Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2007:0347-2
Type: Security Advisory
Severity: Important
Issued on: 2007-05-16
Last updated on: 2007-05-16
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070347.xml
CVEs (cve.mitre.org): CVE-2007-1496
CVE-2007-1497
CVE-2007-1592
CVE-2007-1861
CVE-2007-2172
CVE-2007-2242

Details

Updated kernel packages that fix security issues and bugs in the Red Hat
Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the handling of IPv6 type 0 routing headers that allowed remote
users to cause a denial of service that led to a network amplification
between two routers (CVE-2007-2242, Important).

* a flaw in the nfnetlink_log netfilter module that allowed a local user to
cause a denial of service (CVE-2007-1496, Important).

* a flaw in the flow list of listening IPv6 sockets that allowed a local
user to cause a denial of service (CVE-2007-1592, Important).

* a flaw in the handling of netlink messages that allowed a local user to
cause a denial of service (infinite recursion) (CVE-2007-1861, Important).

* a flaw in the IPv4 forwarding base that allowed a local user to cause an
out-of-bounds access (CVE-2007-2172, Important).

* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote
users to bypass certain netfilter rules using IPv6 fragments
(CVE-2007-1497, Moderate).

In addition to the security issues described above, fixes for the following
have been included:

* a regression in ipv6 routing.

* an error in memory initialization that caused gdb to output inaccurate
backtraces on ia64.

* the nmi watchdog timeout was updated from 5 to 30 seconds.

* a flaw in distributed lock management that could result in errors during
virtual machine migration.

* an omitted include in kernel-headers that led to compile failures for
some packages.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
kernel-PAE-devel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2007:0595		     15bde90df04f50cc70323a81fc624b8a
kernel-devel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2007:0595		     93983fdd3e77c260adb37de012a829af
kernel-xen-devel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2007:0595		     26b09c370a9ab26cfdb2a188271f7f05
 
x86_64:
kernel-devel-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2007:0595		     48f80c1bd887008cf220daf606ff56b8
kernel-xen-devel-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2007:0595		     51c578847a2bfb63266dfba2243dbc16
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
kernel-2.6.18-8.1.4.el5.src.rpm
File outdated by:  RHSA-2007:0595		     a30918df56c99f6ef7eb612653031f4c
 
IA-32:
kernel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     7ea25aefdfc680a76826429075a95c39
kernel-PAE-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     6bff12b40b95a8d2a1289a04f899244b
kernel-PAE-devel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     15bde90df04f50cc70323a81fc624b8a
kernel-devel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     93983fdd3e77c260adb37de012a829af
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.i386.rpm
File outdated by:  RHSA-2008:0612		     7f0ecd55e3977d93d27c86e13041d2b9
kernel-xen-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     97f88531ad7be7462b93a9d434728f43
kernel-xen-devel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     26b09c370a9ab26cfdb2a188271f7f05
 
IA-64:
kernel-2.6.18-8.1.4.el5.ia64.rpm
File outdated by:  RHSA-2008:0612		     411ed588a694990ad9801fdef57cbe6d
kernel-devel-2.6.18-8.1.4.el5.ia64.rpm
File outdated by:  RHSA-2008:0612		     5062a60ed526c494ac662cec4fdfe47c
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.ia64.rpm
File outdated by:  RHSA-2008:0612		     c97016a8bda12298c3b66524d5dabe84
kernel-xen-2.6.18-8.1.4.el5.ia64.rpm
File outdated by:  RHSA-2008:0612		     bb23d95b706b342ca935d43bbf902c61
kernel-xen-devel-2.6.18-8.1.4.el5.ia64.rpm
File outdated by:  RHSA-2008:0612		     9e59e9e9a94b68eba80b893b8592d964
 
PPC:
kernel-2.6.18-8.1.4.el5.ppc64.rpm
File outdated by:  RHSA-2008:0612		     da9abf45515578bd37cfe13f60bdc4bf
kernel-devel-2.6.18-8.1.4.el5.ppc64.rpm
File outdated by:  RHSA-2008:0612		     73ccbea80ec007e649d9245de507578e
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.ppc.rpm
File outdated by:  RHSA-2008:0612		     d619c03f0217a68be76c87b8b24e2ecf
kernel-headers-2.6.18-8.1.4.el5.ppc64.rpm
File outdated by:  RHSA-2008:0612		     4ef1d41f1565246da9cc3de87bd7862b
kernel-kdump-2.6.18-8.1.4.el5.ppc64.rpm
File outdated by:  RHSA-2008:0612		     ef68af661c08062a3ff329048d3f9329
kernel-kdump-devel-2.6.18-8.1.4.el5.ppc64.rpm
File outdated by:  RHSA-2008:0612		     28521b7eae6621a13661118a025e773e
 
s390x:
kernel-2.6.18-8.1.4.el5.s390x.rpm
File outdated by:  RHSA-2008:0612		     8539348562746e09c24c8555470d77a5
kernel-devel-2.6.18-8.1.4.el5.s390x.rpm
File outdated by:  RHSA-2008:0612		     d61702ef23bc7fec3ce5351d6d13ecb8
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.s390x.rpm
File outdated by:  RHSA-2008:0612		     b8e186d02e1d0766911b6dd8bae63dc2
 
x86_64:
kernel-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     b21949aab1ba017d070aa114a64000ba
kernel-devel-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     48f80c1bd887008cf220daf606ff56b8
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     86785d6927d0b2603bfcd413eb778f0b
kernel-xen-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     76971a3a74604f1dee054a1dbd7ebf67
kernel-xen-devel-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     51c578847a2bfb63266dfba2243dbc16
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
kernel-2.6.18-8.1.4.el5.src.rpm
File outdated by:  RHSA-2007:0595		     a30918df56c99f6ef7eb612653031f4c
 
IA-32:
kernel-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     7ea25aefdfc680a76826429075a95c39
kernel-PAE-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     6bff12b40b95a8d2a1289a04f899244b
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.i386.rpm
File outdated by:  RHSA-2008:0612		     7f0ecd55e3977d93d27c86e13041d2b9
kernel-xen-2.6.18-8.1.4.el5.i686.rpm
File outdated by:  RHSA-2008:0612		     97f88531ad7be7462b93a9d434728f43
 
x86_64:
kernel-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     b21949aab1ba017d070aa114a64000ba
kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0612		     399b9229deddfcd91db39da9aff06656
kernel-headers-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     86785d6927d0b2603bfcd413eb778f0b
kernel-xen-2.6.18-8.1.4.el5.x86_64.rpm
File outdated by:  RHSA-2008:0612		     76971a3a74604f1dee054a1dbd7ebf67
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

238046 - oops and panics bringing up/down interfaces on 128p Altix, 8 interfaces
238731 - dlm locking error from gfs dio/aio during virt machine migration
238749 - The patch "xen: Add PACKET_AUXDATA cmsg" cause /usr/include/linux/if_packet.h broken
238944 - CVE-2007-1592 IPv6 oops triggerable by any user
238946 - CVE-2007-1496 Various NULL pointer dereferences in netfilter code
238947 - CVE-2007-1497 IPv6 fragments bypass in nf_conntrack netfilter code
238948 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability
238949 - CVE-2007-2242 IPv6 routing headers issue
238960 - CVE-2007-1861 infinite recursion in netlink


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/