Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2
Advisory ID: RHSA-2005:514-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-514.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0756 CAN-2005-1265 CAN-2005-1761 CAN-2005-1762 CAN-2005-1763 CAN-2005-2098 CAN-2005-2099 CAN-2005-2100 CAN-2005-2456 CAN-2005-2490 CAN-2005-2492 CAN-2005-2555 CAN-2005-2801 CAN-2005-2872
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 4. This is the
second regular update.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This is the second regular kernel update to Red Hat Enterprise Linux 4.

New features introduced in this update include:
- - Audit support
- - systemtap - kprobes, relayfs
- - Keyring support
- - ISCI - iscsi_sfnet 4:0.1.11-1
- - Device mapper mirroring and multipath support
- - Intel dual core support
- - esb2 chipset support
- - Increased exec-shield coverage
- - Dirty page tracking for HA systems
- - Diskdump -- allow partial diskdumps and directing to swap

There were several bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 4.

The following security bugs were fixed in this update, detailed below with
corresponding CAN names available from the Common Vulnerabilities and
Exposures project (cve.mitre.org):

- - flaws in ptrace() syscall handling on 64-bit systems that allowed a local
user to cause a denial of service (crash) (CAN-2005-0756, CAN-2005-1761,
CAN-2005-1762, CAN-2005-1763)

- - flaws in IPSEC network handling that allowed a local user to cause a
denial of service or potentially gain privileges (CAN-2005-2456, CAN-2005-2555)

- - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a
local user to cause a denial of service or potentially gain privileges
(CAN-2005-2490)

- - a flaw in sendmsg() syscall handling that allowed a local user to cause a
denial of service by altering hardware state (CAN-2005-2492)

- - a flaw that prevented the topdown allocator from allocating mmap areas
all the way down to address zero (CAN-2005-1265)

- - flaws dealing with keyrings that could cause a local denial of service
(CAN-2005-2098, CAN-2005-2099)

- - a flaw in the 4GB split patch that could allow a local denial of service
(CAN-2005-2100)

- - a xattr sharing bug in the ext2 and ext3 file systems that could cause
default ACLs to disappear (CAN-2005-2801)

- - a flaw in the ipt_recent module on 64-bit architectures which could allow
a remote denial of service (CAN-2005-2872)

The following device drivers have been upgraded to new versions:

qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2
qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2
megaraid_mbox --- 2.20.4.5 to 2.20.4.6
megaraid_mm ----- 2.20.2.5 to 2.20.2.6
lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17
cciss ----------- 2.6.4 to 2.6.6
ipw2100 --------- 1.0.3 to 1.1.0
tg3 ------------- 3.22-rh to 3.27-rh
e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI
e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI
3c59x ----------- LK1.1.19
mptbase --------- 3.01.16 to 3.02.18
ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI
libata ---------- 1.10 to 1.11
sata_via -------- 1.0 to 1.1
sata_ahci ------- 1.00 to 1.01
sata_qstor ------ 0.04
sata_sil -------- 0.8 to 0.9
sata_svw -------- 1.05 to 1.06
s390: crypto ---- 1.31 to 1.57
s390: zfcp ------
s390: CTC-MPC ---
s390: dasd -------
s390: cio -------
s390: qeth ------

All Red Hat Enterprise Linux 4 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

114578 - RHEL4 U1: File Delegation, at least read-only.
130914 - RHEL4: keyring support (OpenAFS enabler)
134790 - Inspiron 8500 practically hangs when configuring b44 NIC with 1.5G memory
135669 - tcsendbreak fails in compat mode
137343 - RH40-beta1, embedded IDE/PCI drivers not honoring Sub ID's/Class code
140002 - [PATCH] i2o_block timeout Adaptec 2400A raid card
141783 - domain validation fails on DVD-305 when CD in drive
142989 - Terminated threads' resource usage is hidden from procps
144668 - System doesn't reboot even if kernel.panic is > 0 on RHEL-4 Beta-2.
145575 - [RHEL4-U2][Diskdump] Partial dump
145648 - Socket option IP_FREEBIND has no effect on SCTP socket.
145659 - Socket option SO_BINDTODEVICE problems with SCTP listening socket.
145976 - Sub-second mtime changes without modifying file
146187 - [RHEL4RC1] chicony usb keyboard fails, with side effects
147233 - NFSv3 over Kerberos: gss_get_mic FAILED during xdm login attempt
147496 - Sense data errors are seen when trying to access a travan tape device
149478 - Bug / data corruption on error handling in Ext3 under I/O failure condition
149919 - highmem.c: fix bio error propagation
149979 - kernel panic when tar'ing data to IDE Tape device
150152 - nfsv4 callback authentication patch
151222 - smp_apic_timer_interrupt() executes on kernel thread stack
151315 - kernel BUG() at pageattr:107 with rmmod e1000
151323 - Kernel BUG at pageattr:107
151429 - Fusion MPT doesn't handle multiple PCI domains correctly
152162 - LVM snapshots over md raid1 cause corruption
152440 - ppc64 arches can crash when single setpping a debugger through syscall return code
152619 - openipmi drivers missing compat_ioctl's on x86_64 kernel
152982 - fail to mount nfs4 servers
154055 - RHEL4 U1 Oracle 10G 10.0.3 aio hang running tpc-c
154100 - assertion failrue in semaphore.h caused by perfmon
154347 - spin_lock already locked by xfrm4_output
154435 - kernel dm-emc: Fix spinlock reset
154442 - kernel dm-multipath: multiple pg_inits can be issued in parallel
154451 - CAN-2005-1762 x86_64 sysret exception leads to DoS
154733 - oops when catting /proc/net/ip_conntrack_expect
155278 - Debugger killed by kernel when looking at the lowest addressed vmalloc page
155354 - 20050313 SCSI tape security
155706 - CAN-2005-2801 xattr sharing bug
155932 - [RHEL4-U2][Diskdump] hangs when SCSI drive is busy
156010 - [RHEL4-U2] Diskdump - swap partition support
156705 - Serial console corrupt on boot
157239 - Systemtap patches to be ported to RHEL4 U2 kernel
157725 - sysctl -A returns an error
157900 - [not quite PATCH] tg3 driver crashes kernel with BCM5752 chip, newer driver is OK
158107 - Serial console turns into garbage after initialising 16550A
158293 - nfs server intermitently claims ENOENT on existing files or directories
158878 - CAN-2005-1265 Prevent NULL mmap in topdown model
158883 - Annoying i2o_config kernel module messages during raidutil run
158930 - 32-bit GETBLKSIZE ioctl overflows incorrectly on 64-bit hosts.
158974 - [Patch] modprobling a module signed with a key not known to the kernel can result in a panic.
159640 - proc and sysctl interface for lockd grace period do not work
159671 - CAN-2005-1761 local user can use ptrace to crash system
159739 - [Stratus RHEL4U2] csb5 functions are tagged with __init. This causes a crash in a hot-plug environment
159765 - RHEL4 Data corruption in spite of using O_SYNC
159918 - CAN-2005-0756 x86_64 crash (ptrace-check-segment)
159921 - CAN-2005-1763 x86_64 crash (x86_64-ptrace-overflow)
160028 - Kernel BUG at pageattr:107
160518 - audit: file system and user space filtering by auid
160522 - audit: teach OOM killer about auditd
160524 - audit: file system attribute change tracking
160526 - audit:PATH record mode flags are wrong sometimes
160528 - audit: file system watch on block device
160547 - when removing scsi hosts commands are not leaked
160548 - when removing scsi hosts commands are not leaked
160654 - audit: kernel audits auditd
160663 - cable link state ignored on ethernet card (b44).
160812 - fixes exec-shield to not randomize to between end-of-binary and start-of-brk
160882 - i2o RAID monitoring memory leak
161143 - Need export of generic_drop_inode for OCFS2 support
161156 - 'mt tell' fails - backported kernel bug likely
161314 - Bluetooth paring did not work anymore since update to 2.6.9-11.EL
161789 - GET_INDEX macro in aspm pci fixup code can overwrite end of the array
161995 - kernel panic when rm -rf directory structure on tmpfs filesystem
162108 - only the main thread is shown by top(1)
162257 - irq stacks not being used for hardirqs
162548 - interrupt handlers run on thread's kernel stack
162728 - JBD race during shutdown of a journal
163528 - /dev/tty won't open during blocking /dev/ttyS1 open
164094 - Placeholder for 2.6.x SATA update 20050724-1
164228 - Export sys_recvmesg for cluster snapshot
164338 - fix aio hang when reading beyond EOF
164449 - RHEL4 [NETFILTER]: Fix deadlock in ip6_queue.
164450 - [NETFILTER]: Fix potential memory corruption in NAT code (aka memory NAT)
164628 - pci_scan_device can cause master abort
164630 - panic while running fsstress to a filesystem on a mirror
164979 - CAN-2005-2098 Error during attempt to join key management session can leave semaphore pinned
164991 - CAN-2005-2099 Destruction of failed keyring oopses
165127 - acpi_processor_get_performance_states fails on empty table entries (_PSS)
165163 - audit - syscall performance
165242 - mirrors possibly reporting invalid blocks to the filesystem
165384 - cpufreq driver hangs when using SMP Powernow
165547 - CAN-2005-2100 4G/4G split bounds checking
165560 - CAN-2005-2456 IPSEC overflow
165717 - ext on top of mirror attempts to access beyond end of device: dm-5: rw=0, want=16304032720, limit=20971520
166131 - CAN-2005-2555 IPSEC lacks restrictions
166248 - CAN-2005-2490 sendmsg compat stack overflow
166830 - CAN-2005-2492 sendmsg DoS
167126 - bad elf check in module-verify.c
167412 - [RFC] [RHEL4 U2 patch] dual-core detection gap for i386 build
167668 - LTC17960-Kernel panic at key_put+0x4/0x19 [REGRESSION]
167703 - CAN-2005-2872 ipt_recent crash
167711 - LTC18014-powernow-k8 debug messages are enabled


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-22.EL.src.rpm
d7cf602d54f72e89550ab6212f63d64f kernel-2.6.9-22.EL.src.rpm

i386:
a90d57e29a5a57bd0249f61f24ee21ac kernel-2.6.9-22.EL.i686.rpm
6d81ff3a6ee57be6cf3f93066afac875 kernel-devel-2.6.9-22.EL.i686.rpm
6591a9886ecda87f164042f015bc1920 kernel-hugemem-2.6.9-22.EL.i686.rpm
f39546e6d5a80353878b6087b64ef23b kernel-hugemem-devel-2.6.9-22.EL.i686.rpm
73e68b49d3ed6b658e6ee716e45d4b2f kernel-smp-2.6.9-22.EL.i686.rpm
0348f9239ec05111b2ef4cbdb9efebb8 kernel-smp-devel-2.6.9-22.EL.i686.rpm

ia64:
db70258b904e1f87b59226b77729c182 kernel-2.6.9-22.EL.ia64.rpm
74dca9054b5cd29a265b0b2dbc06393d kernel-devel-2.6.9-22.EL.ia64.rpm

noarch:
dacf6c96256e842e031359e2a00914f6 kernel-doc-2.6.9-22.EL.noarch.rpm

ppc:
7ee94732c4cdab19a3684c08eafec929 kernel-2.6.9-22.EL.ppc64.rpm
ef79ea0618694258e1c607ef406e121e kernel-2.6.9-22.EL.ppc64iseries.rpm
3828e3ed47289360e0e310a69b920062 kernel-devel-2.6.9-22.EL.ppc64.rpm
420ceaa39206ab620c8d994b358001a0 kernel-devel-2.6.9-22.EL.ppc64iseries.rpm

s390:
63b72f836b261391e592f86613cccd29 kernel-2.6.9-22.EL.s390.rpm
bf0e19ae76243b7449b2d5d8317c8f01 kernel-devel-2.6.9-22.EL.s390.rpm

s390x:
262170f75c72b397b7bf0cad781f5a0e kernel-2.6.9-22.EL.s390x.rpm
6aceef8a0446aceecc7cebe09232bee3 kernel-devel-2.6.9-22.EL.s390x.rpm

x86_64:
c91230d67ed857a4726d8d810717b571 kernel-2.6.9-22.EL.x86_64.rpm
00908911201abd482b8ff69e6ab91d4d kernel-devel-2.6.9-22.EL.x86_64.rpm
e6a37366e53f94b361199c10b03f5f73 kernel-smp-2.6.9-22.EL.x86_64.rpm
a34cfbb4d3620d537dbdcb6ffca5ba20 kernel-smp-devel-2.6.9-22.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-22.EL.src.rpm
d7cf602d54f72e89550ab6212f63d64f kernel-2.6.9-22.EL.src.rpm

i386:
a90d57e29a5a57bd0249f61f24ee21ac kernel-2.6.9-22.EL.i686.rpm
6d81ff3a6ee57be6cf3f93066afac875 kernel-devel-2.6.9-22.EL.i686.rpm
6591a9886ecda87f164042f015bc1920 kernel-hugemem-2.6.9-22.EL.i686.rpm
f39546e6d5a80353878b6087b64ef23b kernel-hugemem-devel-2.6.9-22.EL.i686.rpm
73e68b49d3ed6b658e6ee716e45d4b2f kernel-smp-2.6.9-22.EL.i686.rpm
0348f9239ec05111b2ef4cbdb9efebb8 kernel-smp-devel-2.6.9-22.EL.i686.rpm

noarch:
dacf6c96256e842e031359e2a00914f6 kernel-doc-2.6.9-22.EL.noarch.rpm

x86_64:
c91230d67ed857a4726d8d810717b571 kernel-2.6.9-22.EL.x86_64.rpm
00908911201abd482b8ff69e6ab91d4d kernel-devel-2.6.9-22.EL.x86_64.rpm
e6a37366e53f94b361199c10b03f5f73 kernel-smp-2.6.9-22.EL.x86_64.rpm
a34cfbb4d3620d537dbdcb6ffca5ba20 kernel-smp-devel-2.6.9-22.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-22.EL.src.rpm
d7cf602d54f72e89550ab6212f63d64f kernel-2.6.9-22.EL.src.rpm

i386:
a90d57e29a5a57bd0249f61f24ee21ac kernel-2.6.9-22.EL.i686.rpm
6d81ff3a6ee57be6cf3f93066afac875 kernel-devel-2.6.9-22.EL.i686.rpm
6591a9886ecda87f164042f015bc1920 kernel-hugemem-2.6.9-22.EL.i686.rpm
f39546e6d5a80353878b6087b64ef23b kernel-hugemem-devel-2.6.9-22.EL.i686.rpm
73e68b49d3ed6b658e6ee716e45d4b2f kernel-smp-2.6.9-22.EL.i686.rpm
0348f9239ec05111b2ef4cbdb9efebb8 kernel-smp-devel-2.6.9-22.EL.i686.rpm

ia64:
db70258b904e1f87b59226b77729c182 kernel-2.6.9-22.EL.ia64.rpm
74dca9054b5cd29a265b0b2dbc06393d kernel-devel-2.6.9-22.EL.ia64.rpm

noarch:
dacf6c96256e842e031359e2a00914f6 kernel-doc-2.6.9-22.EL.noarch.rpm

x86_64:
c91230d67ed857a4726d8d810717b571 kernel-2.6.9-22.EL.x86_64.rpm
00908911201abd482b8ff69e6ab91d4d kernel-devel-2.6.9-22.EL.x86_64.rpm
e6a37366e53f94b361199c10b03f5f73 kernel-smp-2.6.9-22.EL.x86_64.rpm
a34cfbb4d3620d537dbdcb6ffca5ba20 kernel-smp-devel-2.6.9-22.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-22.EL.src.rpm
d7cf602d54f72e89550ab6212f63d64f kernel-2.6.9-22.EL.src.rpm

i386:
a90d57e29a5a57bd0249f61f24ee21ac kernel-2.6.9-22.EL.i686.rpm
6d81ff3a6ee57be6cf3f93066afac875 kernel-devel-2.6.9-22.EL.i686.rpm
6591a9886ecda87f164042f015bc1920 kernel-hugemem-2.6.9-22.EL.i686.rpm
f39546e6d5a80353878b6087b64ef23b kernel-hugemem-devel-2.6.9-22.EL.i686.rpm
73e68b49d3ed6b658e6ee716e45d4b2f kernel-smp-2.6.9-22.EL.i686.rpm
0348f9239ec05111b2ef4cbdb9efebb8 kernel-smp-devel-2.6.9-22.EL.i686.rpm

ia64:
db70258b904e1f87b59226b77729c182 kernel-2.6.9-22.EL.ia64.rpm
74dca9054b5cd29a265b0b2dbc06393d kernel-devel-2.6.9-22.EL.ia64.rpm

noarch:
dacf6c96256e842e031359e2a00914f6 kernel-doc-2.6.9-22.EL.noarch.rpm

x86_64:
c91230d67ed857a4726d8d810717b571 kernel-2.6.9-22.EL.x86_64.rpm
00908911201abd482b8ff69e6ab91d4d kernel-devel-2.6.9-22.EL.x86_64.rpm
e6a37366e53f94b361199c10b03f5f73 kernel-smp-2.6.9-22.EL.x86_64.rpm
a34cfbb4d3620d537dbdcb6ffca5ba20 kernel-smp-devel-2.6.9-22.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDQ9kJXlSAg2UNWIIRAmzEAJ97J17fbqAoHJJSnBZLYsMRx5CCxQCdGD9T
pn/9by9sbAfaCsS+246n8T8=
=jJA7
-----END PGP SIGNATURE-----