RHSA-2010:0660: Important: kernel security and bug fix update

First published: Mon Aug 30 2010(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> when an application has a stack overflow, the stack could silently</li> overwrite another memory mapped area instead of a segmentation fault<br>occurring, which could cause an application to execute arbitrary code,<br>possibly leading to privilege escalation. It is known that the X Window<br>System server can be used to trigger this flaw. (CVE-2010-2240, Important)<br><li> a miscalculation of the size of the free space of the initial directory</li> entry in a directory leaf block was found in the Linux kernel Global File<br>System 2 (GFS2) implementation. A local, unprivileged user with write<br>access to a GFS2-mounted file system could perform a rename operation on<br>that file system to trigger a NULL pointer dereference, possibly resulting<br>in a denial of service or privilege escalation. (CVE-2010-2798, Important)<br>Red Hat would like to thank the X.Org security team for reporting<br>CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original<br>reporter; and Grant Diffey of CenITex for reporting CVE-2010-2798.<br>This update also fixes the following bugs:<br><li> the Red Hat Enterprise Linux 5.3 General Availability (GA) release</li> introduced a regression in iSCSI failover time. While there was heavy I/O<br>on the iSCSI layer, attempting to log out of an iSCSI connection at the<br>same time a network problem was occurring, such as a switch dying or a<br>cable being pulled out, resulted in iSCSI failover taking several minutes.<br>With this update, failover occurs as expected. (BZ#583898)<br><li> a bug was found in the way the megaraid_sas driver (for SAS based RAID</li> controllers) handled physical disks and management IOCTLs. All physical<br>disks were exported to the disk layer, allowing an oops in<br>megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout<br>occurred. One possible trigger for this bug was running "mkfs". This update<br>resolves this issue by updating the megaraid_sas driver to version 4.31.<br>(BZ#619362)<br><li> this update upgrades the bnx2x driver to version 1.52.1-6, and the bnx2x</li> firmware to version 1.52.1-6, incorporating multiple bug fixes and<br>enhancements. These fixes include: A race condition on systems using the<br>bnx2x driver due to multiqueue being used to transmit data, but only a<br>single queue transmit ON/OFF scheme being used (only a single queue is<br>used with this update); a bug that could have led to a kernel panic when<br>using iSCSI offload; and a bug that caused a firmware crash, causing<br>network devices using the bnx2x driver to lose network connectivity. When<br>this firmware crash occurred, errors such as "timeout polling for state"<br>and "Stop leading failed!" were logged. A system reboot was required to<br>restore network connectivity. (BZ#620663, BZ#620668, BZ#620669, BZ#620665)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2010:0660
• agent/references
• agent/weakness
• agent/title
• agent/severity
• agent/tags
• agent/type
• agent/description
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/remedy