(RHSA-2010:0149) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• a deficiency was found in the fasync_helper() implementation. This could
  allow a local, unprivileged user to leverage a use-after-free of locked,
  asynchronous file descriptors to cause a denial of service or privilege
  escalation. (CVE-2009-4141, Important)

• a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
  in the Linux kernel Stream Control Transmission Protocol (SCTP)
  implementation. A remote attacker could send a specially-crafted SCTP
  packet to a target system, resulting in a denial of service.
  (CVE-2010-0008, Important)

• a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
  function in the Linux kernel. An attacker on the local network could
  trigger this flaw by sending IPv6 traffic to a target system, leading to a
  system crash (kernel OOPS) if dst->neighbour is NULL on the target system
  when receiving an IPv6 packet. (CVE-2010-0437, Important)

This update also fixes the following bugs:

• programs compiled on x86, and that also call sched_rr_get_interval(),
  were silently corrupted when run on 64-bit systems. With this update, when
  such programs attempt to call sched_rr_get_interval() on 64-bit systems,
  sys32_sched_rr_get_interval() is called instead, which resolves this issue.
  (BZ#557683)

• the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a
  regression, preventing Wake on LAN (WoL) working for network devices using
  the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
  such devices resulted in the following error, even when configuring valid
  options:

“Cannot set new wake-on-lan settings: Operation not supported
not setting wol”

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559334)

• a number of bugs have been fixed in the copy_user routines for Intel 64
  and AMD64 systems, one of which could have possibly led to data corruption.
  (BZ#568307)

• on some systems, a race condition in the inode-based file event
  notifications implementation caused soft lockups and the following
  messages:

“BUG: warning at fs/inotify.c:181/set_dentry_child_flags()”
“BUG: soft lockup - CPU#[x] stuck for 10s!”

This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568663)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.