- Issued:
- 2004-01-16
- Updated:
- 2004-01-16
RHSA-2004:017 - Security Advisory
Synopsis
Updated kernel packages available for Red Hat Enterprise Linux 3 Update 1
Type/Severity
Security Advisory: Important
Topic
Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version
3. This is the first regular update.
Description
The Linux kernel handles the basic functions of the operating
system.
This is the first regular kernel update for Red Hat Enterprise
Linux version 3. It contains a new critical security fix, many
other bug fixes, several device driver updates, and numerous
performance and scalability enhancements.
On AMD64 systems, a fix was made to the eflags checking in
32-bit ptrace emulation that could have allowed local users
to elevate their privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0001 to this issue.
Other bug fixes were made in the following kernel areas:
VM, NPTL, IPC, kernel timer, ext3, NFS, netdump, SCSI,
ACPI, several device drivers, and machine-dependent
support for the x86_64, ppc64, and s390 architectures.
The VM subsystem was improved to better handle extreme
loads and resource contention (such as might occur during
heavy database application usage). This has resulted in
a significantly reduced possibility of hangs, OOM kills,
and low-mem exhaustion.
Several NPTL fixes were made to resolve POSIX compliance
issues concerning process IDs and thread IDs. A section
in the Release Notes elaborates on a related issue with
file record locking in multi-threaded applications.
AMD64 kernels are now configured with NUMA support,
S390 kernels now have CONFIG_BLK_STATS enabled, and
DMA capability was restored in the IA64 agpgart driver.
The following drivers have been upgraded to new versions:
cmpci ------ 6.36
e100 ------- 2.3.30-k1
e1000 ------ 5.2.20-k1
ips -------- 6.10.52
megaraid --- v1.18k
megaraid2 -- v2.00.9
All Red Hat Enterprise Linux 3 users are advised to upgrade
their kernels to the packages associated with their machine
architectures and configurations as listed in this erratum.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 71514 - Infinite recursion in SCSI mid layer
- BZ - 77839 - Assert failure in transaction.c:1224: "!jh->b_committed_data
- BZ - 85974 - IDE tape generates errors when execute mt command
- BZ - 90204 - Downgrade assert failure at revoke.c:329 to a warning
- BZ - 90207 - RHEL AS2.1 IPF: Linux scheduler interaction - threads all running on one processor
- BZ - 97065 - Updated cciss driver does not clean up properly after load failiure
- BZ - 98132 - (NET E1000) Taroon Alpha4 e1000 driver does not detect currently being tested NIC/LOM\'s
- BZ - 99251 - aic7xxx/79xx causes PCI PARITY ERROR on PE4600
- BZ - 101938 - C write fails for records gt 2 GB
- BZ - 102258 - [ibmsis] LTC3905 - RHEL_3 scsi midlayer hang
- BZ - 102400 - LTC3932 - kill10 hangs with RHEL 3 kernel
- BZ - 102535 - hang in ptrace for gdb traceback
- BZ - 103245 - LTC4138 - Vmstat not printing irqs/second
- BZ - 103304 - x86_64 oprofile.o driver misidentifies processor
- BZ - 103491 - NPTL-related invalid uses of thread ID
- BZ - 103671 - More informative memory error reporting on AMD64
- BZ - 104116 - [x86_64] Crash/CPU lockup running lmbench
- BZ - 104172 - GCC testsuite crashing .421 and .411 kernels
- BZ - 104260 - LTC4351 - kernel panic after rmmod'ing and then insmod'ing the olympic token ring module.
- BZ - 104313 - LTC4357 - viocons making > 4k writes
- BZ - 104338 - missing critical HP agp related patches
- BZ - 104520 - SMP Kernel hang on shutdown with Intel SRCZCR Raid Controller
- BZ - 104651 - RHEL 3 U1: Ability to blacklist what LUNS/scsi devices so kernel doesn't send start-unit commands in the event the LUN is identified as "not ready".
- BZ - 104730 - aic7xxx causes PCI PARITY ERROR on PE4600
- BZ - 104913 - LTC4532 - Signal handlers run with unaligned stack
- BZ - 105717 - ibm_opteron - Pid: 1, comm: swapper Not tainted
- BZ - 105749 - LTC4613 - machines fail to respond to reset
- BZ - 105890 - New Feature for AS 2.1 Update 3 - IA64 reqmt: tsc disable patch
- BZ - 105953 - dmidecode generates unaligned access errors
- BZ - 105989 - LTC4623 - install / as LVM throws python exception
- BZ - 106004 - Broadcom tg3 driver duplex won't set
- BZ - 106209 - Unblock device after queue full status
- BZ - 106214 - "reset erp" gone missing in 2.4.21-2.E
- BZ - 106396 - Hardware crypto support
- BZ - 106399 - SCSI I/O stall problem
- BZ - 106450 - Requesting updated acenic.o driver
- BZ - 106502 - Base driver button not loaded
- BZ - 106579 - LTC4821 - hwbrowser displays incorrect floppy capacity
- BZ - 106626 - Incorporate ESB PATA support
- BZ - 106648 - lcs updates from "the 38"
- BZ - 106651 - Export noop elevator
- BZ - 106785 - amd64 has siginificant bug in 32 bit emulation
- BZ - 106794 - LTC4829-RHEL 3 HANGS under heavy stress load
- BZ - 106944 - fcntl() returns tid rather than pid
- BZ - 107942 - thread code indeed freezes the kernel
- BZ - 107960 - No disk/partition statistics in /proc/partitions
- BZ - 108432 - Exiting program using multicast addr locks up a CPU after restart of network
- BZ - 108488 - Millisecond timer resolution on ia64
- BZ - 108492 - Possible security issue in the ia32 subsystem
- BZ - 108648 - No AGP support on Tyan 2885 K8W
- BZ - 110558 - [ ia64 ] Install disc panics on boot on some systems
- BZ - 110895 - running processes are not listed in /proc, with ps or top
- BZ - 111388 - [Patch] LTC5474 - CSP corrupted on P690 after update_flash of new firmware in LPAR
- BZ - 111446 - hang in RHEL 3 pthreads library
- BZ - 112365 - Kernel Panic when running pulse deamon
- BZ - 113106 - CAN-2004-0001 ptrace hole in x86-64
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.