RHSA-2009:1243 - Security Advisory

Topic

Updated kernel packages that fix security issues, address several hundred
bugs and add numerous enhancements are now available as part of the ongoing
support and maintenance of Red Hat Enterprise Linux version 5. This is the
fourth regular update.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

• it was discovered that, when executing a new process, the clear_child_tid

pointer in the Linux kernel is not cleared. If this pointer points to a
writable portion of the memory of the new program, the kernel could corrupt
four bytes of memory, possibly leading to a local denial of service or
privilege escalation. (CVE-2009-2848, Important)

• a flaw was found in the way the do_sigaltstack() function in the Linux

kernel copies the stack_t structure to user-space. On 64-bit machines, this
flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)

• a flaw was found in the ext4 file system code. A local attacker could use

this flaw to cause a denial of service by performing a resize operation on
a specially-crafted ext4 file system. (CVE-2009-0745, Low)

• multiple flaws were found in the ext4 file system code. A local attacker

could use these flaws to cause a denial of service by mounting a
specially-crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, Low)

These updated packages also include several hundred bug fixes for and
enhancements to the Linux kernel. Space precludes documenting each of these
changes in this advisory and users are directed to the Red Hat Enterprise
Linux 5.4 Release Notes for information on the most significant of these
changes:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/

Also, for details concerning every bug fixed in and every enhancement added
to the kernel for this release, see the kernel chapter in the Red Hat
Enterprise Linux 5.4 Technical Notes:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html

All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which address these vulnerabilities as well as fixing the bugs
and adding the enhancements noted in the Red Hat Enterprise Linux 5.4
Release Notes and Technical Notes. The system must be rebooted for this
update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 223947 - raid10_make_request bug: can't convert block across chunks or bigger than 64k..
• BZ - 233801 - PCI devices disappear in Xen Paravirtual DomU on reboot/reset
• BZ - 240429 - RHEL5 Kernel crash when specifying mem= or highmem= kernel parameter
• BZ - 242696 - Add Filesystem Label to GFS2
• BZ - 244967 - Frequent path failures during I/O on DM multipath devices
• BZ - 290701 - pci: MSI/HT problems with some nvidia bridge chips
• BZ - 396621 - Increase timeout for device connection on boot
• BZ - 427588 - [RHEL 5.2]: Tick divider bug when using clocksource=pit
• BZ - 436791 - Kernel BUG at drivers/scsi/iscsi_tcp.c:387 - invalid opcode: 0000
• BZ - 439898 - module load option to enable entropy generation from e1000,bnx2 network cards
• BZ - 443541 - Online resize2fs error: Invalid argument While trying to add group #15625
• BZ - 445433 - A deadlock can occur between mmap/munmap and journaling(ext3).
• BZ - 446086 - crash formatting a DVD under libata
• BZ - 448115 - Guest crash when host has >= 64G RAM
• BZ - 448588 - RFE: improve gettimeofday performance on hypervisors
• BZ - 448929 - [RHEL5 U1] Kernel NFS Connectathon Test#12, 12.1 Failing
• BZ - 449175 - E1000 driver enables TSOv6 for hardware that doesn't support it
• BZ - 449346 - SMP 32bit RHEL5u1 and RHEL5u2 HVM domain might stop booting when start udev service
• BZ - 450862 - scsi_add_host() returns success even if the work_q was not created
• BZ - 451849 - ptrace(PTRACE_CONT, sig) kills app even if sig is blocked
• BZ - 452120 - lazy umount causes pwd to fail silently (kernel)
• BZ - 452534 - [RFE] Enable raw devices on s390x
• BZ - 454942 - RHEL5.2: ext3 panic in dx_probe
• BZ - 454981 - CPUID driver does not support cpuid.4 and cpuid.0xb instruments
• BZ - 455232 - RHEL5-U2 Installation hangs on p-series--7029, 2078
• BZ - 455678 - DM-multipath marks the surviving path as failed on failbacks
• BZ - 456437 - [RHEL5.2-Z][kernel-xen] powernow identifies the wrong number of processors.
• BZ - 456698 - Module snd-sb16.ko fails to build in a custom kernel.
• BZ - 459397 - Cannot create more than 1024 nfsd threads
• BZ - 459449 - [Qlogic 5.4] qla4xxx: Remove Dead/Unused code from driver
• BZ - 459943 - FEAT: kernel: nf_nat: backport NAT port randomisation [rhel-5.3]
• BZ - 460133 - NFS problem#3 of IT 106473 - 32-bit jiffy wrap around - NFS inode
• BZ - 460218 - GFS2: Hang when shrink_slab calls gfs2_delete_inode
• BZ - 460693 - Xen domU, RAID1, LVM, iscsi target export with blockio bug
• BZ - 461006 - SCSI Hotswap not working with sym53c8xx_2 card in NSN MCP18 system.
• BZ - 461288 - [EMC 5.4 feat] Require kernel support to issue Control I/O to CKD dasd on EMC Symmetrix arrays
• BZ - 461469 - device-mapper changes to support readonly device maps
• BZ - 462248 - Debug Kernel - NMI Watchdog detected LOCKUP
• BZ - 462352 - [RHEL-5.2] e1000e module doesn't implement SIOETHTOOL ETHTOOL_GPERMADDR
• BZ - 462572 - RHEL 5.1 show error msg of "PCI: BIOS Bug: MCFG area at e0000000 is not E820-reserved" during boot
• BZ - 462725 - [RHEL-5.2] replacing routes doesn't emit notifications via netlink
• BZ - 462731 - invalid behaviour of NETKEY / XFRM deleting SPD
• BZ - 462911 - 5.3 beta kernel -115.el breaks the proprietary Nvidia driver
• BZ - 463244 - [PATCH] Removing bond interfaces causes workqueue thread leak
• BZ - 463249 - document netdev_budget
• BZ - 463573 - Patches to improve timekeeping for RHEL kernels running under VMware.
• BZ - 464039 - Timeouts in wait_drive_not_busy with TEAC DV-W28ECW and similar
• BZ - 464500 - RHEL5: memmap=X$Y option doesn't yield new BIOS map
• BZ - 465143 - update CIFS for RHEL5.4
• BZ - 465456 - Kernel panic in auth_rpcgss:__gss_find_upcall
• BZ - 465543 - kernel module is required to enable kernel markers
• BZ - 465781 - MD RAID1 error handler deadlock (raid1d / make_request)
• BZ - 466086 - IPoIB-CM connectivity problem with eHCA adapters
• BZ - 466701 - RFE: an error when mounting the same NFS mount with different SELinux contexts
• BZ - 467698 - xen: 32 bit guest on 64 bit host oops in xen_set_pud()
• BZ - 467782 - unstable time source
• BZ - 468088 - [EMULEX 5.4 bug] scsi messages correlate with silent data corruption, but no i/o errors
• BZ - 468092 - number of lockd socket connections is capped at 80
• BZ - 469130 - Xen live migration may fail due to fragmented memory
• BZ - 469437 - ansi cprng needs to allow for user-provided initial counter values
• BZ - 469707 - specfile changes to allow just building the debug kernel
• BZ - 469848 - [RHEL5.2] nfs_getattr() hangs during heavy write workloads
• BZ - 470035 - xm dmesg printk spam -- Domain attempted WRMSR 00000000000000e8 from 00000016:3d0e9470 to 00000000:00000000
• BZ - 470059 - IPv6 netfilter: output routing rules based on fwmark don't work
• BZ - 470074 - overlapping nfs locks don't work in gfs/dlm
• BZ - 470111 - FIPS certification requires exporting DSA_verify function
• BZ - 470139 - stack usage optimization in link_path_walk() [rhel-5.4]
• BZ - 470202 - Kernel Panic at pci_scan_bus_parented+0xa/0x1f with "acpi=off" or "acpi=ht" options
• BZ - 470459 - The system stall or panic can occur when /proc/<pid>/oom_score is read
• BZ - 470929 - rng header needs to be in kernel-devel
• BZ - 471254 - lockd: fix reference count leaks in async locking case (impacts GFS2)
• BZ - 471281 - crypto: ansi_cprng: get_prng_bytes returning some incorrect data
• BZ - 471565 - Creation of mirrored logical volume with VG extent-size of 1K fails
• BZ - 471800 - Driver for dm9601 doesn't seem to work as advertised
• BZ - 471893 - kernel's inotify subsystem not send notification on inode link count change
• BZ - 471900 - [QLogic 5.4 feat] qla2xxx,qla8xxx - Support production FCoE hardware.
• BZ - 472386 - fips crypto: self-test needed for rfc4309(ccm(aes))
• BZ - 472426 - missing compat sys_ustat corrupts userspace when sys_ustat called from 32-bit
• BZ - 472523 - AMD: Panic if cpu_khz is incorrect
• BZ - 472547 - [RHEL5.4 FEAT] Update ixgbe to version 2.0.8-k2 and support the 82599 (Niantic) device
• BZ - 472558 - oops in mirror_map (dm-raid1.c)
• BZ - 473504 - kernel panic in tcp_tso_segment() (iptables/netfilter)
• BZ - 473947 - asm-generic/ioctl.h can generate link error undefined __invalid_size_argument_for_IOC
• BZ - 474091 - [Intel 5.4 FEAT] TSC keeps running in C3+
• BZ - 474240 - [RHEL5.1] Support of Broadcom HT1100 chipset - add new PCI ID
• BZ - 474301 - [AMD 5.4 FEAT] Withdraw IGN_SERR_INTERNAL for SB800 SATA
• BZ - 474334 - r8169 reports incredible number of RX dropped packets
• BZ - 474394 - crypto: des3_ede single-key doesn't work
• BZ - 474590 - lockd: return NLM_LCK_DENIED_GRACE_PERIOD after long periods
• BZ - 474646 - [LTC 5.4 FEAT] Kernel NSS support - kernel part [200790]
• BZ - 474664 - [LTC 5.4 FEAT] System z support for processor degradation [200975]
• BZ - 474688 - [LTC 5.4 FEAT] Automatic IPL after dump (kernel) [201169]
• BZ - 474699 - After successful connection to a WPA AP, iwlagn loses its ability to speak WEP
• BZ - 474797 - [RHEL 5] gen_estimator deadlock fix
• BZ - 474881 - [Intel 5.4 FEAT] Update the Intel igb driver to match upstream changes & include Kawela PF
• BZ - 474891 - PCI Domain support for HP xw9400 and xw9300
• BZ - 474913 - [LTC 5.4 FEAT] Thread scalability issues with TPC-C [201300]
• BZ - 475145 - audit: increase the maximum length of the key field
• BZ - 475147 - fix assorted audit_filter_task() panics on ctx == NULL
• BZ - 475149 - audit: fix kstrdup() error check
• BZ - 475150 - kernel/audit.c control character detection is off-by-one
• BZ - 475278 - missing audit records for descriptors created by pipe(2) and socketpair(2)
• BZ - 475312 - GFS2: mount attempt hangs if no more journals available
• BZ - 475330 - Misc kernel audit fixups
• BZ - 475334 - [LTC 5.4 FEAT] FCP - Performance Data collection (kernel) [201590]
• BZ - 475374 - Make clock source functions consistent between x86_64 & i386 arches
• BZ - 475530 - [LTC 5.4 FEAT] Extra kernel parameter via VMPARM [201726]
• BZ - 475536 - [LTC 5.4 FEAT] OpenIPMI driver update [201263]
• BZ - 475551 - [LTC 5.4 FEAT] TTY terminal server over IUCV (kernel) [201734]
• BZ - 475563 - [LTC 5.4 FEAT] Shutdown actions interface (kernel) [201747]
• BZ - 475567 - [Broadcom 5.4 FEAT] Update bnx2 to 1.8.2b+
• BZ - 475570 - [LTC 5.4 FEAT] Provide service levels of HW & Hypervisor in Linux [201753]
• BZ - 475572 - [LTC 5.4 FEAT] HiperSockets Layer3 support for IPv6 [201751]
• BZ - 475620 - [LTC 5.4 FEAT] Update spufs for Cell in the kernel of RHEL5.4 to the upstream version [201774]
• BZ - 475621 - [LTC 5.4 FEAT] Enable SOL (serial over lan) usage for Cell systems with RHEL5 [201454]
• BZ - 475625 - [Intel 5.4 bug] ixgbe does not work reliably with 16 or more cores
• BZ - 475658 - [LTC 5.4 FEAT] Enable Power Button on Cell Blades [201777]
• BZ - 475696 - [LTC 5.4 FEAT] EEH infrastructure change for MSI-X interrupt support [201779]
• BZ - 475717 - [LTC 5.4 FEAT] Enhance the ipr driver to support MSI-X interrupt [201780]
• BZ - 475790 - Compilation failure with /usr/include/linux/futex.h header
• BZ - 475814 - race in aio_complete() leads to process hang
• BZ - 475820 - [LTC 5.4 FEAT] Linux to add Call Home data [201167]
• BZ - 475986 - Question for LUKS device passhprase unreadable when using Xen
• BZ - 476206 - ahci: jmb361 has only one port
• BZ - 476224 - convert NFS to new write_begin/write_end interfaces
• BZ - 476301 - [Chelsio FEAT] Update support for Terminator3 adapters
• BZ - 476626 - GFS2: [RFE] fiemap support for GFS2
• BZ - 476659 - softlockups due to infinite loops in posix_locks_deadlock
• BZ - 476707 - GFS2: [RFE] Merge upstream uevent patches into RHEL 5.4
• BZ - 476897 - kernel panics when attempting to rmmod the bnx2 module while it is in use.
• BZ - 477005 - lockdep warnings on RHEL5.3 xen guest
• BZ - 477012 - network hangs with xen_vnif in FV RHEL5 guest
• BZ - 477206 - [LTC 5.4 FEAT] Xen support for 192 CPUs [201257]
• BZ - 478638 - kernel-2.6.18-92.1.22.el5 misses bug fix which has to be backported.
• BZ - 478643 - multipath test causes memory leak and eventual system deadlock
• BZ - 479200 - [Broadcom 5.4 feat] Please add pcie_set_readrq() to the rhel5_drivers_pci_pcie_ga kernel symbol whitelist
• BZ - 479288 - [QLOGIC 5.4 feat] Add qlge 10Gb ethernet driver
• BZ - 479401 - GFS2: Parsing of remount arguments incorrect
• BZ - 479412 - PATH and EXECVE audit records contain bogus newlines
• BZ - 479740 - [RHEL 5.1] SUN Ultra 40 forcedeth: Network freezes reproducibly (stress) evebe600
• BZ - 479754 - RH5.3 x64 RC2 reboots while installing a virtual machine
• BZ - 479765 - Leap second message can hang the kernel
• BZ - 479927 - Needs to check GSO packet length against MSS
• BZ - 480142 - /proc/acpi/dsdt: No such device
• BZ - 480204 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 1
• BZ - 480663 - data corruption and general brokenness with ramdisks (rd)
• BZ - 480696 - RDMA latencytest and perftest fail with QLogic IB
• BZ - 480733 - 2 volume rebuilding problem - second volume rebuild doesn't succeed.
• BZ - 480939 - RHEL-5: Deadlock in Xen netfront driver.
• BZ - 480951 - Improve udp port randomization
• BZ - 481031 - crypto: panic handling ccm vectors with null associated data
• BZ - 481076 - kernel BUG at net/ipv4/netfilter/ip_nat_core.c:308
• BZ - 481175 - need to backport several ansi_cprng patches
• BZ - 481199 - waitpid() reports stopped process more than once
• BZ - 481226 - Bitmap Merging Patch for RHEL 5.4
• BZ - 481283 - [RHEL5.3] Original ether's status is keeping PROMISC MULTICAST mode
• BZ - 481682 - linux-2.6-misc-utrace-update.patch contains incorrect optimization
• BZ - 481691 - [QLogic 5.4 bug] qla2xx - Word-endian problem programming flash on PPC
• BZ - 481715 - BCM5704 NIC results in CPU 100%SI , sluggish system performance
• BZ - 482737 - Add explicit ALUA support to kernel
• BZ - 482796 - eHEA: mutex_unlock missing in eHEA error path
• BZ - 482990 - RHEL 5.3 GA kernel panics when RF Kill is on in 5100/5300 AGN
• BZ - 483171 - Panic at boot if SATA disk is present
• BZ - 483285 - fix oops when using skb_seq_read
• BZ - 483541 - gfs2 blocked after recovery
• BZ - 483588 - [RFE ] Connlimit kernel module support [rhel-5.4]
• BZ - 483594 - FEAT: RHEL 5.4 - update ALSA HDA audio driver from upstream
• BZ - 483617 - reproducible panic in debugfs_remove when unmounting gfs2 filesystem
• BZ - 483790 - [IPV6] Fix the return value of get destination options with NULL data
• BZ - 483793 - [ipv6] Fix the return value of Set Hop-by-Hop options header with NULL
• BZ - 483814 - kernel BUG at kernel/ptrace.c:1068
• BZ - 484105 - [IPV6] Return correct result for sticky options
• BZ - 484158 - FEAT: feature request. disable iostat collection in gendisk
• BZ - 484227 - [Intel 5.4 FEAT] virtualization feature VTd: hypervisor changes (Xen)
• BZ - 484304 - [RHEL-5.3] ARP packets aren't received by backup slaves breaking arp_validate=3
• BZ - 484403 - Add kernel version to oops and panic output
• BZ - 484590 - Running Openswan ipsec vpn server with rhel-5.3 kernel-2.6.18-128.el5 causes crash
• BZ - 484796 - tulip driver MTU problems when using dot1q vlans
• BZ - 484836 - DASDFMT not operating like CPFMTXA
• BZ - 484943 - [Stratus 5.4 bug] PCI hot unplug can leak MSI descriptors causing fallback to legacy interrupts
• BZ - 484971 - [IPv6] Update setsockopt(IPV6_MULTICAST_IF) to support RFC 3493, try2
• BZ - 484977 - [IPV6]: Check length of optval provided by user in setsockopt()
• BZ - 485098 - NULL pointer deference in gfs2_getbuf
• BZ - 485181 - Dock/Undock+ CDROM support for X61 and other laptops
• BZ - 485182 - Data cards like Huawei EC121 does not work with RHEL5
• BZ - 485226 - GFS2 unaligned access in gfs2_bitfit
• BZ - 485315 - ext4 kernelspace rebase for RHEL5.4
• BZ - 485381 - backport critical netxen driver fixes from upstream kernel to RHEL5.4
• BZ - 485718 - Add mmu-notifiers support to RHEL5 kernel
• BZ - 486030 - [iwl3945] Status LED doesn't light up (Lenovo T61)
• BZ - 486168 - GFS2: Quota mount option inconsistent with common quota/noquota options
• BZ - 486185 - pci_setup_bridge() clears the Prefetchable Memory Base and Limit Upper 32 Bits registers
• BZ - 486204 - [ipv6 RAW] Disallow IPPROTO_IPV6-level IPV6_CHECKSUM socket option on ICMPv6 sockets
• BZ - 486215 - [IPV6] Check outgoing interface even if source address is unspecified
• BZ - 486756 - nfs server rejecting large writes when sec=krb5i/p is specified
• BZ - 487213 - [Intel 5.4 bug] ixgbe driver double counts RX byte count
• BZ - 487293 - Missing DELL MD3000i storage into scsi_dh_rdac kernel module device list
• BZ - 487406 - [ipv6] Check the hop limit setting in ancillary data
• BZ - 487672 - slab corruption with dlm and clvmd on ppc64
• BZ - 487691 - [RHEL5.3]: modprobe xen-vnif in a KVM guest causes a crash
• BZ - 487929 - CVE-2009-0745 kernel: ext4: ext4_group_add() missing initialisation issue
• BZ - 487935 - CVE-2009-0746 kernel: ext4: make_indexed_dir() missing validation
• BZ - 487942 - CVE-2009-0747 kernel: ext4: ext4_isize() denial of service
• BZ - 487945 - CVE-2009-0748 kernel: ext4: ext4_fill_super() missing validation issue
• BZ - 488367 - [NET] Fix functions put_cmsg()/put_cmsg_compat() which may cause usr application memory overflow
• BZ - 488471 - Problem with drive status leds after update to 2.6.18-128.el5
• BZ - 488820 - update efifb
• BZ - 488964 - RHEL 5.4: hpilo - backport of bugfixes and updates from upstream
• BZ - 489096 - install include/trace/*.h headers in kernel-devel
• BZ - 489274 - [RHEL5.3 Xen]: Cannot attach > 16 PV disks using PV-on-HVM drivers
• BZ - 489285 - Backport lookupcache= mount option for nfs shares
• BZ - 489389 - [QLOGIC 5.4 bug] qla4xxx: Extended Sense Data Errors
• BZ - 490078 - "automount" daemon gets blocked uninterruptibly while trying to acquire "i_sem" of monitored directory
• BZ - 490162 - ethttool -S on r8169 version 2.2LK hangs when interface is down
• BZ - 490181 - NFS: an f_mode/f_flags confusion in fs/nfs/write.c
• BZ - 490567 - [RHEL5.3 Xen]: Annoying messages on i686 boot
• BZ - 490938 - [x86_64]: copy_user_c can zero more data than needed
• BZ - 491266 - kernel should be built with -fwrapv [rhel-5.4]
• BZ - 491685 - vmalloc_user() panics 2.6.18-128.1.1.el5 if a kmem cache grows
• BZ - 491775 - building of kernel-devel on i386 doesn't include asm-x86_64/stacktrace.h
• BZ - 492010 - powernow-k8: export module parameters to /sys/modules
• BZ - 492488 - Driver core: make bus_find_device_by_name() more robust
• BZ - 492866 - Xen guest kernel advertises absolute mouse pointer feature which it is incapable of setting up correctly
• BZ - 492911 - tar off gfs2 broken - truncated symbolic links
• BZ - 492943 - GFS2: gfs2_quotad in uninterruptible sleep while idle
• BZ - 492972 - [RHEL5.2] [IPV6] TUNNEL6: Fix incoming packet length check for inter-protocol tunnel.
• BZ - 493045 - memory leak when reading from files mounted with nfs mount option 'noac'
• BZ - 493088 - Kprobes bugfixes backport from 2.6.29
• BZ - 493144 - panic in SELinux code with shrinkable NFS mounts
• BZ - 493152 - [Intel 5.4 FEAT] virtualization feature SR/IOV: kernel changes
• BZ - 493448 - The SCSI tape driver (st) does not support writing with larger buffers when using aic7xxx
• BZ - 493451 - Upgrade to update 3 causes SATA resets.
• BZ - 494114 - 2.6.18-128.1.6.el5xen panic!
• BZ - 494288 - CPU P-state limits (via acpi _ppc) ignored by OS
• BZ - 494658 - With Red Hat errata 128.1.6 installed system hangs with SATA drives installed.
• BZ - 494876 - [RHEL5.4]: Explicitly zero CR[1] in getvcpucontext
• BZ - 494879 - [RHEL5.4]: Fix interaction between dom0 and NTP
• BZ - 494885 - GFS2: gfs2_grow changes to rindex read in wrong by the kernel
• BZ - 495092 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 2
• BZ - 495094 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 3
• BZ - 495125 - ptrace: wrong value for bp register at syscall entry tracing
• BZ - 495230 - kernel dm: OOps in mempool_free when device removed
• BZ - 495318 - Bonding driver updelay parameter actual behavior doesn't match documented behavior
• BZ - 495442 - vmscan: bail out of direct reclaim after swap_cluster_max pages
• BZ - 495612 - Export guest UUID through SMBIOS to show in guest dmidecode by default
• BZ - 495863 - kernel: tun: Add packet accounting
• BZ - 495866 - show_partition() oops when race with rescan_partitions()
• BZ - 496100 - Random crashing in dm snapshots because of a race condition
• BZ - 496101 - kernel BUG with dm multipath and a partial read request
• BZ - 496102 - Backport patches for snapshot store damage
• BZ - 496126 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 4
• BZ - 496338 - sata_mv: Fix chip type for Highpoint RocketRaid 1740/1742
• BZ - 496766 - autofs4 - obvious mistake in mounted check in autofs4_mount_busy()
• BZ - 496869 - [Intel 5.4 FEAT] virtualization feature VTd: kernel changes
• BZ - 496873 - [Intel 5.4 FEAT] virtualization feature enhanced VTd: hypervisor changes
• BZ - 496903 - Setacl not working over NFS.
• BZ - 497411 - kernel BUG at drivers/scsi/libiscsi.c:301!
• BZ - 497414 - add 'success' value to sched_wakeup and sched_wakeup_new tracepoints
• BZ - 497478 - [QLOGIC 5.4 bug] qla4xxx: Driver Fault Recovery
• BZ - 498281 - dont use DID_TRANSPORT_DISRUPTED when transitioning rport or iscsi states
• BZ - 498527 - ehca performance impact during creation of queue pairs
• BZ - 498719 - [patch] mac80211: nullfunc and hidden SSID fixes
• BZ - 499013 - Deadlock between libvirt and xentop
• BZ - 499171 - kernel: ecryptfs_parse_options: eCryptfs: unrecognized option 'ecryptfs_unlink_sigs'
• BZ - 499202 - New compilation warning in ext4 rebase
• BZ - 499289 - RHEL5.3.z LTP nanosleep02 Test Case Failure on Fujitsu Machine
• BZ - 499347 - Add Generic Receive Offload support
• BZ - 499406 - device-mapper: dm-raid45 target doesn't create parity as expected by dmraid (isw)
• BZ - 499541 - kernel: proc: avoid information leaks to non-privileged processes [rhel-5.4]
• BZ - 499776 - kernel: random: make get_random_int() more random [rhel-5.4]
• BZ - 499840 - nfsv4recoverydir proc file unreadable
• BZ - 499870 - Wacom driver with Intuos tablet does not report button press after a proximity leave/re-enter
• BZ - 499999 - ath5k module freezes when interface is brought down
• BZ - 500311 - Kernel panic when loading cpufreq_governor
• BZ - 500368 - NETDEV_BONDING_FAILOVER is defined twice in the kernel
• BZ - 500387 - device-mapper: dm-raid45 target regression causing oops on mapping table reload
• BZ - 500446 - [RHEL5.4] igb: debug kernel reveals incorrect call used to free multiqueue netdev
• BZ - 500568 - kernel-xen should *not* include pci-stub driver
• BZ - 500693 - LTP ftest04 and ftest08 Failures
• BZ - 500729 - Deadlock when a uevent is blocked waiting for the queued I/O.
• BZ - 500745 - Need symbols added to KABI whitelist for cmirror-kmod
• BZ - 500839 - renaming file on a share w/o write permissions causes oops
• BZ - 500857 - [RHEL5 U4] Systems seems to hang on reboot
• BZ - 500892 - Kernel - testing NMI watchdog ... CPU#0: NMI appears to be stuck (0)!
• BZ - 501082 - RHEL5.4 ext4: backport corruption fixes from .30
• BZ - 501178 - RHEL5: NMI lockups seen after enabling cpuspeed on -147.el5 & -148.el5
• BZ - 501308 - REGRESSION: iSCSI Target's Redirect login causes errors in connection
• BZ - 501321 - Removal of directory doesn't produce audit record if rule is recursive
• BZ - 501374 - disable MSI on VIA VT3364 chipsets
• BZ - 501468 - RHEL5.4 virtio: "Device does not have a release() function, it is broken and must be fixed" warnings
• BZ - 501474 - [RHEL5.4 Xen]: Xenbus warnings in a FV guest on shutdown
• BZ - 501475 - [RHEL5.4 Xen]: "Weight assignment" messages printed to the serial console
• BZ - 502944 - READ CAPACITY failed on 10TB LUN
• BZ - 503080 - need to fix sky2 stats
• BZ - 503191 - [RHEL5.4 Xen]: Tun patch causing connectathon to fail
• BZ - 503215 - igb: dropping rx packets
• BZ - 503248 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.44
• BZ - 503309 - qemu-kvm: page allocation failure
• BZ - 503737 - [RHEL5.4 Xen]: Trying to boot a FV -PAE kernel crashes
• BZ - 503818 - Xen dom0 fake e820 prevents IGB driver from creating VF devices
• BZ - 503826 - PCI device fails to allocate resource
• BZ - 503827 - sata_sx4: ata_cmd_set_features time out resulting in disabled device
• BZ - 503905 - kernel: TPM: get_event_name stack corruption [rhel-5.4]
• BZ - 503960 - System freezes when removing ipr driver after injecting EEH errors
• BZ - 504086 - GFS2: s_umount locking bug with gfs2meta filesystem type
• BZ - 504121 - RHEL 5.3 long installation time and low hard disk performance in VX800 platform
• BZ - 504181 - [Broadcom 5.4 bug] Include fixes/cleanups for bnx2i
• BZ - 504676 - gfs2: extending direct IO writes expose stale data (corruption)
• BZ - 504906 - iw_cxgb3 OFED driver update
• BZ - 504955 - RHEL5.4: cxgb3 update
• BZ - 505171 - gfs2: filesystem consistency error with statfs_slow = 1
• BZ - 505445 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.45 (bug fixes only)
• BZ - 505491 - 32-bit Dom0 Cannot Boot in RHEL5.4
• BZ - 505541 - BUG: soft lockup - CPU#0 stuck for 10s! [NetworkManager:5182]
• BZ - 505548 - 1921270 - gfs2 filesystem won't free up space when files are deleted
• BZ - 505601 - ext4 preallocation corruption with truncate
• BZ - 505653 - [RHEL5.4] ixgbe fixups for version 2.0.8-k2 specifically the 82599
• BZ - 506138 - need to backport upstream commit 4ea7e38696c7e798c47ebbecadfd392f23f814f9 from net-next
• BZ - 506140 - GFS2: Filesystem deadlock when running SPECsfs on BIGI test bed.
• BZ - 506151 - RHEL5.4: cxgb3i (open-iscsi) update
• BZ - 506511 - performance regression running Iozone with different I/O options on RHEL54 kernels
• BZ - 506792 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.46 (bug fixes only)
• BZ - 506841 - RHEL5.4 -154 e1000e using MSI-X hangs system
• BZ - 506845 - Kernel panic unplugging a rt73usb dongle
• BZ - 506981 - [QLogic 5.4 bug] qla4xxx: Testing updates, 4 fixes.
• BZ - 507017 - mmap_min_addr can trigger on non MAP_FIXED mmap operations
• BZ - 507246 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 5
• BZ - 507398 - [QLogic 5.4 bug] qla2xxx - updates 24xx / 25xx firmware to 4.04.09
• BZ - 507520 - xen kernel, modprobe -r popup call trace and error msg
• BZ - 507620 - [QLogic 5.4 bug] qla2xxx - properly handle event notification in FCoE environment
• BZ - 507932 - [RHEL 5.4] sky2: /proc/net/dev statistics are broken
• BZ - 508297 - RTNL: assertion failed due to bonding notify.
• BZ - 508409 - RHEL 5.4 cxgb3i (open-iscsi) connection error through VLAN
• BZ - 508806 - GFS2 panics while shrinking the glock cache.
• BZ - 508839 - [Emulex 5.4 bug] be2net: traffic stops when using INTx interrupts
• BZ - 508870 - No network traffic when igb network interface receives arp traffic during negotiation
• BZ - 508871 - [Emulex 5.4 bug] Unload of bonding driver causes be2net driver to deadlock
• BZ - 508876 - umount.gfs2 hangs eating CPU
• BZ - 509010 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.48 (bug fixes only)
• BZ - 509207 - VT-d BUG() during normal traffic in ixgbe device
• BZ - 509526 - (RHEL 5.4 Alpha/Beta x86 ) no audio output on IbexPeak chipset
• BZ - 509647 - [QLogic 5.4 bug] qlge - testing fixes part 3.
• BZ - 509818 - cciss: spinlock deadlock causes NMI on HP systems
• BZ - 510008 - [Emulex 5.4 bug] Lower throughput seen on be2net with MSIx interrupt
• BZ - 510268 - qla2xxx - NPIV broken for PPC, endian fix
• BZ - 510665 - megaraid sas driver in rhel5.4-beta fails to scan for SAS tape drive (HP Ultrium 4-SCSI)
• BZ - 510805 - PCI FLR support needed for secure device assignment to KVM guests
• BZ - 511096 - bnx2i and libiscsi: make sure cnic dev is registered and fix libiscsi eh_abort locking
• BZ - 511141 - qla2xxx - Provide fundamental reset capability for EEH
• BZ - 511181 - kernel: build with -fno-delete-null-pointer-checks [rhel-5.4]
• BZ - 512086 - RHEL5.4: Add SATA GEN3 related messages
• BZ - 512266 - [Emulex 5.4 bug] Update lpfc driver to 8.2.0.48.2p to fix multiple panics
• BZ - 512387 - max_phys_segments violation with dm-linear + md raid1 + cciss
• BZ - 513067 - ahci: add device IDs for Ibex Peak SATA AHCI controllers
• BZ - 513070 - cciss disk devices do not have storage capability in HAL
• BZ - 513802 - [Broadcom 5.4 bug] cnic ISCSI_KEVENT_IF_DOWN message handling
• BZ - 514073 - RHEL 5.4 cxgb3i (open-iscsi) hits skb_over_panic() on write
• BZ - 515392 - CVE-2009-2847 kernel: information leak in sigaltstack
• BZ - 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid

CVEs

• CVE-2009-2848
• CVE-2009-2847
• CVE-2009-0745
• CVE-2009-0747
• CVE-2009-0746
• CVE-2009-0748

References

• http://www.redhat.com/security/updates/classification/#important
• http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/
• http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html