize operation on<br>a specially-crafted ext4 file system. (CVE-2009-0745, Low)<br><li> multiple flaws were found in the ext4 file system code. A local attacker</li> could use these flaws to cause a denial of service by mounting a<br>specially-crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747,<br>CVE-2009-0748, Low)<br>These updated packages also include several hundred bug fixes for and<br>enhancements to the Linux kernel. Space precludes documenting each of these<br>changes in this advisory and users are directed to the Red Hat Enterprise<br>Linux 5.4 Release Notes for information on the most significant of these<br>changes:<br><a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/" target="_blank">http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/</a> Also, for details concerning every bug fixed in and every enhancement added<br>to the kernel for this release, see the kernel chapter in the Red Hat<br>Enterprise Linux 5.4 Technical Notes:<br><a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html" target="_blank">http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html</a> All Red Hat Enterprise Linux 5 users are advised to install these updated<br>packages, which address these vulnerabilities as well as fixing the bugs<br>and adding the enhancements noted in the Red Hat Enterprise Linux 5.4<br>Release Notes and Technical Notes. The system must be rebooted for this<br>update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:1243
• agent/software-canonical-lookup
• package-manager/redhat