RedHatRHSA-2009:1635(RHSA-2009:1635) Important: kernel-rt security, bug fix, and enhancement update
0.003 Low
EPSS
Percentile
69.6%
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
-
a NULL pointer dereference flaw was found in the NFSv4 implementation in
the Linux kernel. Several of the NFSv4 file locking functions failed to
check whether a file had been opened on the server before performing
locking operations on it. A local user on a system with an NFSv4 share
mounted could possibly use this flaw to cause a denial of service or
escalate their privileges. (CVE-2009-3726, Important) -
permission issues were found in the megaraid_sas driver (for SAS based
RAID controllers) in the Linux kernel. The โdbg_lvlโ and โpoll_mode_ioโ
files on the sysfs file system (โ/sys/โ) had world-writable permissions.
This could allow local, unprivileged users to change the behavior of the
driver. (CVE-2009-3889, CVE-2009-3939, Moderate)
These updated packages also fix the following bugs:
-
a problem existed with the i5000_edac driver under some topologies. In
some cases, this driver failed to export memory devices via sysfs,
preventing the ibm-prtm service from starting. With this update, the memory
devices are accessible, allowing the ibm-prtm service to start, and
therefore perform SMI remediation as expected. (BZ#527421) -
the โ/proc/sys/vm/mmap_min_addrโ tunable helps prevent unprivileged
users from creating new memory mappings below the minimum address. The
sysctl value for mmap_min_addr could be changed by a process or user that
has an effective user ID (euid) of 0, even if the process or user does not
have the CAP_SYS_RAWIO capability. This update adds a capability check for
the CAP_SYS_RAWIO capability before allowing the mmap_min_addr value to be
changed. (BZ#534019)
As well, these updated packages add the following enhancements:
-
the Intel ixgbe driver was updated to upstream version 2.0.16-k2.
(BZ#537505) -
the InfiniBand OFED driver was updated to upstream version 1.4.1.
(BZ#537500)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | i686 | kernel-rt-vanilla-devel | <ย 2.6.24.7-139.el5rt | kernel-rt-vanilla-devel-2.6.24.7-139.el5rt.i686.rpm |
| RedHat | 5 | noarch | kernel-rt-doc | <ย 2.6.24.7-139.el5rt | kernel-rt-doc-2.6.24.7-139.el5rt.noarch.rpm |
| RedHat | 5 | x86_64 | kernel-rt-debug | <ย 2.6.24.7-139.el5rt | kernel-rt-debug-2.6.24.7-139.el5rt.x86_64.rpm |
| RedHat | 5 | i686 | kernel-rt-trace | <ย 2.6.24.7-139.el5rt | kernel-rt-trace-2.6.24.7-139.el5rt.i686.rpm |
| RedHat | 5 | i686 | kernel-rt-debug | <ย 2.6.24.7-139.el5rt | kernel-rt-debug-2.6.24.7-139.el5rt.i686.rpm |
| RedHat | 5 | x86_64 | kernel-rt-debug-devel | <ย 2.6.24.7-139.el5rt | kernel-rt-debug-devel-2.6.24.7-139.el5rt.x86_64.rpm |
| RedHat | 5 | i686 | kernel-rt-devel | <ย 2.6.24.7-139.el5rt | kernel-rt-devel-2.6.24.7-139.el5rt.i686.rpm |
| RedHat | 5 | x86_64 | kernel-rt-trace-devel | <ย 2.6.24.7-139.el5rt | kernel-rt-trace-devel-2.6.24.7-139.el5rt.x86_64.rpm |
| RedHat | 5 | i686 | kernel-rt-debug-devel | <ย 2.6.24.7-139.el5rt | kernel-rt-debug-devel-2.6.24.7-139.el5rt.i686.rpm |
| RedHat | 5 | i686 | kernel-rt | <ย 2.6.24.7-139.el5rt | kernel-rt-2.6.24.7-139.el5rt.i686.rpm |
Related
