Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2007:0099-2
Type: Security Advisory
Severity: Important
Issued on: 2007-03-14
Last updated on: 2007-03-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-0005
CVE-2007-0006
CVE-2007-0958

Details

Updated kernel packages that fix security issues and bugs in the Red Hat
Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the key serial number collision avoidance algorithm of the
keyctl subsystem that allowed a local user to cause a denial of service
(CVE-2007-0006, Important)

* a flaw in the Omnikey CardMan 4040 driver that allowed a local user to
execute arbitrary code with kernel privileges. In order to exploit this
issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local
user must have access rights to the character device created by the driver.
(CVE-2007-0005, Moderate)

* a flaw in the core-dump handling that allowed a local user to create core
dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low)

In addition to the security issues described above, a fix for a kernel
panic in the powernow-k8 module, and a fix for a kernel panic when booting
the Xen domain-0 on system with large memory installations have been included.

Red Hat would like to thank Daniel Roethlisberger for reporting an issue
fixed in this erratum.

Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to
the packages associated with their machine architecture and configurations
as listed in this erratum.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
kernel-2.6.18-8.1.1.el5.src.rpm
File outdated by:  RHSA-2007:0595
    MD5: 2744fcbcfaf6da06a0f26c920d040b51
 
IA-32:
kernel-PAE-devel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2007:0595
    MD5: dd24498506dafa2baaac2dbc73caf1df
kernel-devel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2007:0595
    MD5: ada80c33f4246c176453cd7959131ff9
kernel-xen-devel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2007:0595
    MD5: 5178447f1a732ea42c18025b2e9b0d41
 
x86_64:
kernel-devel-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2007:0595
    MD5: e9db5d366e74227fc07122d97fec7b95
kernel-xen-devel-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2007:0595
    MD5: a5ea0c18641105e334229134225a78de
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
kernel-2.6.18-8.1.1.el5.src.rpm
File outdated by:  RHSA-2007:0595
    MD5: 2744fcbcfaf6da06a0f26c920d040b51
 
IA-32:
kernel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: f97e00e18601fd588bb5e920f5685f71
kernel-PAE-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: b364467d99e079cb91759eb38dd7a1db
kernel-PAE-devel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: dd24498506dafa2baaac2dbc73caf1df
kernel-devel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: ada80c33f4246c176453cd7959131ff9
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.i386.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9b085bd3fc2faee25b4bee012cc7871a
kernel-xen-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: d6340ff404a26f3e475f183cefbaad71
kernel-xen-devel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 5178447f1a732ea42c18025b2e9b0d41
 
IA-64:
kernel-2.6.18-8.1.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2905b52ebddeba1c913612fba91fee3e
kernel-devel-2.6.18-8.1.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c9c53f487bbe1600b2ba0fc0ce3e94ca
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: d1f64119e9583e1880f7512106b3664b
kernel-xen-2.6.18-8.1.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: e890b7d7b3181afc5bfad05d746e840b
kernel-xen-devel-2.6.18-8.1.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 403efa13018904be8730c28fa8028409
 
PPC:
kernel-2.6.18-8.1.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4285e4fad7664624ab5971bebea97232
kernel-devel-2.6.18-8.1.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: ba5d5adbc2026218f3a5cd5f8eeba504
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.ppc.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2245c81f05272e33663a1730c6aeabdb
kernel-headers-2.6.18-8.1.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c6ab8bde7c3587a776763075b5fcc697
kernel-kdump-2.6.18-8.1.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: d0c2637b7452cbb5d96173ec5b706a3e
kernel-kdump-devel-2.6.18-8.1.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 64fe4b732f36c36d8132f257ee13510d
 
s390x:
kernel-2.6.18-8.1.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: fcc9f91e038e5eb07d5aa1945e5a13c0
kernel-devel-2.6.18-8.1.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 3495075c9d16f20ffc93f4cb1f0d3492
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 553a860b06c29d549eb2da4ff345542a
 
x86_64:
kernel-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: ff57af3ca7970d24428155c5cd0c42ef
kernel-devel-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: e9db5d366e74227fc07122d97fec7b95
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 57a6db9809542db62551864b92a944f7
kernel-xen-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c456f6bc5801e67a88c59be81019116f
kernel-xen-devel-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: a5ea0c18641105e334229134225a78de
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
kernel-2.6.18-8.1.1.el5.src.rpm
File outdated by:  RHSA-2007:0595
    MD5: 2744fcbcfaf6da06a0f26c920d040b51
 
IA-32:
kernel-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: f97e00e18601fd588bb5e920f5685f71
kernel-PAE-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: b364467d99e079cb91759eb38dd7a1db
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.i386.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9b085bd3fc2faee25b4bee012cc7871a
kernel-xen-2.6.18-8.1.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: d6340ff404a26f3e475f183cefbaad71
 
x86_64:
kernel-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: ff57af3ca7970d24428155c5cd0c42ef
kernel-doc-2.6.18-8.1.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8544c5c2ba06c1807756ea3f458bdbb7
kernel-headers-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 57a6db9809542db62551864b92a944f7
kernel-xen-2.6.18-8.1.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c456f6bc5801e67a88c59be81019116f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

229883 - CVE-2007-0006 Key serial number collision problem
229884 - CVE-2007-0005 Buffer Overflow in Omnikey CardMan 4040 cmx driver
229885 - CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/