Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated packages fix the following security issues:
the absence of a protection mechanism when attempting to access acritical section of code has been found in the Linux kernel open filedescriptors control mechanism, fcntl. This could allow a local unprivilegeduser to simultaneously execute code, which would otherwise be protectedagainst parallel execution. As well, a race condition when handling locksin the Linux kernel fcntl functionality, may have allowed a processbelonging to a local unprivileged user to gain re-ordered access to thedescriptor table. (CVE-2008-1669, Important)on AMD64 architectures, the possibility of a kernel crash was discoveredby testing the Linux kernel process-trace ability. This could allow a localunprivileged user to cause a denial of service (kernel crash).(CVE-2008-1615, Important)the absence of a protection mechanism when attempting to access acritical section of code, as well as a race condition, have been foundin the Linux kernel file system event notifier, dnotify. This could allow alocal unprivileged user to get inconsistent data, or to send arbitrarysignals to arbitrary system processes. (CVE-2008-1375, Important)
Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue:
when accessing kernel memory locations, certain Linux kernel driversregistering a fault handler did not perform required range checks. A localunprivileged user could use this flaw to gain read or write access toarbitrary kernel memory, or possibly cause a kernel crash.(CVE-2008-0007, Important)the possibility of a kernel crash was found in the Linux kernel IPsecprotocol implementation, due to improper handling of fragmented ESPpackets. When an attacker controlling an intermediate router fragmentedthese packets into very small pieces, it would cause a kernel crash on thereceiving node during packet reassembly. (CVE-2007-6282, Important)a flaw in the MOXA serial driver could allow a local unprivileged userto perform privileged operations, such as replacing firmware.(CVE-2005-0504, Important)
As well, these updated packages fix the following bugs:
multiple buffer overflows in the neofb driver have been resolved. It wasnot possible for an unprivileged user to exploit these issues, and as such,they have not been handled as security issues.a kernel panic, due to inconsistent detection of AGP aperture size, hasbeen resolved.a race condition in UNIX domain sockets may have caused "recv()" toreturn zero. In clustered configurations, this may have caused unexpectedfailovers.to prevent link storms, network link carrier events were delayed by up toone second, causing unnecessary packet loss. Now, link carrier events arescheduled immediately.a client-side race on blocking locks caused large time delays on NFS filesystems.in certain situations, the libATA sata_nv driver may have sent commandswith duplicate tags, which were rejected by SATA devices. This may havecaused infinite reboots.running the "service network restart" command may have caused networkingto fail.a bug in NFS caused cached information about directories to be storedfor too long, causing wrong attributes to be read.on systems with a large highmem/lowmem ratio, NFS write performance mayhave been very slow when using small files.a bug, which caused network hangs when the system clock was wrappedaround zero, has been resolved.
Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.