Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2006:0493-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0493.html
Issue date: 2006-05-24
Updated on: 2006-05-24
Product: Red Hat Enterprise Linux
Keywords: nahant kernel update
Obsoletes: RHSA-2006:0132
CVE Names: CVE-2005-2973 CVE-2005-3272 CVE-2005-3359
CVE-2006-0555 CVE-2006-0741 CVE-2006-0744
CVE-2006-1522 CVE-2006-1525 CVE-2006-1527
CVE-2006-1528 CVE-2006-1855 CVE-2006-1856
CVE-2006-1862 CVE-2006-1864 CVE-2006-2271
CVE-2006-2272 CVE-2006-2274
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 4 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

* a flaw in the IPv6 implementation that allowed a local user to cause a
denial of service (infinite loop and crash) (CVE-2005-2973, important)

* a flaw in the bridge implementation that allowed a remote user to
cause forwarding of spoofed packets via poisoning of the forwarding
table with already dropped frames (CVE-2005-3272, moderate)

* a flaw in the atm module that allowed a local user to cause a denial
of service (panic) via certain socket calls (CVE-2005-3359, important)

* a flaw in the NFS client implementation that allowed a local user to
cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,
important)

* a difference in "sysretq" operation of EM64T (as opposed to Opteron)
processors that allowed a local user to cause a denial of service
(crash) upon return from certain system calls (CVE-2006-0741 and
CVE-2006-0744, important)

* a flaw in the keyring implementation that allowed a local user to
cause a denial of service (OOPS) (CVE-2006-1522, important)

* a flaw in IP routing implementation that allowed a local user to cause
a denial of service (panic) via a request for a route for a multicast IP
(CVE-2006-1525, important)

* a flaw in the SCTP-netfilter implementation that allowed a remote user
to cause a denial of service (infinite loop) (CVE-2006-1527, important)

* a flaw in the sg driver that allowed a local user to cause a denial of
service (crash) via a dio transfer to memory mapped (mmap) IO space
(CVE-2006-1528, important)

* a flaw in the threading implementation that allowed a local user to
cause a denial of service (panic) (CVE-2006-1855, important)

* two missing LSM hooks that allowed a local user to bypass the LSM by
using readv() or writev() (CVE-2006-1856, moderate)

* a flaw in the virtual memory implementation that allowed local user to
cause a denial of service (panic) by using the lsof command
(CVE-2006-1862, important)

* a directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via "..\"
sequences (CVE-2006-1864, moderate)

* a flaw in the ECNE chunk handling of SCTP that allowed a remote user
to cause a denial of service (panic) (CVE-2006-2271, moderate)

* a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks of
SCTP that allowed a remote user to cause a denial of service (panic)
(CVE-2006-2272, moderate)

* a flaw in the handling of DATA fragments of SCTP that allowed a remote
user to cause a denial of service (infinite recursion and crash)
(CVE-2006-2274, moderate)


All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

168791 - CVE-2006-1528 Possible local crash by dio/mmap sg driver
170772 - CVE-2005-2973 ipv6 infinite loop
171383 - CVE-2005-3272 bridge poisoning
175769 - CVE-2005-3359 incorrect inrement/decrement in atm module leads to panic
181795 - CVE-2006-0555 NFS client panic using O_DIRECT
183489 - CVE-2006-0741 bad elf entry address (CVE-2006-0744)
187841 - CVE-2006-1855 Old thread debugging causes false BUG() in choose_new_parent
188466 - CVE-2006-1522 DoS/bug in keyring code (security/keys/)
189260 - CVE-2006-1862 The lsof command triggers a kernel oops under heavy load
189346 - CVE-2006-1525 ip_route_input() panic
189435 - CVE-2006-1864 smbfs chroot issue
190460 - CVE-2006-1527 netfilter/sctp: lockup in sctp_new()
191201 - CVE-2006-2271 SCTP ECNE chunk handling DoS
191202 - CVE-2006-2272 SCTP incoming COOKIE_ECHO and HEARTBEAT packets DoS
191258 - CVE-2006-2274 SCTP DATA fragments DoS
191524 - CVE-2006-1856 LSM missing readv/writev

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-34.0.1.EL.src.rpm
d43492e556689a0607d7bafd927024b7 kernel-2.6.9-34.0.1.EL.src.rpm

i386:
34813080d97fdd6f647fd7d4f809c7fc kernel-2.6.9-34.0.1.EL.i686.rpm
c7518db018da32cf470378154154687d kernel-debuginfo-2.6.9-34.0.1.EL.i686.rpm
e78b9ccc0c954cff7cb40e6f02b24674 kernel-devel-2.6.9-34.0.1.EL.i686.rpm
3c00e3363ab92e43224a3017fb7bb4a3 kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
861c261dc99531fecc8b90a579e3d406 kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
ac1a65bd4766603619c7871c8454312d kernel-smp-2.6.9-34.0.1.EL.i686.rpm
20bb2e56287af558784e341a22ecc899 kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

ia64:
bb16d7851570a9973acc285b1c10d4c5 kernel-2.6.9-34.0.1.EL.ia64.rpm
b09b0d137ec1fe6f4362c3a278b4181e kernel-debuginfo-2.6.9-34.0.1.EL.ia64.rpm
20207fbb33c783bad9de5c2d8d8b9a07 kernel-devel-2.6.9-34.0.1.EL.ia64.rpm
3a4a43172ab8119ffcec9a28abce6a69 kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm
58810e499bf182b64a4a11b2391e04b3 kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm

noarch:
4969d66062c65e2f969a5b23f3d038fb kernel-doc-2.6.9-34.0.1.EL.noarch.rpm

ppc:
50f16a3bc3db576300e8ed39b7e58696 kernel-2.6.9-34.0.1.EL.ppc64.rpm
40f0c5f7d16d02e70f7058572c59829d kernel-2.6.9-34.0.1.EL.ppc64iseries.rpm
9c189ac2cd58ae5db8c6bc98858cf411 kernel-debuginfo-2.6.9-34.0.1.EL.ppc64.rpm
ed5ae1b541ca2147b6acfda916fb0524 kernel-debuginfo-2.6.9-34.0.1.EL.ppc64iseries.rpm
80b022ce31c0fd4fe94742f36e528d75 kernel-devel-2.6.9-34.0.1.EL.ppc64.rpm
65479dc320135ebefacb42c27ded8277 kernel-devel-2.6.9-34.0.1.EL.ppc64iseries.rpm
1e22096056638a03e4c473a0d0158268 kernel-largesmp-2.6.9-34.0.1.EL.ppc64.rpm
224188bba442a6b6109689afb7bba903 kernel-largesmp-devel-2.6.9-34.0.1.EL.ppc64.rpm

s390:
8ddc9750a621e3ea4142d1adfd06a5c5 kernel-2.6.9-34.0.1.EL.s390.rpm
390b94a99981c86375e2b5d7bc2d6084 kernel-debuginfo-2.6.9-34.0.1.EL.s390.rpm
ba2a9b707ce91af1e7ae817b726ed6c5 kernel-devel-2.6.9-34.0.1.EL.s390.rpm

s390x:
4bf39050d27a794cc1df5b3eb916484a kernel-2.6.9-34.0.1.EL.s390x.rpm
ee55f330c834a2fd38f31759caec18e0 kernel-debuginfo-2.6.9-34.0.1.EL.s390x.rpm
e959fb20625849eccbd399958265fe84 kernel-devel-2.6.9-34.0.1.EL.s390x.rpm

x86_64:
055f1e2e0ec115d813792811018da5e6 kernel-2.6.9-34.0.1.EL.x86_64.rpm
2fe393eb2dea769a7c673658b85d3166 kernel-debuginfo-2.6.9-34.0.1.EL.x86_64.rpm
ab2acc3e78f549776c01be84b8aae710 kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm
4c09ae42fe85e7fa0699cde07b163802 kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm
3bb0bc6a400c3bd7faebe3070402f356 kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm
f11147d14d9f88a9760aa67af12d7d6c kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm
c411c259c433dd3fe50222a5a3ebc472 kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-34.0.1.EL.src.rpm
d43492e556689a0607d7bafd927024b7 kernel-2.6.9-34.0.1.EL.src.rpm

i386:
34813080d97fdd6f647fd7d4f809c7fc kernel-2.6.9-34.0.1.EL.i686.rpm
c7518db018da32cf470378154154687d kernel-debuginfo-2.6.9-34.0.1.EL.i686.rpm
e78b9ccc0c954cff7cb40e6f02b24674 kernel-devel-2.6.9-34.0.1.EL.i686.rpm
3c00e3363ab92e43224a3017fb7bb4a3 kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
861c261dc99531fecc8b90a579e3d406 kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
ac1a65bd4766603619c7871c8454312d kernel-smp-2.6.9-34.0.1.EL.i686.rpm
20bb2e56287af558784e341a22ecc899 kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

noarch:
4969d66062c65e2f969a5b23f3d038fb kernel-doc-2.6.9-34.0.1.EL.noarch.rpm

x86_64:
055f1e2e0ec115d813792811018da5e6 kernel-2.6.9-34.0.1.EL.x86_64.rpm
2fe393eb2dea769a7c673658b85d3166 kernel-debuginfo-2.6.9-34.0.1.EL.x86_64.rpm
ab2acc3e78f549776c01be84b8aae710 kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm
4c09ae42fe85e7fa0699cde07b163802 kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm
3bb0bc6a400c3bd7faebe3070402f356 kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm
f11147d14d9f88a9760aa67af12d7d6c kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm
c411c259c433dd3fe50222a5a3ebc472 kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-34.0.1.EL.src.rpm
d43492e556689a0607d7bafd927024b7 kernel-2.6.9-34.0.1.EL.src.rpm

i386:
34813080d97fdd6f647fd7d4f809c7fc kernel-2.6.9-34.0.1.EL.i686.rpm
c7518db018da32cf470378154154687d kernel-debuginfo-2.6.9-34.0.1.EL.i686.rpm
e78b9ccc0c954cff7cb40e6f02b24674 kernel-devel-2.6.9-34.0.1.EL.i686.rpm
3c00e3363ab92e43224a3017fb7bb4a3 kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
861c261dc99531fecc8b90a579e3d406 kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
ac1a65bd4766603619c7871c8454312d kernel-smp-2.6.9-34.0.1.EL.i686.rpm
20bb2e56287af558784e341a22ecc899 kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

ia64:
bb16d7851570a9973acc285b1c10d4c5 kernel-2.6.9-34.0.1.EL.ia64.rpm
b09b0d137ec1fe6f4362c3a278b4181e kernel-debuginfo-2.6.9-34.0.1.EL.ia64.rpm
20207fbb33c783bad9de5c2d8d8b9a07 kernel-devel-2.6.9-34.0.1.EL.ia64.rpm
3a4a43172ab8119ffcec9a28abce6a69 kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm
58810e499bf182b64a4a11b2391e04b3 kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm

noarch:
4969d66062c65e2f969a5b23f3d038fb kernel-doc-2.6.9-34.0.1.EL.noarch.rpm

x86_64:
055f1e2e0ec115d813792811018da5e6 kernel-2.6.9-34.0.1.EL.x86_64.rpm
2fe393eb2dea769a7c673658b85d3166 kernel-debuginfo-2.6.9-34.0.1.EL.x86_64.rpm
ab2acc3e78f549776c01be84b8aae710 kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm
4c09ae42fe85e7fa0699cde07b163802 kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm
3bb0bc6a400c3bd7faebe3070402f356 kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm
f11147d14d9f88a9760aa67af12d7d6c kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm
c411c259c433dd3fe50222a5a3ebc472 kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-34.0.1.EL.src.rpm
d43492e556689a0607d7bafd927024b7 kernel-2.6.9-34.0.1.EL.src.rpm

i386:
34813080d97fdd6f647fd7d4f809c7fc kernel-2.6.9-34.0.1.EL.i686.rpm
c7518db018da32cf470378154154687d kernel-debuginfo-2.6.9-34.0.1.EL.i686.rpm
e78b9ccc0c954cff7cb40e6f02b24674 kernel-devel-2.6.9-34.0.1.EL.i686.rpm
3c00e3363ab92e43224a3017fb7bb4a3 kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
861c261dc99531fecc8b90a579e3d406 kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
ac1a65bd4766603619c7871c8454312d kernel-smp-2.6.9-34.0.1.EL.i686.rpm
20bb2e56287af558784e341a22ecc899 kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

ia64:
bb16d7851570a9973acc285b1c10d4c5 kernel-2.6.9-34.0.1.EL.ia64.rpm
b09b0d137ec1fe6f4362c3a278b4181e kernel-debuginfo-2.6.9-34.0.1.EL.ia64.rpm
20207fbb33c783bad9de5c2d8d8b9a07 kernel-devel-2.6.9-34.0.1.EL.ia64.rpm
3a4a43172ab8119ffcec9a28abce6a69 kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm
58810e499bf182b64a4a11b2391e04b3 kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm

noarch:
4969d66062c65e2f969a5b23f3d038fb kernel-doc-2.6.9-34.0.1.EL.noarch.rpm

x86_64:
055f1e2e0ec115d813792811018da5e6 kernel-2.6.9-34.0.1.EL.x86_64.rpm
2fe393eb2dea769a7c673658b85d3166 kernel-debuginfo-2.6.9-34.0.1.EL.x86_64.rpm
ab2acc3e78f549776c01be84b8aae710 kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm
4c09ae42fe85e7fa0699cde07b163802 kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm
3bb0bc6a400c3bd7faebe3070402f356 kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm
f11147d14d9f88a9760aa67af12d7d6c kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm
c411c259c433dd3fe50222a5a3ebc472 kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2274
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEdCkuXlSAg2UNWIIRAufLAJ9uV6ai2taucmz+W6Wwz7BaZLwCuwCfTPlS
37PFHtqEZjGY6umwcQaI6II=
=IXzr
-----END PGP SIGNATURE-----