(RHSA-2010:0398) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• a flaw was found in the Unidirectional Lightweight Encapsulation (ULE)
  implementation. A remote attacker could send a specially-crafted ISO
  MPEG-2 Transport Stream (TS) frame to a target system, resulting in an
  infinite loop (denial of service). (CVE-2010-1086, Important)

• on AMD64 systems, it was discovered that the kernel did not ensure the
  ELF interpreter was available before making a call to the SET_PERSONALITY
  macro. A local attacker could use this flaw to cause a denial of service by
  running a 32-bit application that attempts to execute a 64-bit application.
  (CVE-2010-0307, Moderate)

• a flaw was found in the kernel connector implementation. A local,
  unprivileged user could trigger this flaw by sending an arbitrary number
  of notification requests using specially-crafted netlink messages,
  resulting in a denial of service. (CVE-2010-0410, Moderate)

• a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in
  the Xen hypervisor implementation. An unprivileged guest user could use
  this flaw to trick the hypervisor into emulating a certain instruction,
  which could crash the guest (denial of service). (CVE-2010-0730, Moderate)

• a divide-by-zero flaw was found in the azx_position_ok() function in the
  driver for Intel High Definition Audio, snd-hda-intel. A local,
  unprivileged user could trigger this flaw to cause a kernel crash (denial
  of service). (CVE-2010-1085, Moderate)

This update also fixes the following bugs:

• in some cases, booting a system with the “iommu=on” kernel parameter
  resulted in a Xen hypervisor panic. (BZ#580199)

• the fnic driver flushed the Rx queue instead of the Tx queue after
  fabric login. This caused crashes in some cases. (BZ#580829)

• “kernel unaligned access” warnings were logged to the dmesg log on some
  systems. (BZ#580832)

• the “Northbridge Error, node 1, core: -1 K8 ECC error” error occurred on
  some systems using the amd64_edac driver. (BZ#580836)

• in rare circumstances, when using kdump and booting a kernel with
  “crashkernel=128M@16M”, the kdump kernel did not boot after a crash.
  (BZ#580838)

• TLB page table entry flushing was done incorrectly on IBM System z,
  possibly causing crashes, subtle data inconsistency, or other issues.
  (BZ#580839)

• iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3.
  (BZ#580840)

• fixed floating point state corruption after signal. (BZ#580841)

• in certain circumstances, under heavy load, certain network interface
  cards using the bnx2 driver and configured to use MSI-X, could stop
  processing interrupts and then network connectivity would cease.
  (BZ#587799)

• cnic parts resets could cause a deadlock when the bnx2 device was
  enslaved in a bonding device and that device had an associated VLAN.
  (BZ#581148)

• some BIOS implementations initialized interrupt remapping hardware in a
  way the Xen hypervisor implementation did not expect. This could have
  caused a system hang during boot. (BZ#581150)

• AMD Magny-Cours systems panicked when booting a 32-bit kernel.
  (BZ#580846)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.