Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2010:0053-1
Type: Security Advisory
Severity: Important
Issued on: 2010-01-19
Last updated on: 2010-01-19
Affected Products: Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
CVEs (cve.mitre.org): CVE-2007-4567
CVE-2009-4536
CVE-2009-4537
CVE-2009-4538

Details

Updated kernel packages that fix multiple security issues and two bugs are
now available for Red Hat Enterprise Linux 5.3 Extended Update Support.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a flaw was found in the IPv6 Extension Header (EH) handling
implementation in the Linux kernel. The skb->dst data structure was not
properly validated in the ipv6_hop_jumbo() function. This could possibly
lead to a remote denial of service. (CVE-2007-4567, Important)

* a flaw was found in each of the following Intel PRO/1000 Linux
drivers in the Linux kernel: e1000 and e1000e. A remote attacker using
packets larger than the MTU could bypass the existing fragment check,
resulting in partial, invalid frames being passed to the network stack.
These flaws could also possibly be used to trigger a remote denial of
service. (CVE-2009-4536, CVE-2009-4538, Important)

* a flaw was found in the Realtek r8169 Ethernet driver in the Linux
kernel. Receiving overly-long frames with a certain revision of the network
cards supported by this driver could possibly result in a remote denial of
service. (CVE-2009-4537, Important)

This update also fixes the following bugs:

* on certain hardware, the igb driver was unable to detect link statuses
correctly for Serializer-Deserializer (SERDES) interface Ethernet ports.
This may have caused problems for network interface bonding, such as
failover not occurring. (BZ#548023)

* in certain situations, kdump occasionally dumped a vmcore file with no
registers on Intel Itanium systems that were under high disk I/O load. In
these cases, this prevented the kernel stack backtrace in the vmcore from
being viewed with the crash utility. (BZ#542581)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux EUS (v. 5.3.z server)

SRPMS:
kernel-2.6.18-128.12.1.el5.src.rpm
File outdated by:  RHBA-2012:1356
    MD5: b738e6c607b4b171bf9f4959eddd1fae
 
IA-32:
kernel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: bf8665aae03fdd187e8e55bdf9ea7452
kernel-PAE-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: e394e6754bdf9679b26db357824da936
kernel-PAE-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: 33569959d5a512966a2cee09a2357f59
kernel-debug-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: 3550fc43917522ec507577b3b69a0cbb
kernel-debug-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: 7a0fb72a9319a3c72593bfbe15311869
kernel-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: f93766bf7348383083d6c261c4ff25bd
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2010:0996
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.i386.rpm
File outdated by:  RHBA-2010:0996
    MD5: 85f7a6c20f0a5fa275f38b37f5ab988a
kernel-xen-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: bb25062f99ec3d51b6319e724af7dfef
kernel-xen-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2010:0996
    MD5: 24871d8deb51d0f046a7f54b22afc2ee
 
IA-64:
kernel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 06075b8383496065bb2abdfa0828e109
kernel-debug-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: a98127ce2462ad11706d56127b77ff89
kernel-debug-devel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: baca37508bbd27b20027323888425376
kernel-devel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: b0d00918fd3fbcf23840b09751ca2af6
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2010:0996
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: b39fd77bcd1674f6cdd7dbb33037ebc0
kernel-xen-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: d1fdf7ea5836ad382c9efd1440e7901f
kernel-xen-devel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 962e7d7709befb2e4f82f00e90fbc1e3
 
PPC:
kernel-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 56f53ba232880dfe76134532c8de383c
kernel-debug-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 6634aa33cc3ae18c1223d8aa3e3bed85
kernel-debug-devel-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 672ae13156792745cbfb763ad7a0b4a4
kernel-devel-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 16cc3946bf2fb6629afc01eef96a548d
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2010:0996
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.ppc.rpm
File outdated by:  RHBA-2010:0996
    MD5: 4684309eee446e8e5a6f6f6914b87cf3
kernel-headers-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: d950365e672442042e65adeff1c6841e
kernel-kdump-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: f9b8c94c776af4ecca35076a6832cac2
kernel-kdump-devel-2.6.18-128.12.1.el5.ppc64.rpm
File outdated by:  RHBA-2010:0996
    MD5: a5a71b389f9a1be880d2c5a61aa1d4f6
 
s390x:
kernel-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: 464efaa981510bd724d90d88054897ae
kernel-debug-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: 1d388b5b47c90378bfb19341c12b67ef
kernel-debug-devel-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: 9a7c6cbbb4d5fa4b277324ec78ad74ce
kernel-devel-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: f1023ff098c21ae3e1bc1abb5aa48b0a
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2010:0996
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: 2a582d52bf5e750b8ad026dc102077fd
kernel-kdump-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: 48e9daa4c981ef388ff9e507c31a303b
kernel-kdump-devel-2.6.18-128.12.1.el5.s390x.rpm
File outdated by:  RHBA-2010:0996
    MD5: 4ebaa44fb5b9c1a6b25442a31fc7378f
 
x86_64:
kernel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 855adf4fe639dbfbfcaacf1d933b6da7
kernel-debug-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: b33375333d1ad78bdbdafbf185b13d5a
kernel-debug-devel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 87a73cb37266ffc225031bab41398ad2
kernel-devel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 0fcc0cfb4e8c4f771c9b0ed50fd95d5a
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2010:0996
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 1f86e72836eee304f93ec11a34175a73
kernel-xen-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: e9af413d2e9ce4df61e52c6f3fe83761
kernel-xen-devel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0996
    MD5: 1dd196c5c091748a0583222b48fe5be5
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)

SRPMS:
kernel-2.6.18-128.12.1.el5.src.rpm
File outdated by:  RHBA-2012:1356
    MD5: b738e6c607b4b171bf9f4959eddd1fae
 
IA-32:
kernel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: bf8665aae03fdd187e8e55bdf9ea7452
kernel-PAE-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: e394e6754bdf9679b26db357824da936
kernel-PAE-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: 33569959d5a512966a2cee09a2357f59
kernel-debug-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: 3550fc43917522ec507577b3b69a0cbb
kernel-debug-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: 7a0fb72a9319a3c72593bfbe15311869
kernel-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: f93766bf7348383083d6c261c4ff25bd
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2012:1356
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.i386.rpm
File outdated by:  RHBA-2012:1356
    MD5: 85f7a6c20f0a5fa275f38b37f5ab988a
kernel-xen-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: bb25062f99ec3d51b6319e724af7dfef
kernel-xen-devel-2.6.18-128.12.1.el5.i686.rpm
File outdated by:  RHBA-2012:1356
    MD5: 24871d8deb51d0f046a7f54b22afc2ee
 
IA-64:
kernel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 06075b8383496065bb2abdfa0828e109
kernel-debug-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: a98127ce2462ad11706d56127b77ff89
kernel-debug-devel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: baca37508bbd27b20027323888425376
kernel-devel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: b0d00918fd3fbcf23840b09751ca2af6
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2012:1356
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: b39fd77bcd1674f6cdd7dbb33037ebc0
kernel-xen-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: d1fdf7ea5836ad382c9efd1440e7901f
kernel-xen-devel-2.6.18-128.12.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 962e7d7709befb2e4f82f00e90fbc1e3
 
x86_64:
kernel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 855adf4fe639dbfbfcaacf1d933b6da7
kernel-debug-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: b33375333d1ad78bdbdafbf185b13d5a
kernel-debug-devel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 87a73cb37266ffc225031bab41398ad2
kernel-devel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 0fcc0cfb4e8c4f771c9b0ed50fd95d5a
kernel-doc-2.6.18-128.12.1.el5.noarch.rpm
File outdated by:  RHBA-2012:1356
    MD5: cc24e207ff8a5dbcf07f3d7186107b55
kernel-headers-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 1f86e72836eee304f93ec11a34175a73
kernel-xen-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: e9af413d2e9ce4df61e52c6f3fe83761
kernel-xen-devel-2.6.18-128.12.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1356
    MD5: 1dd196c5c091748a0583222b48fe5be5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

542581 - kdump corefile cannot be backtraced in IA64 [rhel-5.3.z]
548023 - EL5.3: igb driver fails to detect link status change on SERDES interface [rhel-5.3.z]
548641 - CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
550907 - CVE-2009-4537 kernel: r8169 issue reported at 26c3
551214 - CVE-2009-4538 kernel: e1000e frame fragment issue
552126 - CVE-2009-4536 kernel: e1000 issue reported at 26c3


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/