RHSA-2010:0079: Important: kernel security and bug fix update

First published: Tue Feb 02 2010(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> a flaw was found in the IPv6 Extension Header (EH) handling</li> implementation in the Linux kernel. The skb-&gt;dst data structure was not<br>properly validated in the ipv6_hop_jumbo() function. This could possibly<br>lead to a remote denial of service. (CVE-2007-4567, Important)<br><li> the possibility of a timeout value overflow was found in the Linux kernel</li> high-resolution timers functionality, hrtimers. This could allow a local,<br>unprivileged user to execute arbitrary code, or cause a denial of service<br>(kernel panic). (CVE-2007-5966, Important)<br><li> memory leaks were found on some error paths in the icmp_send()</li> function in the Linux kernel. This could, potentially, cause the network<br>connectivity to cease. (CVE-2009-0778, Important)<br><li> a deficiency was found in the Linux kernel system call auditing</li> implementation on 64-bit systems. This could allow a local, unprivileged<br>user to circumvent a system call audit configuration, if that configuration<br>filtered based on the "syscall" number or arguments. (CVE-2009-0834,<br>Important)<br><li> a flaw was found in the Intel PRO/1000 Linux driver (e1000) in the Linux</li> kernel. Frames with sizes near the MTU of an interface may be split across<br>multiple hardware receive descriptors. Receipt of such a frame could leak<br>through a validation check, leading to a corruption of the length check. A<br>remote attacker could use this flaw to send a specially-crafted packet that<br>would cause a denial of service or code execution. (CVE-2009-1385,<br>Important)<br><li> the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a</li> setuid or setgid program was executed. A local, unprivileged user could use<br>this flaw to bypass the mmap_min_addr protection mechanism and perform a<br>NULL pointer dereference attack, or bypass the Address Space Layout<br>Randomization (ASLR) security feature. (CVE-2009-1895, Important)<br><li> a flaw was found in each of the following Intel PRO/1000 Linux drivers in</li> the Linux kernel: e1000 and e1000e. A remote attacker using packets larger<br>than the MTU could bypass the existing fragment check, resulting in<br>partial, invalid frames being passed to the network stack. These flaws<br>could also possibly be used to trigger a remote denial of service.<br>(CVE-2009-4536, CVE-2009-4538, Important)<br><li> a flaw was found in the Realtek r8169 Ethernet driver in the Linux</li> kernel. Receiving overly-long frames with a certain revision of the network<br>cards supported by this driver could possibly result in a remote denial of<br>service. (CVE-2009-4537, Important)<br>Note: This update also fixes several bugs. Documentation for these bug<br>fixes will be available shortly from<br>www.redhat.com/docs/en-US/errata/RHSA-2010-0079/Kernel_Security_Update/<br>index.html<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0079
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness