RHSA-2009:1548: Important: kernel security and bug fix update

First published: Tue Nov 03 2009(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>Security fixes:<br><li> a system with SELinux enforced was more permissive in allowing local</li> users in the unconfined_t domain to map low memory areas even if the<br>mmap_min_addr restriction was enabled. This could aid in the local<br>exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)<br><li> a NULL pointer dereference flaw was found in the eCryptfs implementation</li> in the Linux kernel. A local attacker could use this flaw to cause a local<br>denial of service or escalate their privileges. (CVE-2009-2908, Important)<br><li> a flaw was found in the NFSv4 implementation. The kernel would do an</li> unnecessary permission check after creating a file. This check would<br>usually fail and leave the file with the permission bits set to random<br>values. Note: This is a server-side only issue. (CVE-2009-3286, Important)<br><li> a NULL pointer dereference flaw was found in each of the following</li> functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and<br>pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could<br>be released by other processes before it is used to update the pipe's<br>reader and writer counters. This could lead to a local denial of service or<br>privilege escalation. (CVE-2009-3547, Important)<br><li> a flaw was found in the Realtek r8169 Ethernet driver in the Linux</li> kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU<br>space exhaustion and a system crash. An attacker on the local network could<br>abuse this flaw by using jumbo frames for large amounts of network traffic.<br>(CVE-2009-3613, Important)<br><li> missing initialization flaws were found in the Linux kernel. Padding data</li> in several core network structures was not initialized properly before<br>being sent to user-space. These flaws could lead to information leaks.<br>(CVE-2009-3228, Moderate)<br>Bug fixes:<br><li> with network bonding in the "balance-tlb" or "balance-alb" mode, the</li> primary setting for the primary slave device was lost when said device was<br>brought down. Bringing the slave back up did not restore the primary<br>setting. (BZ#517971)<br><li> some faulty serial device hardware caused systems running the kernel-xen</li> kernel to take a very long time to boot. (BZ#524153)<br><li> a caching bug in nfs_readdir() may have caused NFS clients to see</li> duplicate files or not see all files in a directory. (BZ#526960)<br><li> the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing</li> certain scripts from running. This update adds the option back. (BZ#526963)<br><li> an iptables rule with the recent module and a hit count value greater</li> than the ip_pkt_list_tot parameter (the default is 20), did not have any<br>effect over packets, as the hit count could not be reached. (BZ#527434)<br><li> a check has been added to the IPv4 code to make sure that rt is not NULL,</li> to help prevent future bugs in functions that call ip_append_data() from<br>being exploitable. (BZ#527436)<br><li> a kernel panic occurred in certain conditions after reconfiguring a tape</li> drive's block size. (BZ#528133)<br><li> when using the Linux Virtual Server (LVS) in a master and backup</li> configuration, and propagating active connections on the master to the<br>backup, the connection timeout value on the backup was hard-coded to 180<br>seconds, meaning connection information on the backup was soon lost. This<br>could prevent the successful failover of connections. The timeout value<br>can now be set via "ipvsadm --set". (BZ#528645)<br><li> a bug in nfs4_do_open_expired() could have caused the reclaimer thread on</li> an NFSv4 client to enter an infinite loop. (BZ#529162)<br><li> MSI interrupts may not have been delivered for r8169 based network cards</li> that have MSI interrupts enabled. This bug only affected certain systems.<br>(BZ#529366)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:1548
• agent/software-canonical-lookup
• package-manager/redhat