RHSA-2009:1522: Moderate: kernel security and bug fix update

First published: Thu Oct 22 2009(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> multiple, missing initialization flaws were found in the Linux kernel.</li> Padding data in several core network structures was not initialized<br>properly before being sent to user-space. These flaws could lead to<br>information leaks. (CVE-2005-4881, CVE-2009-3228, Moderate)<br>This update also fixes the following bugs:<br><li> a packet duplication issue was fixed via the RHSA-2008:0665 update;</li> however, the fix introduced a problem for systems using network bonding:<br>Backup slaves were unable to receive ARP packets. When using network<br>bonding in the "active-backup" mode and with the "arp_validate=3" option,<br>the bonding driver considered such backup slaves as being down (since they<br>were not receiving ARP packets), preventing successful failover to these<br>devices. (BZ#519384)<br><li> due to insufficient memory barriers in the network code, a process</li> sleeping in select() may have missed notifications about new data. In rare<br>cases, this bug may have caused a process to sleep forever. (BZ#519386)<br><li> the driver version number in the ata_piix driver was not changed between</li> Red Hat Enterprise Linux 4.7 and Red Hat Enterprise Linux 4.8, even though<br>changes had been made between these releases. This could have prevented the<br>driver from loading on systems that check driver versions, as this driver<br>appeared older than it was. (BZ#519389)<br><li> a bug in nlm_lookup_host() could have led to un-reclaimed locks on file</li> systems, resulting in the umount command failing. This bug could have also<br>prevented NFS services from being relocated correctly in clustered<br>environments. (BZ#519656)<br><li> the data buffer ethtool_get_strings() allocated, for the igb driver, was</li> smaller than the amount of data that was copied in igb_get_strings(),<br>because of a miscalculation in IGB_QUEUE_STATS_LEN, resulting in memory<br>corruption. This bug could have led to a kernel panic. (BZ#522738)<br><li> in some situations, write operations to a TTY device were blocked even</li> when the O_NONBLOCK flag was used. A reported case of this issue occurred<br>when a single TTY device was opened by two users (one using blocking mode,<br>and the other using non-blocking mode). (BZ#523930)<br><li> a deadlock was found in the cciss driver. In rare cases, this caused an</li> NMI lockup during boot. Messages such as "cciss: controller cciss[x]<br>failed, stopping." and "cciss[x]: controller not responding." may have<br>been displayed on the console. (BZ#525725)<br><li> on 64-bit PowerPC systems, a rollover bug in the ibmveth driver could</li> have caused a kernel panic. In a reported case, this panic occurred on a<br>system with a large uptime and under heavy network load. (BZ#527225)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:1522