Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2007:1049-8
Type: Security Advisory
Severity: Important
Issued on: 2007-12-03
Last updated on: 2007-12-03
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2006-4538
CVE-2007-2172
CVE-2007-3739
CVE-2007-3848
CVE-2007-4308

Details

Updated kernel packages that fix several security issues and a bug in the
Red Hat Enterprise Linux 3 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

A flaw was found in the handling of process death signals. This allowed a
local user to send arbitrary signals to the suid-process executed by that
user. A successful exploitation of this flaw depends on the structure of
the suid-program and its signal handling. (CVE-2007-3848, Important)

A flaw was found in the IPv4 forwarding base. This allowed a local user to
cause a denial of service. (CVE-2007-2172, Important)

A flaw was found where a corrupted executable file could cause cross-region
memory mappings on Itanium systems. This allowed a local user to cause a
denial of service. (CVE-2006-4538, Moderate)

A flaw was found in the stack expansion when using the hugetlb kernel on
PowerPC systems. This allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

A flaw was found in the aacraid SCSI driver. This allowed a local user to
make ioctl calls to the driver that should be restricted to privileged
users. (CVE-2007-4308, Moderate)

As well, these updated packages fix the following bug:

* a bug in the TCP header prediction code may have caused "TCP: Treason
uncloaked!" messages to be logged. In certain situations this may have lead
to TCP connections hanging or aborting.

Red Hat Enterprise Linux 3 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

IA-32:
kernel-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 5ed3ebaa27fe3523e6287afe9da778df
kernel-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: aaaa37a37c4d9d50f85c3d33ea75c2d5
kernel-BOOT-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: c750ed31d9402c48bb0831443947b1b3
kernel-doc-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 2ca9bf21f2bbbf0bcbcb2501ca972f4e
kernel-hugemem-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: c3e41830403b446d494e0fcb0668ffb6
kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 125a006ee18d4a5afc652547252f77b4
kernel-smp-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: b6966cff1cca0a9b4c53f7ac8bc7c8ec
kernel-smp-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 874b032f5f12e35a66842966dfe615fc
kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: e1f6b9b5f82534206d68de57173cebc7
kernel-smp-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 7ee65541e62b6e76a0f0c8c8ffacfe7b
kernel-source-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 25eb44031ca51e13c3518cbfa5d14868
kernel-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 38292e5677afeca19eff46011643b687
kernel-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 8e81ce663a85ccdb323ae10be861965e
 
x86_64:
kernel-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 22267331e595689b6b7c6ddbc92b3e66
kernel-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66cdd20c8c8059e92593b2acdbb1357d
kernel-doc-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 4e281964dadc7aa8afcf7364102cf8d6
kernel-smp-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 65ef6c81fad4acbff6a4626888e49c6c
kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 0f8c0fd98410071fafa0b892c22a075b
kernel-source-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bf9539cde0b3e4a42c95e2302c2568aa
kernel-unsupported-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 595d8cee6a98e3813fb29a3eaa3a51f4
kernel-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bc60307faf9dd46e819e0e67cb9bbf2d
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
kernel-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 5ed3ebaa27fe3523e6287afe9da778df
kernel-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: aaaa37a37c4d9d50f85c3d33ea75c2d5
kernel-BOOT-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: c750ed31d9402c48bb0831443947b1b3
kernel-doc-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 2ca9bf21f2bbbf0bcbcb2501ca972f4e
kernel-hugemem-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: c3e41830403b446d494e0fcb0668ffb6
kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 125a006ee18d4a5afc652547252f77b4
kernel-smp-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: b6966cff1cca0a9b4c53f7ac8bc7c8ec
kernel-smp-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 874b032f5f12e35a66842966dfe615fc
kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: e1f6b9b5f82534206d68de57173cebc7
kernel-smp-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 7ee65541e62b6e76a0f0c8c8ffacfe7b
kernel-source-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 25eb44031ca51e13c3518cbfa5d14868
kernel-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 38292e5677afeca19eff46011643b687
kernel-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 8e81ce663a85ccdb323ae10be861965e
 
IA-64:
kernel-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 58ce57bce8a0f72f8239b4412ec5f0d0
kernel-doc-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 85811f0f247d9bb01e1b823de7fb429b
kernel-source-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: dcc30f9dd34cf5c7666d71b2fae6d975
kernel-unsupported-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66e70d213977984f6a3f189a74ad0963
 
PPC:
kernel-2.4.21-53.EL.ppc64iseries.rpm
File outdated by:  RHSA-2009:1550
    MD5: 82bba5f9f376ee007a6354df6af87778
kernel-2.4.21-53.EL.ppc64pseries.rpm
File outdated by:  RHSA-2009:1550
    MD5: dcb788cdc164cb2c51e462734d8ffeca
kernel-doc-2.4.21-53.EL.ppc64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 1447344d9ebee027257d495c074b244e
kernel-source-2.4.21-53.EL.ppc64.rpm
File outdated by:  RHSA-2009:1550
    MD5: fb387166670d7fd1f1ca034d6bbfc371
kernel-unsupported-2.4.21-53.EL.ppc64iseries.rpm
File outdated by:  RHSA-2009:1550
    MD5: a2e26fe734de4d356d68dbdd08c64548
kernel-unsupported-2.4.21-53.EL.ppc64pseries.rpm
File outdated by:  RHSA-2009:1550
    MD5: 53fa6a0d16093346fac2db9f490cbc87
 
s390:
kernel-2.4.21-53.EL.s390.rpm
File outdated by:  RHSA-2009:1550
    MD5: 7651727c8b05c762c4efae0a224f92c3
kernel-doc-2.4.21-53.EL.s390.rpm
File outdated by:  RHSA-2009:1550
    MD5: 93fc7baca88bb36556780aaf66416f90
kernel-source-2.4.21-53.EL.s390.rpm
File outdated by:  RHSA-2009:1550
    MD5: 21a066b295363b8e22d671603e1ab5dd
kernel-unsupported-2.4.21-53.EL.s390.rpm
File outdated by:  RHSA-2009:1550
    MD5: 8d1da2180806c3654af48587948a5994
 
s390x:
kernel-2.4.21-53.EL.s390x.rpm
File outdated by:  RHSA-2009:1550
    MD5: 795d3ac785caab9befd45edb9f98f787
kernel-doc-2.4.21-53.EL.s390x.rpm
File outdated by:  RHSA-2009:1550
    MD5: bbe1dcab582e792a3200ff69557cf7bf
kernel-source-2.4.21-53.EL.s390x.rpm
File outdated by:  RHSA-2009:1550
    MD5: cc0f24530dd8b0adf53378f702107e71
kernel-unsupported-2.4.21-53.EL.s390x.rpm
File outdated by:  RHSA-2009:1550
    MD5: e710ac2b4a5263884f7f63ace4c402a8
 
x86_64:
kernel-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 22267331e595689b6b7c6ddbc92b3e66
kernel-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66cdd20c8c8059e92593b2acdbb1357d
kernel-doc-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 4e281964dadc7aa8afcf7364102cf8d6
kernel-smp-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 65ef6c81fad4acbff6a4626888e49c6c
kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 0f8c0fd98410071fafa0b892c22a075b
kernel-source-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bf9539cde0b3e4a42c95e2302c2568aa
kernel-unsupported-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 595d8cee6a98e3813fb29a3eaa3a51f4
kernel-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bc60307faf9dd46e819e0e67cb9bbf2d
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
kernel-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 5ed3ebaa27fe3523e6287afe9da778df
kernel-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: aaaa37a37c4d9d50f85c3d33ea75c2d5
kernel-BOOT-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: c750ed31d9402c48bb0831443947b1b3
kernel-doc-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 2ca9bf21f2bbbf0bcbcb2501ca972f4e
kernel-hugemem-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: c3e41830403b446d494e0fcb0668ffb6
kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 125a006ee18d4a5afc652547252f77b4
kernel-smp-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: b6966cff1cca0a9b4c53f7ac8bc7c8ec
kernel-smp-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 874b032f5f12e35a66842966dfe615fc
kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: e1f6b9b5f82534206d68de57173cebc7
kernel-smp-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 7ee65541e62b6e76a0f0c8c8ffacfe7b
kernel-source-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 25eb44031ca51e13c3518cbfa5d14868
kernel-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 38292e5677afeca19eff46011643b687
kernel-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 8e81ce663a85ccdb323ae10be861965e
 
IA-64:
kernel-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 58ce57bce8a0f72f8239b4412ec5f0d0
kernel-doc-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 85811f0f247d9bb01e1b823de7fb429b
kernel-source-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: dcc30f9dd34cf5c7666d71b2fae6d975
kernel-unsupported-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66e70d213977984f6a3f189a74ad0963
 
x86_64:
kernel-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 22267331e595689b6b7c6ddbc92b3e66
kernel-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66cdd20c8c8059e92593b2acdbb1357d
kernel-doc-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 4e281964dadc7aa8afcf7364102cf8d6
kernel-smp-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 65ef6c81fad4acbff6a4626888e49c6c
kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 0f8c0fd98410071fafa0b892c22a075b
kernel-source-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bf9539cde0b3e4a42c95e2302c2568aa
kernel-unsupported-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 595d8cee6a98e3813fb29a3eaa3a51f4
kernel-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bc60307faf9dd46e819e0e67cb9bbf2d
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
kernel-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 5ed3ebaa27fe3523e6287afe9da778df
kernel-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: aaaa37a37c4d9d50f85c3d33ea75c2d5
kernel-BOOT-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: c750ed31d9402c48bb0831443947b1b3
kernel-doc-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 2ca9bf21f2bbbf0bcbcb2501ca972f4e
kernel-hugemem-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: c3e41830403b446d494e0fcb0668ffb6
kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 125a006ee18d4a5afc652547252f77b4
kernel-smp-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: b6966cff1cca0a9b4c53f7ac8bc7c8ec
kernel-smp-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 874b032f5f12e35a66842966dfe615fc
kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: e1f6b9b5f82534206d68de57173cebc7
kernel-smp-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 7ee65541e62b6e76a0f0c8c8ffacfe7b
kernel-source-2.4.21-53.EL.i386.rpm
File outdated by:  RHSA-2009:1550
    MD5: 25eb44031ca51e13c3518cbfa5d14868
kernel-unsupported-2.4.21-53.EL.athlon.rpm
File outdated by:  RHSA-2009:1550
    MD5: 38292e5677afeca19eff46011643b687
kernel-unsupported-2.4.21-53.EL.i686.rpm
File outdated by:  RHSA-2009:1550
    MD5: 8e81ce663a85ccdb323ae10be861965e
 
IA-64:
kernel-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 58ce57bce8a0f72f8239b4412ec5f0d0
kernel-doc-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 85811f0f247d9bb01e1b823de7fb429b
kernel-source-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: dcc30f9dd34cf5c7666d71b2fae6d975
kernel-unsupported-2.4.21-53.EL.ia64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66e70d213977984f6a3f189a74ad0963
 
x86_64:
kernel-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 22267331e595689b6b7c6ddbc92b3e66
kernel-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 66cdd20c8c8059e92593b2acdbb1357d
kernel-doc-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 4e281964dadc7aa8afcf7364102cf8d6
kernel-smp-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 65ef6c81fad4acbff6a4626888e49c6c
kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: 0f8c0fd98410071fafa0b892c22a075b
kernel-source-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bf9539cde0b3e4a42c95e2302c2568aa
kernel-unsupported-2.4.21-53.EL.ia32e.rpm
File outdated by:  RHSA-2009:1550
    MD5: 595d8cee6a98e3813fb29a3eaa3a51f4
kernel-unsupported-2.4.21-53.EL.x86_64.rpm
File outdated by:  RHSA-2009:1550
    MD5: bc60307faf9dd46e819e0e67cb9bbf2d
 

Bugs fixed (see bugzilla for more information)

249237 - IPV4 'Treason uncloaked' message - hints at a more general kernel/net bug
250429 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability
250972 - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG
252309 - CVE-2007-4308 Missing ioctl() permission checks in aacraid driver
289151 - CVE-2006-4538 Local DoS with corrupted ELF
294941 - CVE-2007-3739 LTC36188-Don't allow the stack to grow into hugetlb reserved regions


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/