Red Hat 9042 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0154-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0154.html
Issue date: 2008-03-05
CVE Names: CVE-2006-6921 CVE-2007-5938 CVE-2007-6063
CVE-2007-6207 CVE-2007-6694
=====================================================================

1. Summary:

Updated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw in the hypervisor for hosts running on Itanium architectures
allowed an Intel VTi domain to read arbitrary physical memory from other
Intel VTi domains, which could make information available to unauthorized
users. (CVE-2007-6207, Important)

* two buffer overflow flaws were found in ISDN subsystem. A local
unprivileged user could use these flaws to cause a denial of service.
(CVE-2007-5938: Important, CVE-2007-6063: Moderate)

* a possible NULL pointer dereference was found in the subsystem used for
showing CPU information, as used by CHRP systems on PowerPC architectures.
This may have allowed a local unprivileged user to cause a denial of
service (crash). (CVE-2007-6694, Moderate)

* a flaw was found in the handling of zombie processes. A local user could
create processes that would not be properly reaped, possibly causing a
denial of service. (CVE-2006-6921, Moderate)

As well, these updated packages fix the following bugs:

* a bug was found in the Linux kernel audit subsystem. When the audit
daemon was setup to log the execve system call with a large number of
arguments, the kernel could run out of memory, causing a kernel panic.

* on IBM System z architectures, using the IBM Hardware Management Console
to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare,
possibly causing data corruption.

* when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium
architectures, a bug in the address translation in the hypervisor caused
the wrong address to be registered, causing Dom0 to hang.

* on Itanium architectures, frequent Corrected Platform Error errors may
have caused the hypervisor to hang.

* when enabling a CPU without hot plug support, routines for checking the
presence of the CPU were missing. The CPU tried to access its own
resources, causing a kernel panic.

* after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused
the HP Array Configuration Utility CLI to become unstable, possibly causing
a system hang, or a kernel panic.

* a bug in NFS directory caching could have caused different hosts to have
different views of NFS directories.

* on Itanium architectures, the Corrected Machine Check Interrupt masked
hot-added CPUs as disabled.

* when running Oracle database software on the Intel 64 and AMD64
architectures, if an SGA larger than 4GB was created, and had hugepages
allocated to it, the hugepages were not freed after database shutdown.

* in a clustered environment, when two or more NFS clients had the same
logical volume mounted, and one of them modified a file on the volume, NULL
characters may have been inserted, possibly causing data corruption.

These updated packages resolve several severe issues in the lpfc driver:

* a system hang after LUN discovery.

* a general fault protection, a NULL pointer dereference, or slab
corruption could occur while running a debug on the kernel.

* the inability to handle kernel paging requests in "lpfc_get_scsi_buf".

* erroneous structure references caused certain FC discovery routines to
reference and change "lpfc_nodelist" structures, even after they were
freed.

* the lpfc driver failed to interpret certain fields correctly, causing
tape backup software to fail. Tape drives reported "Illegal Request".

* the lpfc driver did not clear structures correctly, resulting in SCSI
I/Os being rejected by targets, and causing errors.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

302921 - CVE-2006-6921 kernel: denial of service with wedged processes
310651 - audit: Logging execve arguments, out of memory in audit_expand (kernel panic)
385861 - CVE-2007-5938 NULL dereference in iwl driver
392101 - CVE-2007-6063 Linux Kernel isdn_net_setcfg buffer overflow
396751 - CVE-2007-6694 /proc/cpuinfo DoS on some ppc machines
402911 - LTC39906-[BBDQ] FICON DS8000: File ID Miscompare after CHPID off via HMC
406881 - CVE-2007-6207 [5.2][XEN] Security: some HVM domain can access another domain memory.
424191 - [Xen][5.1.z] Running IA32EL or java-vm causes dom0 hung
424271 - Severe issues in 5.1 lpfc driver: Request update to 8.1.10.12
428290 - [Xen ia64] hypervisor sometimes hangs on Corrected Platform Errors
429108 - [5.1] Panic if user enable a cpu which is not prepared for hotplug.
429515 - scsi: cciss - incompatability between hpacucli and RHEL 5.1 Kernel
429539 - NFS: Fix directory caching problem - with test case and patch.
430632 - CMCI is left disabled on hot-added processors
431522 - RHEL 5.1 regression in hugepages due to pagetable sharing patch
432078 - Null bytes in files access by 2 or more NFS clients

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-53.1.14.el5.src.rpm

i386:
kernel-2.6.18-53.1.14.el5.i686.rpm
kernel-PAE-2.6.18-53.1.14.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-PAE-devel-2.6.18-53.1.14.el5.i686.rpm
kernel-debug-2.6.18-53.1.14.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.i686.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.i686.rpm
kernel-devel-2.6.18-53.1.14.el5.i686.rpm
kernel-headers-2.6.18-53.1.14.el5.i386.rpm
kernel-xen-2.6.18-53.1.14.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-xen-devel-2.6.18-53.1.14.el5.i686.rpm

noarch:
kernel-doc-2.6.18-53.1.14.el5.noarch.rpm

x86_64:
kernel-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debug-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.x86_64.rpm
kernel-devel-2.6.18-53.1.14.el5.x86_64.rpm
kernel-headers-2.6.18-53.1.14.el5.x86_64.rpm
kernel-xen-2.6.18-53.1.14.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm
kernel-xen-devel-2.6.18-53.1.14.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-53.1.14.el5.src.rpm

i386:
kernel-2.6.18-53.1.14.el5.i686.rpm
kernel-PAE-2.6.18-53.1.14.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-PAE-devel-2.6.18-53.1.14.el5.i686.rpm
kernel-debug-2.6.18-53.1.14.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.i686.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.i686.rpm
kernel-devel-2.6.18-53.1.14.el5.i686.rpm
kernel-headers-2.6.18-53.1.14.el5.i386.rpm
kernel-xen-2.6.18-53.1.14.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-53.1.14.el5.i686.rpm
kernel-xen-devel-2.6.18-53.1.14.el5.i686.rpm

ia64:
kernel-2.6.18-53.1.14.el5.ia64.rpm
kernel-debug-2.6.18-53.1.14.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.ia64.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.ia64.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.ia64.rpm
kernel-devel-2.6.18-53.1.14.el5.ia64.rpm
kernel-headers-2.6.18-53.1.14.el5.ia64.rpm
kernel-xen-2.6.18-53.1.14.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-53.1.14.el5.ia64.rpm
kernel-xen-devel-2.6.18-53.1.14.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-53.1.14.el5.noarch.rpm

ppc:
kernel-2.6.18-53.1.14.el5.ppc64.rpm
kernel-debug-2.6.18-53.1.14.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.ppc64.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.ppc64.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.ppc64.rpm
kernel-devel-2.6.18-53.1.14.el5.ppc64.rpm
kernel-headers-2.6.18-53.1.14.el5.ppc.rpm
kernel-headers-2.6.18-53.1.14.el5.ppc64.rpm
kernel-kdump-2.6.18-53.1.14.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-53.1.14.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-53.1.14.el5.ppc64.rpm

s390x:
kernel-2.6.18-53.1.14.el5.s390x.rpm
kernel-debug-2.6.18-53.1.14.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.s390x.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.s390x.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.s390x.rpm
kernel-devel-2.6.18-53.1.14.el5.s390x.rpm
kernel-headers-2.6.18-53.1.14.el5.s390x.rpm

x86_64:
kernel-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debug-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debug-devel-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-53.1.14.el5.x86_64.rpm
kernel-devel-2.6.18-53.1.14.el5.x86_64.rpm
kernel-headers-2.6.18-53.1.14.el5.x86_64.rpm
kernel-xen-2.6.18-53.1.14.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm
kernel-xen-devel-2.6.18-53.1.14.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6694
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHzqdFXlSAg2UNWIIRAqfQAKC81K/fwTcLE6oV79i5OX8G71MhhgCgtOan
//RTCG3v8oOczn9EgQ2+5RI=
1js
-----END PGP SIGNATURE-----