RHSA-2006:0437 - Security Advisory

Topic

Updated kernel packages are now available as part of ongoing support and
maintenance of Red Hat Enterprise Linux version 3. This is the eighth
regular update.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

Description

The Linux kernel handles the basic functions of the operating system.

This is the eighth regular kernel update to Red Hat Enterprise Linux 3.

New features introduced by this update include:

• addition of the adp94xx and dcdbas device drivers
• diskdump support on megaraid_sas, qlogic, and swap partitions
• support for new hardware via driver and SCSI white-list updates

There were many bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement in
the reliability and scalability of Red Hat Enterprise Linux 3.

There were numerous driver updates and security fixes (elaborated below).
Other key areas affected by fixes in this update include the networking
subsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems,
and architecture-specific handling affecting AMD Opteron and Intel EM64T
processors.

The following device drivers have been added or upgraded to new versions:

adp94xx -------- 1.0.8 (new)
bnx2 ----------- 1.4.38
cciss ---------- 2.4.60.RH1
dcdbas --------- 5.6.0-1 (new)
e1000 ---------- 7.0.33-k2
emulex --------- 7.3.6
forcedeth ------ 0.30
ipmi ----------- 35.13
qlogic --------- 7.07.04b6
tg3 ------------ 3.52RH

The following security bugs were fixed in this update:

• a flaw in the USB devio handling of device removal that allowed a

local user to cause a denial of service (crash) (CVE-2005-3055,
moderate)

• a flaw in the exec() handling of multi-threaded tasks using ptrace()

that allowed a local user to cause a denial of service (hang of a
user process) (CVE-2005-3107, low)

• a difference in "sysretq" operation of EM64T (as opposed to Opteron)

processors that allowed a local user to cause a denial of service
(crash) upon return from certain system calls (CVE-2006-0741 and
CVE-2006-0744, important)

• a flaw in unaligned accesses handling on Intel Itanium processors

that allowed a local user to cause a denial of service (crash)
(CVE-2006-0742, important)

• an info leak on AMD-based x86 and x86_64 systems that allowed a local

user to retrieve the floating point exception state of a process
run by a different user (CVE-2006-1056, important)

• a flaw in IPv4 packet output handling that allowed a remote user to

bypass the zero IP ID countermeasure on systems with a disabled
firewall (CVE-2006-1242, low)

• a minor info leak in socket option handling in the network code

(CVE-2006-1343, low)

• a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT

processing that allowed a remote user to cause a denial of service
(crash) or potential memory corruption (CVE-2006-2444, moderate)

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

Solution

Before applying this update, make sure that all previously released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

• BZ - 97000 - i8253 count too high! resetting...
• BZ - 102504 - cannot reboot on Dell 6450 with RHEL 3
• BZ - 102973 - i8253 count too high
• BZ - 103024 - "i8253 count too high! resetting.." ?
• BZ - 119457 - panics in generic_aio_complete_rw and unmap_kvec after __iodesc_free calls generic_aio_complete_read()
• BZ - 127689 - Reboot fails on Dell PowerEdge 6450
• BZ - 129477 - kernel panic in umount
• BZ - 131881 - clock_gettime() triggers audit kill from i386 binary on x86_64
• BZ - 132105 - autofs (automount) failover does not work
• BZ - 132994 - kernel oops when unplugging usb serial adapter using pl2303 and mct_u232
• BZ - 134555 - System hangs when rebooting Dell PE6450
• BZ - 134736 - kernel panic in md driver (md lacks proper locking of device lists)
• BZ - 142718 - [PATCH] [RHEL3] dpt_i2o modules in RHEL gets oops
• BZ - 146789 - Implement a better solution to the dma memory allocation done in the kernel
• BZ - 146954 - megaraid2 driver fails to recognize all LSI RAID adapters when there are more than 4 with >=4GB
• BZ - 149732 - Hang with radeon driver when DRM DRI actve
• BZ - 152630 - timer interrupt received twice on ATI chipset motherboard, clock runs at double speed
• BZ - 153954 - kernel panic when removing active USB serial converter used as serial console
• BZ - 154680 - Kernel panic on 8GB machines under stress running e1000 diagnostics
• BZ - 157667 - I/O Errors when swtiching Blade USB Media Tray
• BZ - 159862 - kernel oops with usbserial (minicom key pressed)
• BZ - 160600 - Accessing automounted directories can cause a process to hang forever
• BZ - 165246 - EHCI Host driver violates USB2.0 Specification leading to device failures.
• BZ - 167636 - Unable to unmount a local file system exported by NFS
• BZ - 167672 - GART error during bootup
• BZ - 167839 - kernel crashes with an Ooops
• BZ - 169261 - CVE-2005-3055 async usb devio oops
• BZ - 170261 - CVE-2005-3107 zap_threads DoS
• BZ - 171277 - MCE arg parsing broken on x86-64
• BZ - 174818 - [PATCH] bonding: don't drop non-VLAN traffic
• BZ - 175143 - sys_io_setup() can leak an mm reference on failure
• BZ - 175759 - Reboot of Dell 6450 fails
• BZ - 177451 - Kernel panic : Unable to handle kernel paging request at virtual address 6668c79a
• BZ - 177571 - [RHEL3] [RFE] forcedeth driver on xw9300 has minimal support for ethtool and mii-tool
• BZ - 178119 - [RHEL3] dump_stack() isn't implemented on x86_64
• BZ - 178131 - syslog-only netdump still tries to dump memory
• BZ - 178885 - bonding mode=6 + dhcp doesn't work correctly
• BZ - 179657 - Intermittently unable to mount NFS filesystem using autofs --ghost
• BZ - 180968 - Data corruption in ext3 FS when running hazard (corrupt inodes)
• BZ - 181815 - Phantom escalating load due to flawed rq->nr_uninterruptible increment
• BZ - 182961 - IBM x336, x260, and x460 requires acpi=noirq bootup option.
• BZ - 182996 - ST Tape Driver Bug!!
• BZ - 183881 - kernel/libc type mismatch on siginfo_t->si_band - breaks FAM on 64bit arches
• BZ - 185183 - Kernel BUG at pci_dma:43 encountered
• BZ - 185735 - BNX2 Patch in 2.4.21-40.EL kills "Network Device Support" config menu
• BZ - 186058 - CVE-2006-1242 Linux zero IP ID vulnerability?
• BZ - 186244 - CVE-2006-1343 Small information leak in SO_ORIGINAL_DST
• BZ - 186307 - RHEL3U7 fails installation using RSA(2).
• BZ - 186455 - Submission of a patch for non-sequential LUN mapping
• BZ - 186901 - make menuconfig crashes
• BZ - 187548 - IPMI startup race condition
• BZ - 187911 - CVE-2006-1056 FPU Information leak on i386/x86-64 on AMD CPUs
• BZ - 192633 - CVE-2006-2444 SNMP NAT netfilter memory corruption
• BZ - 196938 - [Beta RHEL3 U8 Regression] Processes hung while allocating stack using gdb

CVEs

• CVE-2005-3107
• CVE-2006-0741
• CVE-2006-0744
• CVE-2006-1056
• CVE-2006-1343
• CVE-2005-3055
• CVE-2006-2444
• CVE-2006-0742
• CVE-2006-1242

References

• http://www.redhat.com/security/updates/classification/#important