Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system. A possible integer overflow was found in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This could allow an attacker to cause a denial of service. (CVE-2008-3526, Important) A deficiency was found in the Linux kernel Stream Control Transmission Protocol (SCTP) Authentication Extension implementation. All the SCTP-AUTH socket options could cause a kernel panic if the API was used when the extension is disabled. (CVE-2008-3792, Important) Missing boundary checks were reported in the Linux kernel SCTP implementation. This could, potentially, cause information disclosure via a specially crafted SCTP_HMAC_IDENT IOCTL request. (CVE-2008-4113, CVE-2008-4445, Important) Tobias Klein reported a missing check in the Linux kernel's Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate) A deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) A flaw was found in the Linux kernel Network File System daemon (nfsd) when NFSv4 was enabled. Remote attackers could use this to cause a denial of service via a buffer overflow. (CVE-2008-3915, Moderate) A possible integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service on a victim's machine. (CVE-2008-3276, Low) A deficiency was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to make a certain sequence of file operations, possibly causing a denial of service. (CVE-2008-3534, Low) An off-by-one error was found in the iov_iter_advance function. This could allow a local unprivileged user to cause a denial of service as demonstrated by a testcase from the Linux Test Project. (CVE-2008-3535, Low) These updated packages also fix the following bugs: * fixed a warning in the openib code. * increased MAX_STACK_TRACE_ENTRIES on the debug kernel variant. * enqueue deprioritized RT tasks to head of prio array. * use timer_pending() to test ipv6 FIB timers. * added a lower-bound check for the length field in PPPOE headers. * pppoe: unshare skb to avoid possible data loss. * using growisofs could cause oops due to the lack of proper sanity checks. * random seed improvement. * enabled the "Panic on Oops" feature. * fixed a portability issue in parse_pmtmr() due to variable type. * fixed sanity check in cifs/asn1.c. * fixed a bug introduced by a previous fix, related to the inode code. * added better sanity checks to dlm code. * dynamic ftrace enhancements. The daemon is no longer used. * fixed a format string bug in cpufreq. * avoid a potential kernel stack overflow in binfmt_misc.c * fixed the long boot-up time when CONFIG_PROVE_LOCKING is enabled. * use a better random seed for NAT port randomization. * a compat_semaphore was being handled as a regular semaphore due to casting (qla2xxx driver). All users of Red Hat Enterprise MRG should upgrade to these new packages, which address these vulnerabilities and fix these bugs.