Red Hat 9042 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2007:0705-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0705.html
Issue date: 2007-09-13
Updated on: 2007-09-13
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1217 CVE-2007-2875 CVE-2007-2876
CVE-2007-2878 CVE-2007-3739 CVE-2007-3740
CVE-2007-3843 CVE-2007-3851
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix various security issues in the Red Hat
Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the DRM driver for Intel graphics cards that allowed a local
user to access any part of the main memory. To access the DRM functionality
a user must have access to the X server which is granted through the
graphical login. This also only affected systems with an Intel 965 or later
graphic chipset. (CVE-2007-3851, Important)

* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a
local user to corrupt a kernel_dirent struct and cause a denial of service
(system crash). (CVE-2007-2878, Important)

* a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)

* flaw in the CIFS filesystem which could cause the umask values of a
process to not be honored. This affected CIFS filesystems where the Unix
extensions are supported. (CVE-2007-3740, Important)

* a flaw in the stack expansion when using the hugetlb kernel on PowerPC
systems that allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim's machine. (CVE-2007-1217, Moderate)

* a flaw in the cpuset support that allowed a local user to obtain
sensitive information from kernel memory. To exploit this the cpuset
filesystem would have to already be mounted. (CVE-2007-2875, Moderate)

* a flaw in the CIFS handling of the mount option "sec=" that didn't enable
integrity checking and didn't produce any error message. (CVE-2007-3843,
Low)

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

232260 - CVE-2007-1217 Overflow in CAPI subsystem
245773 - CVE-2007-2875 cpuset information leak
245774 - CVE-2007-2876 {ip, nf}_conntrack_sctp: remotely triggerable NULL ptr dereference
247726 - CVE-2007-2878 VFAT compat ioctls DoS on 64-bit
251185 - CVE-2007-3851 i965 DRM allows insecure packets
253313 - CVE-2007-3739 LTC36188-Don't allow the stack to grow into hugetlb reserved regions
253314 - CVE-2007-3740 CIFS should honor umask
253315 - CVE-2007-3843 CIFS signing sec= mount options don't work correctly

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-8.1.10.el5.src.rpm
5f74582de33ce8b315880f6cb07311e6 kernel-2.6.18-8.1.10.el5.src.rpm

i386:
16b97bdb995aa6681170799312591c72 kernel-2.6.18-8.1.10.el5.i686.rpm
a61584927192304a1d40b53745074085 kernel-PAE-2.6.18-8.1.10.el5.i686.rpm
20771fb1a0e1e5c584d086c5c42637e5 kernel-PAE-debuginfo-2.6.18-8.1.10.el5.i686.rpm
b6d6df13e6c363a81ec28ac3afe46908 kernel-PAE-devel-2.6.18-8.1.10.el5.i686.rpm
93ddfd4be7b900201da90b04c039f942 kernel-debuginfo-2.6.18-8.1.10.el5.i686.rpm
cb7b5c584685cf2f6739b59c562409bb kernel-debuginfo-common-2.6.18-8.1.10.el5.i686.rpm
ed130904f07738efc3dabecd6fe68fe6 kernel-devel-2.6.18-8.1.10.el5.i686.rpm
f81654a091ecedecbc2071ca620ec223 kernel-headers-2.6.18-8.1.10.el5.i386.rpm
fb0eafb1c20fffc8612fb583bbd788e4 kernel-xen-2.6.18-8.1.10.el5.i686.rpm
37beac47aa3673a10229a8a7aea2fa44 kernel-xen-debuginfo-2.6.18-8.1.10.el5.i686.rpm
bf53cbe6d13d2a7d107d1bd537ec3e94 kernel-xen-devel-2.6.18-8.1.10.el5.i686.rpm

noarch:
af1b26b4f9e73c3af08b46688d5d2863 kernel-doc-2.6.18-8.1.10.el5.noarch.rpm

x86_64:
102de3dd8363c9985a0745ddb414e447 kernel-2.6.18-8.1.10.el5.x86_64.rpm
2e4e67a5d36747d07db34f354b11002f kernel-debuginfo-2.6.18-8.1.10.el5.x86_64.rpm
eb7a501bc96e10df85ee603ce2bda07f kernel-debuginfo-common-2.6.18-8.1.10.el5.x86_64.rpm
0cf51a82f64803278f0dbf31c6af16aa kernel-devel-2.6.18-8.1.10.el5.x86_64.rpm
b3646ed8c818f718261a95ca51a4752d kernel-headers-2.6.18-8.1.10.el5.x86_64.rpm
3a8b8b9b9d7b800b3a3e3961bc8f341d kernel-xen-2.6.18-8.1.10.el5.x86_64.rpm
a3eabf5e8caf465e738b6c2cb967911f kernel-xen-debuginfo-2.6.18-8.1.10.el5.x86_64.rpm
d834b7026996ac910111dc846ccc0275 kernel-xen-devel-2.6.18-8.1.10.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-8.1.10.el5.src.rpm
5f74582de33ce8b315880f6cb07311e6 kernel-2.6.18-8.1.10.el5.src.rpm

i386:
16b97bdb995aa6681170799312591c72 kernel-2.6.18-8.1.10.el5.i686.rpm
a61584927192304a1d40b53745074085 kernel-PAE-2.6.18-8.1.10.el5.i686.rpm
20771fb1a0e1e5c584d086c5c42637e5 kernel-PAE-debuginfo-2.6.18-8.1.10.el5.i686.rpm
b6d6df13e6c363a81ec28ac3afe46908 kernel-PAE-devel-2.6.18-8.1.10.el5.i686.rpm
93ddfd4be7b900201da90b04c039f942 kernel-debuginfo-2.6.18-8.1.10.el5.i686.rpm
cb7b5c584685cf2f6739b59c562409bb kernel-debuginfo-common-2.6.18-8.1.10.el5.i686.rpm
ed130904f07738efc3dabecd6fe68fe6 kernel-devel-2.6.18-8.1.10.el5.i686.rpm
f81654a091ecedecbc2071ca620ec223 kernel-headers-2.6.18-8.1.10.el5.i386.rpm
fb0eafb1c20fffc8612fb583bbd788e4 kernel-xen-2.6.18-8.1.10.el5.i686.rpm
37beac47aa3673a10229a8a7aea2fa44 kernel-xen-debuginfo-2.6.18-8.1.10.el5.i686.rpm
bf53cbe6d13d2a7d107d1bd537ec3e94 kernel-xen-devel-2.6.18-8.1.10.el5.i686.rpm

ia64:
a7b2e1fb984905246b17218edf151b06 kernel-2.6.18-8.1.10.el5.ia64.rpm
a150f3aa7101f4a9247e48af2c7c4b2e kernel-debuginfo-2.6.18-8.1.10.el5.ia64.rpm
4a1b34d29a54e59b715ecaaaf06ce152 kernel-debuginfo-common-2.6.18-8.1.10.el5.ia64.rpm
421177b849689f729cd4febc5c337fdd kernel-devel-2.6.18-8.1.10.el5.ia64.rpm
e80ab55ee7f8963fcf5b427a41c24a31 kernel-headers-2.6.18-8.1.10.el5.ia64.rpm
133e0959fee0f94737a7c89190fdae7b kernel-xen-2.6.18-8.1.10.el5.ia64.rpm
f70dafe0de955490c0a39738ab5c6f9e kernel-xen-debuginfo-2.6.18-8.1.10.el5.ia64.rpm
718b04420fcb182ed0b6ba70ee574299 kernel-xen-devel-2.6.18-8.1.10.el5.ia64.rpm

noarch:
af1b26b4f9e73c3af08b46688d5d2863 kernel-doc-2.6.18-8.1.10.el5.noarch.rpm

ppc:
80e526bbb9a1fed949e4fad8d23d6623 kernel-2.6.18-8.1.10.el5.ppc64.rpm
8f665a29406bd7185ef0fd36cf876d6c kernel-debuginfo-2.6.18-8.1.10.el5.ppc64.rpm
0e36e11ea04ca378a1a5fbf0a1a2288f kernel-debuginfo-common-2.6.18-8.1.10.el5.ppc64.rpm
d3754631864a81fc320ffaa47cb435c2 kernel-devel-2.6.18-8.1.10.el5.ppc64.rpm
a4cb338ecc9b6752e7f36f68a560e1da kernel-headers-2.6.18-8.1.10.el5.ppc.rpm
657ac2e99eb8f7028c3e2809482c7ac0 kernel-headers-2.6.18-8.1.10.el5.ppc64.rpm
c8305e90ec618c573e2fdcc408546314 kernel-kdump-2.6.18-8.1.10.el5.ppc64.rpm
3a20d0de83670726b19275ddcde30cb2 kernel-kdump-debuginfo-2.6.18-8.1.10.el5.ppc64.rpm
fe57409ab0a5f6b47ee3c11ab661577f kernel-kdump-devel-2.6.18-8.1.10.el5.ppc64.rpm

s390x:
e0e0cb8fec88915e1d10ccf83fd79d43 kernel-2.6.18-8.1.10.el5.s390x.rpm
dfd6ec4242f416f93cd0dfdba9a9b80f kernel-debuginfo-2.6.18-8.1.10.el5.s390x.rpm
97f5efd2d3b6530f3f25c42aa4ebd9b3 kernel-debuginfo-common-2.6.18-8.1.10.el5.s390x.rpm
e528893bce68ccde786fd8db0ef753e3 kernel-devel-2.6.18-8.1.10.el5.s390x.rpm
ba46c5d17edd49d7cbb2c9543d2755db kernel-headers-2.6.18-8.1.10.el5.s390x.rpm

x86_64:
102de3dd8363c9985a0745ddb414e447 kernel-2.6.18-8.1.10.el5.x86_64.rpm
2e4e67a5d36747d07db34f354b11002f kernel-debuginfo-2.6.18-8.1.10.el5.x86_64.rpm
eb7a501bc96e10df85ee603ce2bda07f kernel-debuginfo-common-2.6.18-8.1.10.el5.x86_64.rpm
0cf51a82f64803278f0dbf31c6af16aa kernel-devel-2.6.18-8.1.10.el5.x86_64.rpm
b3646ed8c818f718261a95ca51a4752d kernel-headers-2.6.18-8.1.10.el5.x86_64.rpm
3a8b8b9b9d7b800b3a3e3961bc8f341d kernel-xen-2.6.18-8.1.10.el5.x86_64.rpm
a3eabf5e8caf465e738b6c2cb967911f kernel-xen-debuginfo-2.6.18-8.1.10.el5.x86_64.rpm
d834b7026996ac910111dc846ccc0275 kernel-xen-devel-2.6.18-8.1.10.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3851
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFG6P94XlSAg2UNWIIRAojwAJ9pu+Agb31rAE8zbt530VX8pEmu2ACcDMV3
Rriz0d/L40IvlAt/n3gLVCc=
=6NiI
-----END PGP SIGNATURE-----