RHSA-2010:0076: Important: kernel security and bug fix update
First published: Tue Feb 02 2010(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> an array index error was found in the gdth driver in the Linux kernel. A</li> local user could send a specially-crafted IOCTL request that would cause a<br>denial of service or, possibly, privilege escalation. (CVE-2009-3080,<br>Important)<br><li> a flaw was found in the collect_rx_frame() function in the HiSax ISDN</li> driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to<br>send a specially-crafted HDLC packet that could trigger a buffer out of<br>bounds, possibly resulting in a denial of service. (CVE-2009-4005,<br>Important)<br><li> permission issues were found in the megaraid_sas driver (for SAS based</li> RAID controllers) in the Linux kernel. The "dbg_lvl" and "poll_mode_io"<br>files on the sysfs file system ("/sys/") had world-writable permissions.<br>This could allow local, unprivileged users to change the behavior of the<br>driver. (CVE-2009-3889, CVE-2009-3939, Moderate)<br><li> a buffer overflow flaw was found in the hfs_bnode_read() function in the</li> HFS file system implementation in the Linux kernel. This could lead to a<br>denial of service if a user browsed a specially-crafted HFS file system,<br>for example, by running "ls". (CVE-2009-4020, Low)<br>This update also fixes the following bugs:<br><li> if a process was using ptrace() to trace a multi-threaded process, and</li> that multi-threaded process dumped its core, the process performing the<br>trace could hang in wait4(). This issue could be triggered by running<br>"strace -f" on a multi-threaded process that was dumping its core,<br>resulting in the strace command hanging. (BZ#555869)<br><li> a bug in the ptrace() implementation could have, in some cases, caused</li> ptrace_detach() to create a zombie process if the process being traced<br>was terminated with a SIGKILL signal. (BZ#555869)<br><li> the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the</li> Realtek r8169 Ethernet driver. This update implements a better solution for<br>that issue. Note: This is not a security regression. The original fix was<br>complete. This update is adding the official upstream fix. (BZ#556406)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=526068
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=539414
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=539435
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=540736
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=555869
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=556406
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2010:0076 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0076
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness