RHSA-2005:294 - Security Advisory

Topic

Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 3. This is the
fifth regular update.

Description

The Linux kernel handles the basic functions of the operating system.

This is the fifth regular kernel update to Red Hat Enterprise Linux 3.

New features introduced by this update include:

• support for 2-TB partitions on block devices
• support for new disk, network, and USB devices
• support for clustered APIC mode on AMD64 NUMA systems
• netdump support on AMD64, Intel EM64T, Itanium, and ppc64 systems
• diskdump support on sym53c8xx and SATA piix/promise adapters
• NMI switch support on AMD64 and Intel EM64T systems

There were many bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 3.

Some key areas affected by these fixes include the kernel's networking,
SATA, TTY, and USB subsystems, as well as the architecture-dependent
handling under the ia64, ppc64, and x86_64 directories. Scalability
improvements were made primarily in the memory management and file
system areas.

A flaw in offset handling in the xattr file system code backported to
Red Hat Enterprise Linux 3 was fixed. On 64-bit systems, a user who
can access an ext3 extended-attribute-enabled file system could cause
a denial of service (system crash). This issue is rated as having a
moderate security impact (CAN-2005-0757).

The following device drivers have been upgraded to new versions:

3c59x ------ LK1.1.18
3w-9xxx ---- 2.24.00.011fw (new in Update 5)
3w-xxxx ---- 1.02.00.037
8139too ---- (upstream 2.4.29)
b44 -------- 0.95
cciss ------ v2.4.54.RH1
e100 ------- 3.3.6-k2
e1000 ------ 5.6.10.1-k2
lpfcdfc ---- 1.0.13 (new in Update 5)
tg3 -------- 3.22RH

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

Solution

Before applying this update, make sure that all previously released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

• BZ - 116289 - BLKPG_ADD_PARTITION op of BLKPG ioctl doesn't let you add partitions >= 1TB
• BZ - 119351 - Getting OOM errors on an unconstrained system
• BZ - 121032 - CAN-2004-0177 ext3 infoleak
• BZ - 121716 - Raw device I/O transfer size limited to 32KB.
• BZ - 123415 - API Breakage: NFS "No locks available" with kernel 2.4.21-15.ELsmp
• BZ - 124600 - Unexpected error: VFS: Busy inodes after unmount. Self-destruct in 5 seconds.
• BZ - 126407 - CAN-2004-0075 Vicam USB user/kernel copying
• BZ - 127066 - Panic is occurring in the I/O completion interrupt handling for the character interface driver (sg).
• BZ - 128176 - Add the 3w-9xxx module (required for the 9000 series 3ware cards)
• BZ - 129084 - ICH6 SATA support
• BZ - 130113 - Strange output of /proc/mtrr
• BZ - 130365 - Request to include EMC Celerra and iSCSI devices to the black list
• BZ - 130774 - oops in drivers/char/tty_io.c:init_dev()
• BZ - 131674 - CAN-2004-0814 potential race condition in RHEL 2.1/3 tty layer
• BZ - 131981 - O_DIRECT doesn't work on LVM devices
• BZ - 132162 - NFS intr flag prevents core dumps
• BZ - 132257 - LTC-8859: softdog.o need to be included into RHEL distributions
• BZ - 132339 - x86 compatibility mode apps using signals crash under EM64T
• BZ - 132494 - POSIX Asynchronous IO support is unstable
• BZ - 132838 - Kernel Panic: Unable to satisfy kernel paging request... when starting ServerVantage.
• BZ - 133020 - [RHEL3][IA32E][X86_64]Wrong FPU IP and DP in the SIGFPE signal context
• BZ - 133108 - CAN-2004-0814 input/serio local DOS
• BZ - 133113 - CAN-2004-1058 /proc/<PID>/cmdline information disclosure
• BZ - 133388 - 3c59x: eth0: Transmit error, Tx status register d0. (10Mb hub)
• BZ - 133905 - kernel crash, fatal exception, accessing /proc, EXT3-fs error
• BZ - 134832 - Ia32e + Intel SATA 82801EB + kernel 2.4.21-20EL; unable to mount root partition.
• BZ - 135266 - Panics while backing up LVM snapshots
• BZ - 135583 - RHEL3U3 panics on boot for HP rx5670
• BZ - 135688 - NFS ESTALES returned on open [IT50092]
• BZ - 136317 - When copying rootfs to /mnt/sdc/, rsync accessed /proc/kcore and kernel crashed
• BZ - 136398 - NFS direct reads don't flush dirty cached pages
• BZ - 137201 - RHEL3U2/U3 x86-64 - /proc/mtrr reported incorrectly
• BZ - 137830 - worktodo does not support NFS aio
• BZ - 137961 - tg3 fiber auto-negotiation
• BZ - 138182 - Kernel hang when cat'ting file on intr NFS mount
• BZ - 138240 - MCA in tulip on ifconfig down/reboot
• BZ - 138815 - [RHEL3-U5][Diskdump] Stalls before printing "CPU frozen"
• BZ - 138827 - usb: raced timeout errors when using usb/serial adapter
• BZ - 138905 - Unkillable processes under 64bit Linux which use Kernel Asynchronous I/O
• BZ - 139421 - [RHEL3-U4][Diskdump] Diskdump failed with serial console enabled
• BZ - 139434 - [RHEL3-U4][Diskdump] Segmentation Fault after cliloop
• BZ - 139440 - [RHEL3-U5][Diskdump] All CPUs are displayed in CPU frozen
• BZ - 139465 - em64t/ia32e kernel panic: 'interrupt handler - not syncing' during heavy network I/O
• BZ - 140083 - lx-choptp19 crashed running 2.4.21-20.EL.BZ131027.hotfixhugemem
• BZ - 140331 - stack overflows can occur on x86_64 under stack pressure when softirq's are handled
• BZ - 140552 - Kernel wrongly complains about application bug when loading modules
• BZ - 140585 - [RHEL3][PATCH] SIOCGHWADDR does not clear buffer for ppp connections
• BZ - 140616 - RHEL3 PATCH dev.c: clear SIOCGIFHWADDR buffer if !dev->addr_len
• BZ - 140790 - e100 and e1000 drivers should return EINVAL when ethtool tries to set rx-mini or rx-jumbo
• BZ - 141282 - nptl futex_wait fix
• BZ - 141377 - [PATCH] memory leak in ipv6 ip6_{push,flush}_pending_frames()
• BZ - 141388 - FAT32 file system zero length files corruption after remount
• BZ - 141697 - ATAPI-CDROM not accessible with kernel options ide-scsi and swiotlb
• BZ - 141757 - Infinite loop when syncing over automounted NFS
• BZ - 142683 - bonding with mii monitoring does not work with realtek card
• BZ - 142725 - [PATCH] video1394 fixes
• BZ - 142954 - sata_sx4 4GB problem
• BZ - 143542 - Unable to handle kernel NULL pointer dereference at virtual address 00000004
• BZ - 143565 - NIC BCM4401 on Dell Inspiron 5100 broken
• BZ - 143625 - kernel can not register scsi LUNs above 7 for mylexFFx2 FC RAID controller
• BZ - 144059 - CAN-2005-0403 panic in tty init_dev
• BZ - 144260 - U4 kernel sound broken on certain AC 97 systems
• BZ - 144360 - Fibre Channel tape speed regression (qla2200)
• BZ - 144530 - random poolsize sysctl handler integer overflow
• BZ - 144990 - Anaconda installer partion error large RAID volume
• BZ - 145331 - kernel panic in get_signal_to_deliver
• BZ - 145409 - panic_on_oops hook removed on ia64 by diskdump patch
• BZ - 145563 - tar crashes DELL server every 4th day.
• BZ - 145746 - mmap() system call can return Nil
• BZ - 146345 - recv returns EAGAIN instead of EINTR when interrupted
• BZ - 146501 - ext2/ext3 w/ 1024 blocksize eats all memory
• BZ - 147541 - rsync creating truncated files on fat32 filesystem
• BZ - 147580 - Race condition in md subsystem causes panic
• BZ - 147704 - laus incorrectly truncates path string when predicate filter is used
• BZ - 147969 - msync(..., ..., MS_SYNC) returning before data written to disk
• BZ - 148855 - CAN-2005-0204 OUTS instruction does not cause SIGSEGV for all ports
• BZ - 148869 - CAN-2005-0135 ia64 local DoS
• BZ - 150334 - Kernel panic: Code: Bad EIP value
• BZ - 151086 - kernel locks up tty/psuedo-tty access
• BZ - 151241 - CAN-2005-0384 pppd remote DoS
• BZ - 151805 - CAN-2005-0449 Possible remote Oops/firewall bypass - kABI breaker
• BZ - 151934 - Running lshw causes MCA on Olympia rx8620
• BZ - 152178 - CAN-2005-0750 bluetooth security flaw
• BZ - 152411 - CAN-2005-0749 load_elf_library possible DoS
• BZ - 152552 - CAN-2004-1073 looks unfixed in RHEL3
• BZ - 152627 - sata_sil missing PCI IDs for ATI SATA controller
• BZ - 152959 - Repeated Kernel Panics while using LVM Snapshot
• BZ - 155234 - CAN-2005-0137 ia64 syscall_table DoS
• BZ - 156617 - SIGCHLD set to SIG_IGN but calls wait().
• BZ - 156882 - aggressively clean bhs
• BZ - 156928 - sata_promise in 2.4.21-27.0.4.EL doesn't support Promise sataII 150 tx4 yet

CVEs

• CVE-2005-0757

References

(none)