The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
Missing sanity checks in the Intel i915 driver in the Linux kernel could
allow a local, unprivileged user to escalate their privileges.
(CVE-2010-2962, Important)
A flaw in sctp_packet_config() in the Linux kernel’s Stream Control
Transmission Protocol (SCTP) implementation could allow a remote attacker
to cause a denial of service. (CVE-2010-3432, Important)
A missing integer overflow check in snd_ctl_new() in the Linux kernel’s
sound subsystem could allow a local, unprivileged user on a 32-bit system
to cause a denial of service or escalate their privileges. (CVE-2010-3442,
Important)
A flaw in sctp_auth_asoc_get_hmac() in the Linux kernel’s SCTP
implementation. When iterating through the hmac_ids array, it did not reset
the last id element if it was out of range. This could allow a remote
attacker to cause a denial of service. (CVE-2010-3705, Important)
Missing sanity checks in setup_arg_pages() in the Linux kernel. When
making the size of the argument and environment area on the stack very
large, it could trigger a BUG_ON(), resulting in a local denial of service.
(CVE-2010-3858, Moderate)
A flaw in ethtool_get_rxnfc() in the Linux kernel’s ethtool IOCTL
handler. When it is called with a large info.rule_cnt, it could allow a
local user to cause an information leak. (CVE-2010-3861, Moderate)
A flaw in bcm_connect() in the Linux kernel’s Controller Area Network
(CAN) Broadcast Manager. On 64-bit systems, writing the socket address may
overflow the procname character array. (CVE-2010-3874, Moderate)
A flaw in inet_csk_diag_dump() in the Linux kernel’s module for
monitoring the sockets of INET transport protocols. By sending a netlink
message with certain bytecode, a local, unprivileged user could cause a
denial of service. (CVE-2010-3880, Moderate)
Missing sanity checks in gdth_ioctl_alloc() in the gdth driver in the
Linux kernel, could allow a local user with access to “/dev/gdth” on a
64-bit system to cause a denial of service or escalate their privileges.
(CVE-2010-4157, Moderate)
A use-after-free flaw in the mprotect() system call could allow a local,
unprivileged user to cause a local denial of service. (CVE-2010-4169,
Moderate)
Missing initialization flaws in the Linux kernel could lead to
information leaks. (CVE-2010-3876, CVE-2010-4072, CVE-2010-4073,
CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080,
CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low)
Red Hat would like to thank Kees Cook for reporting CVE-2010-2962,
CVE-2010-3861, and CVE-2010-4072; Dan Rosenberg for reporting
CVE-2010-3442, CVE-2010-3705, CVE-2010-3874, CVE-2010-4073, CVE-2010-4074,
CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4082,
CVE-2010-4083, and CVE-2010-4158; Brad Spengler for reporting
CVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; and Vasiliy
Kulikov for reporting CVE-2010-3876.
Bug fixes:
A vulnerability in the 32-bit compatibility code for the VIDIOCSMICROCODE
IOCTL in the Video4Linux implementation. It does not affect Red Hat
Enterprise MRG, but as a preventive measure, this update removes the code.
Red Hat would like to thank Kees Cook for reporting this vulnerability.
(BZ#642469)
The kernel-rt spec file was missing the crypto, drm, generated, and trace
header directories when generating the kernel-rt-devel package, resulting
in out-of-tree modules failing to build. (BZ#608784)
On computers without a supported Performance Monitoring Unit, a crash
would occur when running the “perf top” command, and occasionally other
perf commands. perf software events are now marked as IRQ safe to avoid
this crash. (BZ#647434)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i686 | kernel-rt | < 2.6.33.7-rt29.47.el5rt | kernel-rt-2.6.33.7-rt29.47.el5rt.i686.rpm |
RedHat | 5 | i686 | perf | < 2.6.33.7-rt29.47.el5rt | perf-2.6.33.7-rt29.47.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-vanilla | < 2.6.33.7-rt29.47.el5rt | kernel-rt-vanilla-2.6.33.7-rt29.47.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-debug | < 2.6.33.7-rt29.47.el5rt | kernel-rt-debug-2.6.33.7-rt29.47.el5rt.i686.rpm |
RedHat | 5 | x86_64 | kernel-rt-debug-devel | < 2.6.33.7-rt29.47.el5rt | kernel-rt-debug-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt-devel | < 2.6.33.7-rt29.47.el5rt | kernel-rt-devel-2.6.33.7-rt29.47.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-debug-devel | < 2.6.33.7-rt29.47.el5rt | kernel-rt-debug-devel-2.6.33.7-rt29.47.el5rt.i686.rpm |
RedHat | 5 | x86_64 | perf | < 2.6.33.7-rt29.47.el5rt | perf-2.6.33.7-rt29.47.el5rt.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-rt-trace | < 2.6.33.7-rt29.47.el5rt | kernel-rt-trace-2.6.33.7-rt29.47.el5rt.x86_64.rpm |
RedHat | 5 | noarch | kernel-rt-doc | < 2.6.33.7-rt29.47.el5rt | kernel-rt-doc-2.6.33.7-rt29.47.el5rt.noarch.rpm |