RHSA-2006:0132 - Security Advisory

Topic

Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 4. This is the
third regular update.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The Linux kernel handles the basic functions of the operating system.

This is the third regular kernel update to Red Hat Enterprise Linux 4.

New features introduced in this update include:

• Open InfiniBand (OpenIB) support
• Serial Attached SCSI support
• NFS access control lists, asynchronous I/O
• IA64 multi-core support and sgi updates
• Large SMP CPU limits increased using the largesmp kernel: Up to 512 CPUs

in ia64, 128 in ppc64, and 64 in AMD64 and Intel EM64T

• Improved read-ahead performance
• Common Internet File System (CIFS) update
• Error Detection and Correction (EDAC) modules
• Unisys support

There were several bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 4.

The following security bug was fixed in this update:

• dm-crypt did not clear a structure before freeing it, which could allow

local users to discover information about cryptographic keys (CVE-2006-0095)

The following device drivers have been upgraded to new versions:

cciss: 2.6.8 to 2.6.8-rh1
ipmi_devintf: 33.4 to 33.11
ipmi_msghandler: 33.4 to 33.11
ipmi_poweroff: 33.4 to 33.11
ipmi_si: 33.4 to 33.11
ipmi_watchdog: 33.4 to 33.11
mptbase: 3.02.18 to 3.02.60.01rh
e1000: 6.0.54-k2-NAPI to 6.1.16-k2-NAPI
ixgb: 1.0.95-k2-NAPI to 1.0.100-k2-NAPI
tg3: 3.27-rh to 3.43-rh
aacraid: 1.1.2-lk2 to 1.1-5[2412]
ahci: 1.01 to 1.2
ata_piix: 1.03 to 1.05
iscsi_sfnet: 4:0.1.11-1 to 4:0.1.11-2
libata: 1.11 to 1.20
qla2100: 8.01.00b5-rh2 to 8.01.02-d3
qla2200: 8.01.00b5-rh2 to 8.01.02-d3
qla2300: 8.01.00b5-rh2 to 8.01.02-d3
qla2322: 8.01.00b5-rh2 to 8.01.02-d3
qla2xxx: 8.01.00b5-rh2 to 8.01.02-d3
qla6312: 8.01.00b5-rh2 to 8.01.02-d3
sata_nv: 0.6 to 0.8
sata_promise: 1.01 to 1.03
sata_svw: 1.06 to 1.07
sata_sx4: 0.7 to 0.8
sata_vsc: 1.0 to 1.1
cifs: 1.20 to 1.34

Added drivers:

bnx2: 1.4.25
dell_rbu: 0.7
hangcheck-timer: 0.9.0
ib_mthca: 0.06
megaraid_sas: 00.00.02.00
qla2400: 8.01.02-d3
typhoon: 1.5.7

All Red Hat Enterprise Linux 4 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

• BZ - 108616 - RHEL4 (IPF): Support for Additional function in Intel's Monticeto processor (HW)
• BZ - 108827 - RHEL4: Infiniband support
• BZ - 131889 - RHEL4 U2: SATA ATAPI support (including ESB2)
• BZ - 139949 - sym driver creates voluminous /var/log/messages entries
• BZ - 141699 - FEAT: RHEL 4 U3: ia64 needs hint@pause in spinloop
• BZ - 141851 - spin loops on both ia32 and ia32e need cpu_relax
• BZ - 144477 - bonding mode=6 + dhcp doesn't work correctly
• BZ - 144703 - ia32 apps that are not large file aware can access files >= 4GB
• BZ - 145061 - SMART support in SATA driver (P1)
• BZ - 149294 - qlogic fabric rediscovery functionality missing
• BZ - 150893 - On few Nocona based platforms, acpi-cpufreq driver assumes the wrong CPU freq at boot time
• BZ - 151549 - RHEL 4 Kernel does not provide ACL support over NFS
• BZ - 152036 - Amanda hangs on backup in case of ip_conntrack_amanda is used (RHEL4)
• BZ - 153971 - large usb flash drive require reboot to mount more than once
• BZ - 154387 - umount fails on nfs server side when nfs client does heavy io
• BZ - 155017 - Unisys' x86_64 ES7000 loses legacy devices during boot when using latest ES7000 platform code
• BZ - 156437 - Writing large file to 1TB ext3 volume sometimes very slow
• BZ - 156602 - SCTP memory consumption, additional fixes
• BZ - 156785 - Missing SHUTDOWN notification with SCTP stream socket
• BZ - 157241 - [RHEL4-U3] PCI Hotplug - Slot powered off after enabling
• BZ - 157586 - ES7000 systems won't boot with large configuration
• BZ - 159869 - Diskdump fails through ipr driver
• BZ - 160308 - USB Key stops working after upgrade to U1
• BZ - 160844 - dangling POSIX locks after close
• BZ - 161101 - Assertion failure in journal_commit_transaction() at fs/jbd/commit.c:790: "jh->b_next_transaction == ((void *)0)"
• BZ - 161362 - Oracle Hangs with directio and aio using NFS
• BZ - 161597 - sysfs_remove_dir() de-references NULL pointer
• BZ - 161617 - RHEL4 Panics at smp_apic_timer_interrupt
• BZ - 161846 - Problem with b44: SIOCSIFFLAGS: Cannot allocate memory
• BZ - 162094 - read() with count > 0xffffffff panics kernel at fs/direct-io.c:886
• BZ - 162731 - [RHEL4] 'getpriority/setpriority' broken with PRIO_USER, who=0
• BZ - 162732 - io_cancel doesn't work properly
• BZ - 162759 - System occasionally experienced system hangs.
• BZ - 162814 - Assertion failure in log_do_checkpoint
• BZ - 163150 - request backport of fc transport class HBA port_id for dm-multipath
• BZ - 163738 - Kernel PANIC - not syncing: fatal exception
• BZ - 163741 - qetharp 'Operation not supported' on non-layer2 guestlan
• BZ - 164298 - PANIC at rpc_wake_up_status
• BZ - 164547 - Bug in IPv6 address adding error path
• BZ - 165018 - Bonding driver fails to switch to backup link
• BZ - 165092 - Bugs in kernel key managment syscall interface
• BZ - 165154 - Bad order for release_region in error exit from i810_probe
• BZ - 165741 - acct does not have Large File Support
• BZ - 165744 - 2.6: /sbin/service iptables stop hangs on modprobe -r ipt_state
• BZ - 165959 - NFS/RPC - timestamp conversion is wrong
• BZ - 166454 - rpmbuild --rebuild glibc-2.3.4-2.12.src.rpm hangs (same problem with glibc-2.3.4-2.9.src.rpm)
• BZ - 166524 - Erratic behaviour when system fd limit reached
• BZ - 166544 - 2.6.9-16.ELsmp null pointer dereference in __bounce_end_io_read on x86_64
• BZ - 166589 - mount/umount can cause the block device reads to fail
• BZ - 166880 - [RHEL4 U1] OOPS removing ahci driver
• BZ - 167115 - [RHEL4 U1] Bonding driver does not switch to backup interface upon active interface failure under heavy UDP traffic
• BZ - 167192 - NFSv3 locking misses important kernel patches
• BZ - 167211 - RHEL4 Panic in __wake_up_common (networking)
• BZ - 167630 - Multicast domain membership doesn't follow bonding failover
• BZ - 167634 - RHEL4 __copy_user breaks on unaligned src
• BZ - 167645 - RHEL4 U2 performance regression running enterprise workload
• BZ - 167730 - FEAT RHEL4 U3: 10GigE Neterion Driver Update (S2io)
• BZ - 167731 - [RHEL4] hangcheck-timer not compiled in RHEL4 on IA64
• BZ - 167907 - SCTP association restart problem, possible backport
• BZ - 168090 - ipmi_poweroff driver update for Dell <8G servers
• BZ - 168262 - [RHEL4 U1][diskdump] Diskdump from OS_INIT fails.
• BZ - 168431 - autofs removes leading path components of /net mounts on timeout
• BZ - 168483 - FEAT: [RHEL4 U3] kernel dm: Statistic information about dm devices (*)
• BZ - 168775 - wait() and waitpid() return inconsistencies under high load
• BZ - 168824 - [FEAT:][RHEL 4 U3]LVM2 Snapshot support of root
• BZ - 169042 - [Texas Instruments] nfs bindresvport: Address already in use
• BZ - 169149 - oops in gss_pipe_release()
• BZ - 169184 - ls hangs on krb5 mountd when user has not kinit-ed
• BZ - 169197 - NFS client oops when debugging is on
• BZ - 170146 - CRM648268: kernel reporting init process cutime as very large negative value
• BZ - 170423 - Cache invalidation bug in nfs v3
• BZ - 170487 - Bad: kernel panic on boot (kernel-2.6.9-22.EL)
• BZ - 170546 - kernel_lock() problem through NFS mount
• BZ - 170656 - iSCSI connection recovery uses session address instead of portal address
• BZ - 170864 - device-mapper mirroring backwards compatibility issue
• BZ - 170887 - Neterion(S2io) adapter not functional after running offline diagnostics
• BZ - 170985 - RHEL 4 Update 2 Incompatibility with VMware ESX 2.5.2
• BZ - 171060 - Marvell Yukon 88E8050 ethernet interface not supported
• BZ - 171112 - Kernel oops killing process with open files on a NFS3 krb5 mount after /var/lib/nfs/rpc_pipefs has been unmounted
• BZ - 171141 - FEAT RHEL4 U3 [diskdump]: kernel - support compressing dump data
• BZ - 171220 - USB: khubd deadlock on error path
• BZ - 171705 - Kernel key management facility improvements
• BZ - 171715 - nfsd: clear signals before exiting the nfsd() thread
• BZ - 171765 - linux-2.6.13-key-reiserfs.patch is incomplete
• BZ - 171950 - Can't reboot on IBM xSeries 236.
• BZ - 171985 - rhel4 u2 - Null pointer dereference in alc880_auto_fill_dac_nids
• BZ - 171989 - rhel4 modules loading signing issue
• BZ - 172081 - rename(2) onto an empty directory fails on NFS file systems
• BZ - 172214 - Large LUNS can't be seen with Hitachi Open-L SAN
• BZ - 172393 - No analog audio with the "Intel Corporation Enterprise Southbridge High Definition Audio (rev 08)"
• BZ - 172487 - Difficulty with some iSCSI targets in iscsi_sfnet
• BZ - 172595 - netpoll can dereference a null pointer, causing a system crash
• BZ - 172598 - [RHEL4] tuxstat SIGSEGV
• BZ - 172839 - NMI watchdog panic during cache_alloc_refill with corrupt size-128 slabcache
• BZ - 172892 - kernel dm: dm-ioctl memory leak on attempt to load non-existing mapping
• BZ - 172920 - Lock at "Initializing hardware... storage network" caused by ULi HD Audio controller enabled.
• BZ - 172986 - autofs doesn't remount if nfs server is unreachable at expire time
• BZ - 173155 - kernel dm: DM_LIST_VERSIONS_CMD ioctl reponse truncated
• BZ - 173156 - kernel dm: Notify userspace when a device is renamed.
• BZ - 173157 - kernel dm-log: big endian 64-bit corruption
• BZ - 173158 - kernel dm-log: Make mirror log arch-independent
• BZ - 173159 - kernel dm: move bdget outside lockfs
• BZ - 173161 - kernel dm: Make lock_fs optional.
• BZ - 173163 - kernel dm snapshot: Separate out metadata reading.
• BZ - 173164 - kernel dm snapshot: Load metadata on table creation not resumption.
• BZ - 173166 - kernel dm snapshot: Reduce PF_MEMALLOC usage
• BZ - 173174 - kernel dm multipath: Fix do_end_io locking.
• BZ - 173194 - race condition when expiring ghosted autofs mounts
• BZ - 173206 - kernel dm snapshot: bio_list_merge fix
• BZ - 173304 - Fix for SystemTap bugzilla #1345 - return probe on do_execve
• BZ - 173354 - unable to create sgi_sn/ptc_statistics" printed to the console
• BZ - 173486 - Further key management facility improvements
• BZ - 173493 - Permit key management to request already running process to instantiate a key
• BZ - 173912 - GFS deadlock - gfs_write (do_write_direct) and gfs_setattr (do_truncate)
• BZ - 173981 - kernel bug at mm/prio_tree.c
• BZ - 174427 - SCSI errors with latest qlogic driver
• BZ - 174760 - Provide support for more than 8 logical processors
• BZ - 174895 - System became unresponsive to local commands.
• BZ - 175123 - Diskdump overwrite by SATA update
• BZ - 175132 - Audit fails to record syscall failures when asked to via auditctl
• BZ - 175415 - [audit][PATCH] New user space message types
• BZ - 175680 - broken U3 modsyms
• BZ - 175687 - autofs doesn't attempt to remount failed mount points
• BZ - 175728 - Kernel panic. Server hangs and is totally unresponsive until a power cycle brings it back online.
• BZ - 175812 - setxattr() to a file on NFS returns EIO
• BZ - 175988 - hang-check timer needs to be build on S390/S390x
• BZ - 176825 - broken memsets in s390 drivers.
• BZ - 177031 - device-mapper mirror log: avoid overrun while syncing
• BZ - 177136 - CVE-2006-0095 dm-crypt key leak
• BZ - 177445 - Please consider upping NR_CPUS to 16 for x86_64
• BZ - 177492 - Early panic in "io_apic_get_unique_id" on 4CPU, dual-core HT enabled EM64T System
• BZ - 177522 - Kernel panic while running NFS ACL test
• BZ - 177527 - Add aic94xx and sas code into RHEL4 U3
• BZ - 177561 - Largesmp kernel does not see all logical CPUs on IBM x460
• BZ - 177620 - kernel device-mapper snapshot: barriers are not supported
• BZ - 177634 - AIM7 File Server Performance -15% relative to U2
• BZ - 177719 - BIOS bug shows the wrong number of CPUs
• BZ - 178839 - CPU's being incorrectly numbered
• BZ - 178975 - /proc/cpuinfo shows wrong value
• BZ - 179057 - SCSI LLDD's oops on rmmod if devices scan w/ PQ=3
• BZ - 179751 - lvremove panic in dm_mod:kcopyd_client_destroy while attempting to remove a snapshot
• BZ - 180353 - NPTL: under xterm -e process receives SIGHUP when child thread exits
• BZ - 180405 - kabi violation in multi-core detection patch
• BZ - 181574 - device-mapper mirror removal stuck on kcopyd_client_destroy (pvmove hangs)
• BZ - 181884 - RHEL4 U3 "noht" boot parameter sometimes disables dual core support as well as ht support

CVEs

• CVE-2006-0095

References

(none)