RHSA-2010:0882: Important: kernel security and bug fix update

First published: Fri Nov 12 2010(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> An array index error was found in the gdth driver in the Linux kernel. A</li> local user could send a specially-crafted IOCTL request that would cause a<br>denial of service or, possibly, privilege escalation. (CVE-2009-3080,<br>Important)<br><li> NULL pointer dereference flaws were found in the r128 driver in the Linux</li> kernel. Checks to test if the Concurrent Command Engine state was<br>initialized were missing in private IOCTL functions. An attacker could use<br>these flaws to cause a local denial of service or escalate their<br>privileges. (CVE-2009-3620, Important)<br><li> A flaw was found in the Intel PRO/1000 Linux driver, e1000, in the Linux</li> kernel. A remote attacker using packets larger than the MTU could bypass<br>the existing fragment check, resulting in partial, invalid frames being<br>passed to the network stack. This flaw could also possibly be used to<br>trigger a remote denial of service. (CVE-2009-4536, Important)<br><li> A use-after-free flaw was found in the tcp_rcv_state_process() function</li> in the Linux kernel TCP/IP protocol suite implementation. If a system using<br>IPv6 had the IPV6_PKTINFO option set on a listening socket, a remote<br>attacker could send an IPv6 packet to that system, causing a kernel panic<br>(denial of service). (CVE-2010-1188, Important)<br><li> When an application has a stack overflow, the stack could silently</li> overwrite another memory mapped area instead of a segmentation fault<br>occurring, which could cause an application to execute arbitrary code,<br>possibly leading to privilege escalation. It is known that the X Window<br>System server can be used to trigger this flaw. (CVE-2010-2240, Important)<br><li> The compat_alloc_user_space() function in the Linux kernel 32/64-bit</li> compatibility layer implementation was missing sanity checks. This function<br>could be abused in other areas of the Linux kernel. On 64-bit systems, a<br>local, unprivileged user could use this flaw to escalate their privileges.<br>(CVE-2010-3081, Important)<br>Red Hat would like to thank the X.Org security team for reporting the<br>CVE-2010-2240 issue, with upstream acknowledging Rafal Wojtczuk as the<br>original reporter; and Ben Hawkes for reporting the CVE-2010-3081 issue.<br>This update also fixes the following bug:<br><li> The RHSA-2009:1550 kernel update introduced a regression that prevented</li> certain custom kernel modules from loading, failing with "unresolved<br>symbol" errors. This update corrects this issue, allowing the affected<br>modules to load as expected. (BZ#556909)<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues. The system must be rebooted for this<br>update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0882
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness