Issued:
2007-01-30
Updated:
2007-01-30

RHSA-2007:0014 - Security Advisory

Synopsis

Important: kernel security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 4 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

Description

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

  • a flaw in the get_fdb_entries function of the network bridging support

that allowed a local user to cause a denial of service (crash) or allow a
potential privilege escalation (CVE-2006-5751, Important)

  • an information leak in the _block_prepare_write function that allowed a

local user to read kernel memory (CVE-2006-4813, Important)

  • an information leak in the copy_from_user() implementation on s390 and

s390x platforms that allowed a local user to read kernel memory
(CVE-2006-5174, Important)

  • a flaw in the handling of /proc/net/ip6_flowlabel that allowed a local

user to cause a denial of service (infinite loop) (CVE-2006-5619, Important)

  • a flaw in the AIO handling that allowed a local user to cause a denial of

service (panic) (CVE-2006-5754, Important)

  • a race condition in the mincore system core that allowed a local user to

cause a denial of service (system hang) (CVE-2006-4814, Moderate)

  • a flaw in the ELF handling on ia64 and sparc architectures which

triggered a cross-region memory mapping and allowed a local user to cause a
denial of service (CVE-2006-4538, Moderate)

  • a flaw in the dev_queue_xmit function of the network subsystem that

allowed a local user to cause a denial of service (data corruption)
(CVE-2006-6535, Moderate)

  • a flaw in the handling of CAPI messages over Bluetooth that allowed a

remote system to cause a denial of service or potential code execution.
This flaw is only exploitable if a privileged user establishes a connection
to a malicious remote device (CVE-2006-6106, Moderate)

  • a flaw in the listxattr system call that allowed a local user to cause a

denial of service (data corruption) or potential privilege escalation. To
successfully exploit this flaw the existence of a bad inode is required
first (CVE-2006-5753, Moderate)

  • a flaw in the __find_get_block_slow function that allowed a local

privileged user to cause a denial of service (CVE-2006-5757, Low)

  • various flaws in the supported filesystems that allowed a local

privileged user to cause a denial of service (CVE-2006-5823, CVE-2006-6053,
CVE-2006-6054, CVE-2006-6056, Low)

In addition to the security issues described above, fixes for the following
bugs were included:

  • initialization error of the tg3 driver with some BCM5703x network card
  • a memory leak in the audit subsystem
  • x86_64 nmi watchdog timeout is too short
  • ext2/3 directory reads fail intermittently

Red Hat would like to thank Dmitriy Monakhov and Kostantin Khorenko for
reporting issues fixed in this erratum.

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 180663 - CVE-2006-4814 Race condition in mincore can cause "ps -ef" to hang
  • BZ - 205335 - CVE-2006-4538 Local DoS with corrupted ELF
  • BZ - 206328 - CVE-2006-5757 Linux kernel Filesystem Mount Dead Loop
  • BZ - 207463 - CVE-2006-4813 Information leak in __block_prepare_write()
  • BZ - 209435 - CVE-2006-5174 copy_from_user information leak on s390
  • BZ - 212144 - CVE-2006-6535 unbalanced local_bh_enable() in dev_queue_xmit()
  • BZ - 213214 - CVE-2006-5619 Lockup via /proc/net/ip6_flowlabel
  • BZ - 213921 - SAN file systems becoming read-only
  • BZ - 214288 - CVE-2006-5757 ISO9660 __find_get_block_slow() denial of service
  • BZ - 216452 - CVE-2006-5751 Linux kernel get_fdb_entries() integer overflow
  • BZ - 216958 - CVE-2006-5823 zlib_inflate memory corruption
  • BZ - 217011 - CVE-2006-6056 SELinux superblock_doinit denial of service
  • BZ - 217021 - CVE-2006-6054 ext2_check_page denial of service
  • BZ - 217030 - CVE-2006-6053 ext3fs_dirhash denial of service
  • BZ - 218602 - CVE-2006-6106 Multiple problems in net/bluetooth/cmtp/capi.c
  • BZ - 220677 - CVE-2006-5753 listxattr syscall can corrupt user space programs
  • BZ - 220971 - CVE-2006-5754 kernel panic in aio_free_ring()

Red Hat Enterprise Linux Server 4

SRPM
kernel-2.6.9-42.0.8.EL.src.rpm SHA-256: 04f89560ebcf9ccbc7816962f4ba56d7d3a7e503905430e6f27b3ac3be5bec4d
x86_64
kernel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 0b85cd2fcd040cdc1c2a3e907dc5fabce84b2618b917dfd8092715438706a6b5
kernel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 0b85cd2fcd040cdc1c2a3e907dc5fabce84b2618b917dfd8092715438706a6b5
kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 7e06c434ba1113f0d401b4a2b1165bf3198ca846cccc05de79247ee8408e4614
kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 7e06c434ba1113f0d401b4a2b1165bf3198ca846cccc05de79247ee8408e4614
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 83502949f6e8db53fb02ab0e27ad80927f7578b3727fc64a98bcaf01628e17e2
kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 83502949f6e8db53fb02ab0e27ad80927f7578b3727fc64a98bcaf01628e17e2
kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: fe8a4fdc7182ce1fc788bb6fedc04f130bf9524304feb81e5065c1438bf3c69e
kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: fe8a4fdc7182ce1fc788bb6fedc04f130bf9524304feb81e5065c1438bf3c69e
kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: caf3309015646bc169523340580701931ea0d249d2694eaf40c76dac94b9eca7
kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: caf3309015646bc169523340580701931ea0d249d2694eaf40c76dac94b9eca7
kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 60dbe3afc71c1c30e051dfa0ab9e0ade1341d1e6aed5334ca8ef682fcdb9db2f
kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 60dbe3afc71c1c30e051dfa0ab9e0ade1341d1e6aed5334ca8ef682fcdb9db2f
ia64
kernel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: a014cc51b9e9f7efad338eaefd52c5bfe51ad8f97a8fe546e8a9ed9018bc8706
kernel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: a014cc51b9e9f7efad338eaefd52c5bfe51ad8f97a8fe546e8a9ed9018bc8706
kernel-devel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: bb0c183aebc5665b0609d1800acbaeeda6e45ce2ed529defb71f16a22a2832d3
kernel-devel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: bb0c183aebc5665b0609d1800acbaeeda6e45ce2ed529defb71f16a22a2832d3
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-largesmp-2.6.9-42.0.8.EL.ia64.rpm SHA-256: 0482df94019a990e65424b1a0c848c79fec651325f7a56c7305a115d68d0f830
kernel-largesmp-2.6.9-42.0.8.EL.ia64.rpm SHA-256: 0482df94019a990e65424b1a0c848c79fec651325f7a56c7305a115d68d0f830
kernel-largesmp-devel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: 512f6aae1c63d1e76261fbe78d6a962f87cef5f68e32a6335b13dd4d25870fe2
kernel-largesmp-devel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: 512f6aae1c63d1e76261fbe78d6a962f87cef5f68e32a6335b13dd4d25870fe2
i386
kernel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 250d817d28677bd5cb6f5564188a28c05fce622f0bd23145f5cd607223dbc62c
kernel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 250d817d28677bd5cb6f5564188a28c05fce622f0bd23145f5cd607223dbc62c
kernel-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: ceefec8531004b5d25ffc733ea8323ee062a6bf929a8636cd209f2542aa24370
kernel-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: ceefec8531004b5d25ffc733ea8323ee062a6bf929a8636cd209f2542aa24370
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm SHA-256: 3e1f3164f1fb38fd2300fbe0c12d69ac418f53b64f1cd8f8dde60aa3ae90e6f8
kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm SHA-256: 3e1f3164f1fb38fd2300fbe0c12d69ac418f53b64f1cd8f8dde60aa3ae90e6f8
kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 73e5a35bebb58408ce85dd0f5e83d26514eeb400d2c8c8977865eb3d7516cc5d
kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 73e5a35bebb58408ce85dd0f5e83d26514eeb400d2c8c8977865eb3d7516cc5d
kernel-smp-2.6.9-42.0.8.EL.i686.rpm SHA-256: fa2144d86ab7cec34fbea6b2499a21a8f5d94bbda49c7703189f61ac1857d14a
kernel-smp-2.6.9-42.0.8.EL.i686.rpm SHA-256: fa2144d86ab7cec34fbea6b2499a21a8f5d94bbda49c7703189f61ac1857d14a
kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 496602a4d1d43419acbee05b416306634f41db3636ad9661a93f40070f2f63dc
kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 496602a4d1d43419acbee05b416306634f41db3636ad9661a93f40070f2f63dc

Red Hat Enterprise Linux Workstation 4

SRPM
kernel-2.6.9-42.0.8.EL.src.rpm SHA-256: 04f89560ebcf9ccbc7816962f4ba56d7d3a7e503905430e6f27b3ac3be5bec4d
x86_64
kernel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 0b85cd2fcd040cdc1c2a3e907dc5fabce84b2618b917dfd8092715438706a6b5
kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 7e06c434ba1113f0d401b4a2b1165bf3198ca846cccc05de79247ee8408e4614
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 83502949f6e8db53fb02ab0e27ad80927f7578b3727fc64a98bcaf01628e17e2
kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: fe8a4fdc7182ce1fc788bb6fedc04f130bf9524304feb81e5065c1438bf3c69e
kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: caf3309015646bc169523340580701931ea0d249d2694eaf40c76dac94b9eca7
kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 60dbe3afc71c1c30e051dfa0ab9e0ade1341d1e6aed5334ca8ef682fcdb9db2f
ia64
kernel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: a014cc51b9e9f7efad338eaefd52c5bfe51ad8f97a8fe546e8a9ed9018bc8706
kernel-devel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: bb0c183aebc5665b0609d1800acbaeeda6e45ce2ed529defb71f16a22a2832d3
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-largesmp-2.6.9-42.0.8.EL.ia64.rpm SHA-256: 0482df94019a990e65424b1a0c848c79fec651325f7a56c7305a115d68d0f830
kernel-largesmp-devel-2.6.9-42.0.8.EL.ia64.rpm SHA-256: 512f6aae1c63d1e76261fbe78d6a962f87cef5f68e32a6335b13dd4d25870fe2
i386
kernel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 250d817d28677bd5cb6f5564188a28c05fce622f0bd23145f5cd607223dbc62c
kernel-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: ceefec8531004b5d25ffc733ea8323ee062a6bf929a8636cd209f2542aa24370
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm SHA-256: 3e1f3164f1fb38fd2300fbe0c12d69ac418f53b64f1cd8f8dde60aa3ae90e6f8
kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 73e5a35bebb58408ce85dd0f5e83d26514eeb400d2c8c8977865eb3d7516cc5d
kernel-smp-2.6.9-42.0.8.EL.i686.rpm SHA-256: fa2144d86ab7cec34fbea6b2499a21a8f5d94bbda49c7703189f61ac1857d14a
kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 496602a4d1d43419acbee05b416306634f41db3636ad9661a93f40070f2f63dc

Red Hat Enterprise Linux Desktop 4

SRPM
kernel-2.6.9-42.0.8.EL.src.rpm SHA-256: 04f89560ebcf9ccbc7816962f4ba56d7d3a7e503905430e6f27b3ac3be5bec4d
x86_64
kernel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 0b85cd2fcd040cdc1c2a3e907dc5fabce84b2618b917dfd8092715438706a6b5
kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 7e06c434ba1113f0d401b4a2b1165bf3198ca846cccc05de79247ee8408e4614
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 83502949f6e8db53fb02ab0e27ad80927f7578b3727fc64a98bcaf01628e17e2
kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: fe8a4fdc7182ce1fc788bb6fedc04f130bf9524304feb81e5065c1438bf3c69e
kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: caf3309015646bc169523340580701931ea0d249d2694eaf40c76dac94b9eca7
kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm SHA-256: 60dbe3afc71c1c30e051dfa0ab9e0ade1341d1e6aed5334ca8ef682fcdb9db2f
i386
kernel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 250d817d28677bd5cb6f5564188a28c05fce622f0bd23145f5cd607223dbc62c
kernel-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: ceefec8531004b5d25ffc733ea8323ee062a6bf929a8636cd209f2542aa24370
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm SHA-256: 3e1f3164f1fb38fd2300fbe0c12d69ac418f53b64f1cd8f8dde60aa3ae90e6f8
kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 73e5a35bebb58408ce85dd0f5e83d26514eeb400d2c8c8977865eb3d7516cc5d
kernel-smp-2.6.9-42.0.8.EL.i686.rpm SHA-256: fa2144d86ab7cec34fbea6b2499a21a8f5d94bbda49c7703189f61ac1857d14a
kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm SHA-256: 496602a4d1d43419acbee05b416306634f41db3636ad9661a93f40070f2f63dc

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kernel-2.6.9-42.0.8.EL.src.rpm SHA-256: 04f89560ebcf9ccbc7816962f4ba56d7d3a7e503905430e6f27b3ac3be5bec4d
s390x
kernel-2.6.9-42.0.8.EL.s390x.rpm SHA-256: 4b417937c9220f3b10aad83675b2b500888a206352d92bcff5d550e7123ab2f0
kernel-devel-2.6.9-42.0.8.EL.s390x.rpm SHA-256: 3b6e92ef2367ade72bbc5d1860ee5debd1d04898f352ae8aa347ba995ad0b06d
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
s390
kernel-2.6.9-42.0.8.EL.s390.rpm SHA-256: 1f25397d4dfe37c1acc71cac31a8b4c336b6d66a3cd596ea6ebb26c1ef9bcaed
kernel-devel-2.6.9-42.0.8.EL.s390.rpm SHA-256: f368c3647588aeb4f8f666a69026dd86ca5cc1335a8971261d3ccd33c6b62a30
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kernel-2.6.9-42.0.8.EL.src.rpm SHA-256: 04f89560ebcf9ccbc7816962f4ba56d7d3a7e503905430e6f27b3ac3be5bec4d
ppc
kernel-2.6.9-42.0.8.EL.ppc64.rpm SHA-256: f2cd9816fc517cee1b4aacc19280dfcbbeff9c14f0de8eff10a236bd5ced8525
kernel-2.6.9-42.0.8.EL.ppc64iseries.rpm SHA-256: 1a2dd77a1d11e8d65731b46d4cc851098c847b24c9012540c49188a35e6d604c
kernel-devel-2.6.9-42.0.8.EL.ppc64.rpm SHA-256: f1bcd1dd4540f102c776fd2bcc8fe48c08ed6d396f4074b0f4a35d0548bba4eb
kernel-devel-2.6.9-42.0.8.EL.ppc64iseries.rpm SHA-256: e272cb6e962a3607e28f8e4d9ee7a3e5b740fe711ffb812a59007a2500489eaf
kernel-doc-2.6.9-42.0.8.EL.noarch.rpm SHA-256: 19b3f04d8fb04090d3636127c7b4df52a8a0368d4ed902e1ef8da87c302c7d2a
kernel-largesmp-2.6.9-42.0.8.EL.ppc64.rpm SHA-256: f0c10a2d7731dcc36d261d03678b5ab8708ae2c991e39b99e296594abbdf0691
kernel-largesmp-devel-2.6.9-42.0.8.EL.ppc64.rpm SHA-256: 72ff80568de5b4cf06a7fbf211d706da7f2bb421b080c9c89c667d3ceb2523f7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.