The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)
A miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)
Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original
reporter; and Grant Diffey of CenITex for reporting CVE-2010-2798.
This update also fixes the following bugs:
Problems receiving network traffic correctly via a non-standard layer 3
protocol when using the ixgbe driver. This update corrects this issue.
(BZ#618275)
A bug was found in the way the megaraid_sas driver (for SAS based RAID
controllers) handled physical disks and management IOCTLs. All physical
disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout
occurred. One possible trigger for this bug was running “mkfs”. This update
resolves this issue by updating the megaraid_sas driver to version 4.31.
(BZ#619363)
Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes
to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus
writes resulted in the serialization of MSIs, leading to poor performance
on systems with high MSI load. This update adds a new kernel boot
parameter, msi_nolock, which forgoes the PCI bus writes and allows for
better simultaneous processing of MSIs. (BZ#621939)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | kernel-xen | < 2.6.18-164.25.1.el5 | kernel-xen-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-devel | < 2.6.18-164.25.1.el5 | kernel-devel-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-debug-devel | < 2.6.18-164.25.1.el5 | kernel-debug-devel-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-headers | < 2.6.18-164.25.1.el5 | kernel-headers-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | kernel | < 2.6.18-164.25.1.el5 | kernel-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-xen-devel | < 2.6.18-164.25.1.el5 | kernel-xen-devel-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-debug | < 2.6.18-164.25.1.el5 | kernel-debug-2.6.18-164.25.1.el5.x86_64.rpm |
RedHat | 5 | noarch | kernel-doc | < 2.6.18-164.25.1.el5 | kernel-doc-2.6.18-164.25.1.el5.noarch.rpm |