Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2009:1222-2
Type: Security Advisory
Severity: Important
Issued on: 2009-08-24
Last updated on: 2009-08-24
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
OVAL: com.redhat.rhsa-20091222.xml
CVEs (cve.mitre.org): CVE-2009-2692
CVE-2009-2698

Details

Updated kernel packages that fix two security issues and a bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)

Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.

These updated packages also fix the following bug:

* in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was
not freed in the error exit path. This bug led to a memory leak and an
unresponsive system. A reported case of this bug occurred after running
"cman_tool kill -n [nodename]". (BZ#515432)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)
SRPMS:
kernel-2.6.18-128.7.1.el5.src.rpm
File outdated by:  RHSA-2009:1587		     e95b5321305e81118b9e84b1155eb491
 
IA-32:
kernel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     f9f22d8d8b2fa7e9e35ae78204b2a0bf
kernel-PAE-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     c1e3f3b2e683ed066e6e57afbc970b49
kernel-PAE-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     a6c4b5db742f20f160d31c8195215f11
kernel-debug-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     a0f5379321ae59fc4d58a28e584c182c
kernel-debug-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     0160874ea4bb22082f98fb63d80705f5
kernel-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     dd5c91e182c73416b7dca8c23ff241b0
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.i386.rpm
File outdated by:  RHSA-2009:1548		     e6d650a980796f03fb63e2cc28f33d48
kernel-xen-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     9c2dbd23316b74879dc63caa4d681d85
kernel-xen-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     df34c93ef53d585162666f3c6ae40eff
 
IA-64:
kernel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     3e8a130539753d40fa64d3547c2640eb
kernel-debug-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     d38211deb4e021d90b67e4b2282f8032
kernel-debug-devel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     a201433043f9cd8c353175dc1d003436
kernel-devel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     450b964923aa4b3a714ba66222bae4d4
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     fc09a11e100428421fa582f719c54966
kernel-xen-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     a1b9d6af1b1268afe6b4796965c109b9
kernel-xen-devel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1548		     a8252c2511a69b6fe98cc74b1f1591d1
 
PPC:
kernel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     a9b577ce6689c2f62bc23d9efcc4abe6
kernel-debug-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     ab46ec25594f10b96496e3b6ac3f91a1
kernel-debug-devel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     5cc1fed1a28701d49628c1e8f5e750c3
kernel-devel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     73547ed3967f0ac6152d5f6546247acb
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.ppc.rpm
File outdated by:  RHSA-2009:1548		     008e948a60653d7203a94721db81c928
kernel-headers-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     928e040a425eeb325d29878094f27cd6
kernel-kdump-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     081c4a57528788e13a60ce9bb2c1a4cb
kernel-kdump-devel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1548		     ba5e53e4d6cb5167dce371bb0fa4d120
 
s390x:
kernel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     ad56a4a3ca9369fdc533ef98a7bf7ce3
kernel-debug-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     d0dcd78e6a0152adbc53b16100121712
kernel-debug-devel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     25ea47c77cf43ae1800a486f41c608aa
kernel-devel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     ce022462f08c1fbc5a0e2448c5e462ab
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     e4d1cbc40e921a536193049f699f9e13
kernel-kdump-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     92029a5dd2e8002e94048e921a02a878
kernel-kdump-devel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1548		     aa3701da85f5207323ac1b4ef51c5b57
 
x86_64:
kernel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     9a820eca6bc3bd9c0e11f4b719a9cb74
kernel-debug-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     2c3b6178990140a7e150c8393b469c76
kernel-debug-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     e10bc761a6248871a93998267ea1f40e
kernel-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     503d8d3b4219ac9dbabd467d852b8d97
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     84065e7a7b13b3677f882b43883a4af8
kernel-xen-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     e1622bc30177a1a6130bc888e4565924
kernel-xen-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     7c37a39ef57ec2dc772fcf69a7f574e4
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
kernel-2.6.18-128.7.1.el5.src.rpm
File outdated by:  RHSA-2009:1587		     e95b5321305e81118b9e84b1155eb491
 
IA-32:
kernel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     f9f22d8d8b2fa7e9e35ae78204b2a0bf
kernel-PAE-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     c1e3f3b2e683ed066e6e57afbc970b49
kernel-PAE-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     a6c4b5db742f20f160d31c8195215f11
kernel-debug-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     a0f5379321ae59fc4d58a28e584c182c
kernel-debug-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     0160874ea4bb22082f98fb63d80705f5
kernel-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     dd5c91e182c73416b7dca8c23ff241b0
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.i386.rpm
File outdated by:  RHSA-2009:1548		     e6d650a980796f03fb63e2cc28f33d48
kernel-xen-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     9c2dbd23316b74879dc63caa4d681d85
kernel-xen-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1548		     df34c93ef53d585162666f3c6ae40eff
 
x86_64:
kernel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     9a820eca6bc3bd9c0e11f4b719a9cb74
kernel-debug-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     2c3b6178990140a7e150c8393b469c76
kernel-debug-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     e10bc761a6248871a93998267ea1f40e
kernel-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     503d8d3b4219ac9dbabd467d852b8d97
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1548		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     84065e7a7b13b3677f882b43883a4af8
kernel-xen-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     e1622bc30177a1a6130bc888e4565924
kernel-xen-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1548		     7c37a39ef57ec2dc772fcf69a7f574e4
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
kernel-2.6.18-128.7.1.el5.src.rpm
File outdated by:  RHSA-2009:1587		     e95b5321305e81118b9e84b1155eb491
 
IA-32:
kernel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     f9f22d8d8b2fa7e9e35ae78204b2a0bf
kernel-PAE-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     c1e3f3b2e683ed066e6e57afbc970b49
kernel-PAE-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     a6c4b5db742f20f160d31c8195215f11
kernel-debug-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     a0f5379321ae59fc4d58a28e584c182c
kernel-debug-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     0160874ea4bb22082f98fb63d80705f5
kernel-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     dd5c91e182c73416b7dca8c23ff241b0
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1587		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.i386.rpm
File outdated by:  RHSA-2009:1587		     e6d650a980796f03fb63e2cc28f33d48
kernel-xen-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     9c2dbd23316b74879dc63caa4d681d85
kernel-xen-devel-2.6.18-128.7.1.el5.i686.rpm
File outdated by:  RHSA-2009:1587		     df34c93ef53d585162666f3c6ae40eff
 
IA-64:
kernel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     3e8a130539753d40fa64d3547c2640eb
kernel-debug-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     d38211deb4e021d90b67e4b2282f8032
kernel-debug-devel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     a201433043f9cd8c353175dc1d003436
kernel-devel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     450b964923aa4b3a714ba66222bae4d4
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1587		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     fc09a11e100428421fa582f719c54966
kernel-xen-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     a1b9d6af1b1268afe6b4796965c109b9
kernel-xen-devel-2.6.18-128.7.1.el5.ia64.rpm
File outdated by:  RHSA-2009:1587		     a8252c2511a69b6fe98cc74b1f1591d1
 
PPC:
kernel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     a9b577ce6689c2f62bc23d9efcc4abe6
kernel-debug-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     ab46ec25594f10b96496e3b6ac3f91a1
kernel-debug-devel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     5cc1fed1a28701d49628c1e8f5e750c3
kernel-devel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     73547ed3967f0ac6152d5f6546247acb
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1587		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.ppc.rpm
File outdated by:  RHSA-2009:1587		     008e948a60653d7203a94721db81c928
kernel-headers-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     928e040a425eeb325d29878094f27cd6
kernel-kdump-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     081c4a57528788e13a60ce9bb2c1a4cb
kernel-kdump-devel-2.6.18-128.7.1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1587		     ba5e53e4d6cb5167dce371bb0fa4d120
 
s390x:
kernel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     ad56a4a3ca9369fdc533ef98a7bf7ce3
kernel-debug-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     d0dcd78e6a0152adbc53b16100121712
kernel-debug-devel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     25ea47c77cf43ae1800a486f41c608aa
kernel-devel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     ce022462f08c1fbc5a0e2448c5e462ab
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1587		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     e4d1cbc40e921a536193049f699f9e13
kernel-kdump-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     92029a5dd2e8002e94048e921a02a878
kernel-kdump-devel-2.6.18-128.7.1.el5.s390x.rpm
File outdated by:  RHSA-2009:1587		     aa3701da85f5207323ac1b4ef51c5b57
 
x86_64:
kernel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     9a820eca6bc3bd9c0e11f4b719a9cb74
kernel-debug-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     2c3b6178990140a7e150c8393b469c76
kernel-debug-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     e10bc761a6248871a93998267ea1f40e
kernel-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     503d8d3b4219ac9dbabd467d852b8d97
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
File outdated by:  RHSA-2009:1587		     145ea62ccfed72df8d0286355f72540e
kernel-headers-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     84065e7a7b13b3677f882b43883a4af8
kernel-xen-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     e1622bc30177a1a6130bc888e4565924
kernel-xen-devel-2.6.18-128.7.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1587		     7c37a39ef57ec2dc772fcf69a7f574e4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

515432 - dlm_send socket leak [rhel-5.3.z]
516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc
518034 - CVE-2009-2698 kernel: udp socket NULL ptr dereference


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/