RHSA-2010:0380: Important: kernel security and bug fix update
First published: Tue Apr 27 2010(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>Security fixes:<br><li> a race condition was found in the mac80211 implementation, a framework</li> used for writing drivers for wireless devices. An attacker could trigger<br>this flaw by sending a Delete Block ACK (DELBA) packet to a target system,<br>resulting in a remote denial of service. Note: This issue only affected<br>users on 802.11n networks, and that also use the iwlagn driver with Intel<br>wireless hardware. (CVE-2009-4027, Important)<br><li> a use-after-free flaw was found in the tcp_rcv_state_process() function</li> in the Linux kernel TCP/IP protocol suite implementation. If a system using<br>IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote<br>attacker could send an IPv6 packet to that system, causing a kernel panic<br>(denial of service). (CVE-2010-1188, Important)<br><li> a flaw was found in the gfs2_lock() implementation. The GFS2 locking code</li> could skip the lock operation for files that have the S_ISGID bit<br>(set-group-ID on execution) in their mode set. A local, unprivileged user<br>on a system that has a GFS2 file system mounted could use this flaw to<br>cause a kernel panic (denial of service). (CVE-2010-0727, Moderate)<br><li> a divide-by-zero flaw was found in the ext4 file system code. A local</li> attacker could use this flaw to cause a denial of service by mounting a<br>specially-crafted ext4 file system. (CVE-2009-4307, Low)<br>Bug fixes:<br><li> if a program that calls posix_fadvise() were compiled on x86, and then</li> run on a 64-bit system, that program could experience various problems,<br>including performance issues and the call to posix_fadvise() failing,<br>causing the program to not run as expected or even abort. With this update,<br>when such programs attempt to call posix_fadvise() on 64-bit systems,<br>sys32_fadvise64() is called instead, which resolves this issue. This update<br>also fixes other 32-bit system calls that were mistakenly called on 64-bit<br>systems (including systems running the kernel-xen kernel). (BZ#569597)<br><li> on some systems able to set a P-State limit via the BIOS, it was not</li> possible to set the limit to a higher frequency if the system was rebooted<br>while a low limit was set:<br>"/sys/devices/system/cpu/cpu[x]/cpufreq/scaling_max_freq" would retain the<br>low limit in these situations. With this update, limits are correctly set,<br>even after being changed after a system reboot. (BZ#569727)<br><li> certain Intel ICH hardware (using the e1000e driver) has an NFS filtering</li> capability that did not work as expected, causing memory corruption, which<br>could lead to kernel panics, or other unexpected behavior. In a reported<br>case, a panic occurred when running NFS connection tests. This update<br>resolves this issue by disabling the filtering capability. (BZ#569797)<br><li> if "open(/proc/[PID]/[xxxx])" was called at the same time the process was</li> exiting, the call would fail with an EINVAL error (an incorrect error for<br>this situation). With this update, the correct error, ENOENT, is returned<br>in this situation. (BZ#571362)<br><li> multiqueue is used for transmitting data, but a single queue transmit</li> ON/OFF scheme was used. This led to a race condition on systems with the<br>bnx2x driver in situations where one queue became full, but not stopped,<br>and the other queue enabled transmission. With this update, only a single<br>queue is used. (BZ#576951)<br><li> the "/proc/sys/vm/mmap_min_addr" tunable helps prevent unprivileged</li> users from creating new memory mappings below the minimum address. The<br>sysctl value for mmap_min_addr could be changed by a process or user that<br>has an effective user ID (euid) of 0, even if the process or user does not<br>have the CAP_SYS_RAWIO capability. This update adds a capability check for<br>the CAP_SYS_RAWIO capability before allowing the mmap_min_addr value to be<br>changed. (BZ#577206)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=541149
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=547251
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=569597
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=569727
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=569797
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=570863
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=571362
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=576951
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=577206
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=577711
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2010:0380 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0380
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness