Red Hat Product Errata RHSA-2006:0493 - Security Advisory

Issued:: 2006-05-24
Updated:: 2006-05-24

RHSA-2006:0493 - Security Advisory

Overview
Updated Packages

Synopsis

kernel security update

Type/Severity

Security Advisory: Important

Topic

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 4 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

Description

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

a flaw in the IPv6 implementation that allowed a local user to cause a
denial of service (infinite loop and crash) (CVE-2005-2973, important)
a flaw in the bridge implementation that allowed a remote user to
cause forwarding of spoofed packets via poisoning of the forwarding
table with already dropped frames (CVE-2005-3272, moderate)
a flaw in the atm module that allowed a local user to cause a denial
of service (panic) via certain socket calls (CVE-2005-3359, important)
a flaw in the NFS client implementation that allowed a local user to
cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,
important)
a difference in "sysretq" operation of EM64T (as opposed to Opteron)
processors that allowed a local user to cause a denial of service
(crash) upon return from certain system calls (CVE-2006-0741 and
CVE-2006-0744, important)
a flaw in the keyring implementation that allowed a local user to
cause a denial of service (OOPS) (CVE-2006-1522, important)
a flaw in IP routing implementation that allowed a local user to cause
a denial of service (panic) via a request for a route for a multicast IP
(CVE-2006-1525, important)
a flaw in the SCTP-netfilter implementation that allowed a remote user
to cause a denial of service (infinite loop) (CVE-2006-1527, important)
a flaw in the sg driver that allowed a local user to cause a denial of
service (crash) via a dio transfer to memory mapped (mmap) IO space
(CVE-2006-1528, important)
a flaw in the threading implementation that allowed a local user to
cause a denial of service (panic) (CVE-2006-1855, important)
two missing LSM hooks that allowed a local user to bypass the LSM by
using readv() or writev() (CVE-2006-1856, moderate)
a flaw in the virtual memory implementation that allowed local user to
cause a denial of service (panic) by using the lsof command
(CVE-2006-1862, important)
a directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via "..\\"
sequences (CVE-2006-1864, moderate)
a flaw in the ECNE chunk handling of SCTP that allowed a remote user
to cause a denial of service (panic) (CVE-2006-2271, moderate)
a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks of
SCTP that allowed a remote user to cause a denial of service (panic)
(CVE-2006-2272, moderate)
a flaw in the handling of DATA fragments of SCTP that allowed a remote
user to cause a denial of service (infinite recursion and crash)
(CVE-2006-2274, moderate)

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 168791 - CVE-2006-1528 Possible local crash by dio/mmap sg driver
BZ - 170772 - CVE-2005-2973 ipv6 infinite loop
BZ - 171383 - CVE-2005-3272 bridge poisoning
BZ - 175769 - CVE-2005-3359 incorrect inrement/decrement in atm module leads to panic
BZ - 181795 - CVE-2006-0555 NFS client panic using O_DIRECT
BZ - 183489 - CVE-2006-0741 bad elf entry address (CVE-2006-0744)
BZ - 187841 - CVE-2006-1855 Old thread debugging causes false BUG() in choose_new_parent
BZ - 188466 - CVE-2006-1522 DoS/bug in keyring code (security/keys/)
BZ - 189260 - CVE-2006-1862 The lsof command triggers a kernel oops under heavy load
BZ - 189346 - CVE-2006-1525 ip_route_input() panic
BZ - 189435 - CVE-2006-1864 smbfs chroot issue
BZ - 190460 - CVE-2006-1527 netfilter/sctp: lockup in sctp_new()
BZ - 191201 - CVE-2006-2271 SCTP ECNE chunk handling DoS
BZ - 191202 - CVE-2006-2272 SCTP incoming COOKIE_ECHO and HEARTBEAT packets DoS
BZ - 191258 - CVE-2006-2274 SCTP DATA fragments DoS
BZ - 191524 - CVE-2006-1856 LSM missing readv/writev

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
kernel-2.6.9-34.0.1.EL.src.rpm	SHA-256: fdd12e33cb0042b1508cfa4deb8b1de4e69b3ead6d42539aba108750812c5e46
x86_64
kernel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: db3c71205cb985c08a8540e31c8710214cd0aa528b6bbcdb35bd300aa017cf0c
kernel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: db3c71205cb985c08a8540e31c8710214cd0aa528b6bbcdb35bd300aa017cf0c
kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 7ff883b7845be5fe592761158954a6db9e11c16b733e8b0d185f16d34d235aa1
kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 7ff883b7845be5fe592761158954a6db9e11c16b733e8b0d185f16d34d235aa1
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 6434f98e70a346b2f444f1ee13b2fcf4938abd5cb5d38ff9578877dbe2402f18
kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 6434f98e70a346b2f444f1ee13b2fcf4938abd5cb5d38ff9578877dbe2402f18
kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: f4a5505c722c490c81b3ea185ad7a59867013949fdae52074f3bf1ba7808e2b4
kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: f4a5505c722c490c81b3ea185ad7a59867013949fdae52074f3bf1ba7808e2b4
kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: bc9fa5ec8590753fcd3619ad7307439d25ab012cbc6019b611da36fce65e5c3a
kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: bc9fa5ec8590753fcd3619ad7307439d25ab012cbc6019b611da36fce65e5c3a
kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 593f7d0254d1176898816985efa58c88fc6e6f9c8fbdb5eb78f684e3dfd493a2
kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 593f7d0254d1176898816985efa58c88fc6e6f9c8fbdb5eb78f684e3dfd493a2
ia64
kernel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 7635747a2e5995c702e895b367141c4d8db2f535f08194641bd45a675ce00fb5
kernel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 7635747a2e5995c702e895b367141c4d8db2f535f08194641bd45a675ce00fb5
kernel-devel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 75296d1fd2cfb66da5301b5357a3b24ca4f77a063c67b940d21b053b2bdde824
kernel-devel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 75296d1fd2cfb66da5301b5357a3b24ca4f77a063c67b940d21b053b2bdde824
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 268b77b1f7cd2dbcc3ee75519eb0830b3cc75e745b746abb8a9dede10b93acba
kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 268b77b1f7cd2dbcc3ee75519eb0830b3cc75e745b746abb8a9dede10b93acba
kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 32c0c56de5bdfcb437843c13a0378be1f27bb7d7a9fca5d77576ac29f6559dfe
kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 32c0c56de5bdfcb437843c13a0378be1f27bb7d7a9fca5d77576ac29f6559dfe
i386
kernel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: dc414358ba955dfe86af10ac089c006bde7bca5839c6d70056f4ec0d5fef5d55
kernel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: dc414358ba955dfe86af10ac089c006bde7bca5839c6d70056f4ec0d5fef5d55
kernel-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: b9df3ee68c113f5e266f5298e4dec65dca28448a5a3b6d10103f117b39b0e6f6
kernel-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: b9df3ee68c113f5e266f5298e4dec65dca28448a5a3b6d10103f117b39b0e6f6
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 647e8d2b66ef8af8b3bf0f9058455beefc16c01f82db029f944201bb7c266487
kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 647e8d2b66ef8af8b3bf0f9058455beefc16c01f82db029f944201bb7c266487
kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 399e9ae75546d2e62fab04a49b6b7680f1fa33e4c1d4082bebc188e173c709ee
kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 399e9ae75546d2e62fab04a49b6b7680f1fa33e4c1d4082bebc188e173c709ee
kernel-smp-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 7e1d0f4ec8760735217057ac367204cf6d537bea24d2c6e9d24dc81b94543a2d
kernel-smp-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 7e1d0f4ec8760735217057ac367204cf6d537bea24d2c6e9d24dc81b94543a2d
kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 29234722f28a9625c8949dd2a4a14d34ef1d9611d945f82a82ca34eb07ca68d1
kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 29234722f28a9625c8949dd2a4a14d34ef1d9611d945f82a82ca34eb07ca68d1

Red Hat Enterprise Linux Workstation 4

SRPM
kernel-2.6.9-34.0.1.EL.src.rpm	SHA-256: fdd12e33cb0042b1508cfa4deb8b1de4e69b3ead6d42539aba108750812c5e46
x86_64
kernel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: db3c71205cb985c08a8540e31c8710214cd0aa528b6bbcdb35bd300aa017cf0c
kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 7ff883b7845be5fe592761158954a6db9e11c16b733e8b0d185f16d34d235aa1
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 6434f98e70a346b2f444f1ee13b2fcf4938abd5cb5d38ff9578877dbe2402f18
kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: f4a5505c722c490c81b3ea185ad7a59867013949fdae52074f3bf1ba7808e2b4
kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: bc9fa5ec8590753fcd3619ad7307439d25ab012cbc6019b611da36fce65e5c3a
kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 593f7d0254d1176898816985efa58c88fc6e6f9c8fbdb5eb78f684e3dfd493a2
ia64
kernel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 7635747a2e5995c702e895b367141c4d8db2f535f08194641bd45a675ce00fb5
kernel-devel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 75296d1fd2cfb66da5301b5357a3b24ca4f77a063c67b940d21b053b2bdde824
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-largesmp-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 268b77b1f7cd2dbcc3ee75519eb0830b3cc75e745b746abb8a9dede10b93acba
kernel-largesmp-devel-2.6.9-34.0.1.EL.ia64.rpm	SHA-256: 32c0c56de5bdfcb437843c13a0378be1f27bb7d7a9fca5d77576ac29f6559dfe
i386
kernel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: dc414358ba955dfe86af10ac089c006bde7bca5839c6d70056f4ec0d5fef5d55
kernel-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: b9df3ee68c113f5e266f5298e4dec65dca28448a5a3b6d10103f117b39b0e6f6
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 647e8d2b66ef8af8b3bf0f9058455beefc16c01f82db029f944201bb7c266487
kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 399e9ae75546d2e62fab04a49b6b7680f1fa33e4c1d4082bebc188e173c709ee
kernel-smp-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 7e1d0f4ec8760735217057ac367204cf6d537bea24d2c6e9d24dc81b94543a2d
kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 29234722f28a9625c8949dd2a4a14d34ef1d9611d945f82a82ca34eb07ca68d1

Red Hat Enterprise Linux Desktop 4

SRPM
kernel-2.6.9-34.0.1.EL.src.rpm	SHA-256: fdd12e33cb0042b1508cfa4deb8b1de4e69b3ead6d42539aba108750812c5e46
x86_64
kernel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: db3c71205cb985c08a8540e31c8710214cd0aa528b6bbcdb35bd300aa017cf0c
kernel-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 7ff883b7845be5fe592761158954a6db9e11c16b733e8b0d185f16d34d235aa1
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-largesmp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 6434f98e70a346b2f444f1ee13b2fcf4938abd5cb5d38ff9578877dbe2402f18
kernel-largesmp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: f4a5505c722c490c81b3ea185ad7a59867013949fdae52074f3bf1ba7808e2b4
kernel-smp-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: bc9fa5ec8590753fcd3619ad7307439d25ab012cbc6019b611da36fce65e5c3a
kernel-smp-devel-2.6.9-34.0.1.EL.x86_64.rpm	SHA-256: 593f7d0254d1176898816985efa58c88fc6e6f9c8fbdb5eb78f684e3dfd493a2
i386
kernel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: dc414358ba955dfe86af10ac089c006bde7bca5839c6d70056f4ec0d5fef5d55
kernel-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: b9df3ee68c113f5e266f5298e4dec65dca28448a5a3b6d10103f117b39b0e6f6
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 647e8d2b66ef8af8b3bf0f9058455beefc16c01f82db029f944201bb7c266487
kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 399e9ae75546d2e62fab04a49b6b7680f1fa33e4c1d4082bebc188e173c709ee
kernel-smp-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 7e1d0f4ec8760735217057ac367204cf6d537bea24d2c6e9d24dc81b94543a2d
kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm	SHA-256: 29234722f28a9625c8949dd2a4a14d34ef1d9611d945f82a82ca34eb07ca68d1

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kernel-2.6.9-34.0.1.EL.src.rpm	SHA-256: fdd12e33cb0042b1508cfa4deb8b1de4e69b3ead6d42539aba108750812c5e46
s390x
kernel-2.6.9-34.0.1.EL.s390x.rpm	SHA-256: 471ece502db46d7550220baeebb79a1110af21fbbd50574bbd346502ae99deee
kernel-devel-2.6.9-34.0.1.EL.s390x.rpm	SHA-256: 7a68854609d88dfb69582f25af9096711a2fc647ac4ac68d59b99a9ea9ebdbfc
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
s390
kernel-2.6.9-34.0.1.EL.s390.rpm	SHA-256: adc22349eceeb74c9afbc27702c01d0e6dc32e6de08bbb0e84b3d350dc513efa
kernel-devel-2.6.9-34.0.1.EL.s390.rpm	SHA-256: cb1b89461f786761c8561213616e3af648d0e9b4571276a53cc2282a90f1c940
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kernel-2.6.9-34.0.1.EL.src.rpm	SHA-256: fdd12e33cb0042b1508cfa4deb8b1de4e69b3ead6d42539aba108750812c5e46
ppc
kernel-2.6.9-34.0.1.EL.ppc64.rpm	SHA-256: 471e15b88d8a6174224a54790ca66bacf8dd22c88d976ad97c5e7fbff1616f6f
kernel-2.6.9-34.0.1.EL.ppc64iseries.rpm	SHA-256: 2f80359ded87c4d61d845ff80afdab0ae207e0c1ae28caa3616caccb9f9ee357
kernel-devel-2.6.9-34.0.1.EL.ppc64.rpm	SHA-256: 23958cba2d33771f43d08726c460ef49a53a826bd67b6b080fa870b3bd0e6d64
kernel-devel-2.6.9-34.0.1.EL.ppc64iseries.rpm	SHA-256: 0ee76bc20a168bb643615aa2dd4f1d90ac9571114213d77aba27de9a027742a3
kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	SHA-256: c3d44d692057a0d4f2274fcef31d5b811f9fe7d0e9f6a3aeee3c104dcb215f31
kernel-largesmp-2.6.9-34.0.1.EL.ppc64.rpm	SHA-256: 9fd04aa78071fac6c51b2ed47d0d5c642a27fee579b13235ac6193380e6581be
kernel-largesmp-devel-2.6.9-34.0.1.EL.ppc64.rpm	SHA-256: 93a6c02a53084462892f0fc15d0cbb382d5d5ab795e8a2ebb5d37e464bd1ed87

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories