10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%
CentOS Errata and Security Advisory CESA-2009:0331
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update addresses the following security issues:
a buffer overflow was found in the Linux kernel Partial Reliable Stream
Control Transmission Protocol (PR-SCTP) implementation. This could,
potentially, lead to a denial of service if a Forward-TSN chunk is received
with a large stream ID. (CVE-2009-0065, Important)
a memory leak was found in keyctl handling. A local, unprivileged user
could use this flaw to deplete kernel memory, eventually leading to a
denial of service. (CVE-2009-0031, Important)
a deficiency was found in the Remote BIOS Update (RBU) driver for Dell
systems. This could allow a local, unprivileged user to cause a denial of
service by reading zero bytes from the image_type or packet_size file in
“/sys/devices/platform/dell_rbu/”. (CVE-2009-0322, Important)
a deficiency was found in the libATA implementation. This could,
potentially, lead to a denial of service. Note: by default, “/dev/sg*”
devices are accessible only to the root user. (CVE-2008-5700, Low)
This update also fixes the following bugs:
when the hypervisor changed a page table entry (pte) mapping from
read-only to writable via a make_writable hypercall, accessing the changed
page immediately following the change caused a spurious page fault. When
trying to install a para-virtualized Red Hat Enterprise Linux 4 guest on a
Red Hat Enterprise Linux 5.3 dom0 host, this fault crashed the installer
with a kernel backtrace. With this update, the “spurious” page fault is
handled properly. (BZ#483748)
net_rx_action could detect its cpu poll_list as non-empty, but have that
same list reduced to empty by the poll_napi path. This resulted in garbage
data being returned when net_rx_action calls list_entry, which subsequently
resulted in several possible crash conditions. The race condition in the
network code which caused this has been fixed. (BZ#475970, BZ#479681 &
BZ#480741)
a misplaced memory barrier at unlock_buffer() could lead to a concurrent
h_refcounter update which produced a reference counter leak and, later, a
double free in ext3_xattr_release_block(). Consequent to the double free,
ext3 reported an error
ext3_free_blocks_sb: bit already cleared for block [block number]
and mounted itself as read-only. With this update, the memory barrier is
now placed before the buffer head lock bit, forcing the write order and
preventing the double free. (BZ#476533)
when the iptables module was unloaded, it was assumed the correct entry
for removal had been found if “wrapper->ops->pf” matched the value passed
in by “reg->pf”. If several ops ranges were registered against the same
protocol family, however, (which was likely if you had both ip_conntrack
and ip_contrack_* loaded) this assumption could lead to NULL list pointers
and cause a kernel panic. With this update, “wrapper->ops” is matched to
pointer values “reg”, which ensures the correct entry is removed and
results in no NULL list pointers. (BZ#477147)
when the pidmap page (used for tracking process ids, pids) incremented to
an even page (ie the second, fourth, sixth, etc. pidmap page), the
alloc_pidmap() routine skipped the page. This resulted in “holes” in the
allocated pids. For example, after pid 32767, you would expect 32768 to be
allocated. If the page skipping behavior presented, however, the pid
allocated after 32767 was 65536. With this update, alloc_pidmap() no longer
skips alternate pidmap pages and allocated pid holes no longer occur. This
fix also corrects an error which allowed pid_max to be set higher than the
pid_max limit has been corrected. (BZ#479182)
All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. The
system must be rebooted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-April/077966.html
https://lists.centos.org/pipermail/centos-announce/2009-April/077967.html
Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel
kernel-xenU
kernel-xenU-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0331
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i586 | kernel | < 2.6.9-78.0.17.EL | kernel-2.6.9-78.0.17.EL.i586.rpm |
CentOS | 4 | i686 | kernel | < 2.6.9-78.0.17.EL | kernel-2.6.9-78.0.17.EL.i686.rpm |
CentOS | 4 | i586 | kernel-devel | < 2.6.9-78.0.17.EL | kernel-devel-2.6.9-78.0.17.EL.i586.rpm |
CentOS | 4 | i686 | kernel-devel | < 2.6.9-78.0.17.EL | kernel-devel-2.6.9-78.0.17.EL.i686.rpm |
CentOS | 4 | noarch | kernel-doc | < 2.6.9-78.0.17.EL | kernel-doc-2.6.9-78.0.17.EL.noarch.rpm |
CentOS | 4 | i686 | kernel-hugemem | < 2.6.9-78.0.17.EL | kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm |
CentOS | 4 | i686 | kernel-hugemem-devel | < 2.6.9-78.0.17.EL | kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm |
CentOS | 4 | i586 | kernel-smp | < 2.6.9-78.0.17.EL | kernel-smp-2.6.9-78.0.17.EL.i586.rpm |
CentOS | 4 | i686 | kernel-smp | < 2.6.9-78.0.17.EL | kernel-smp-2.6.9-78.0.17.EL.i686.rpm |
CentOS | 4 | i586 | kernel-smp-devel | < 2.6.9-78.0.17.EL | kernel-smp-devel-2.6.9-78.0.17.EL.i586.rpm |