Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2008:0089-21
Type: Security Advisory
Severity: Important
Issued on: 2008-01-23
Last updated on: 2008-01-23
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2007-3104
CVE-2007-5904
CVE-2007-6206
CVE-2007-6416
CVE-2008-0001

Details

Updated kernel packages that fix several security issues and several bugs
in the Red Hat Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These new kernel packages fix the following security issues:

A flaw was found in the virtual filesystem (VFS). An unprivileged local
user could truncate directories to which they had write permission; this
could render the contents of the directory inaccessible. (CVE-2008-0001,
Important)

A flaw was found in the Xen PAL emulation on Intel 64 platforms. A guest
Hardware-assisted virtual machine (HVM) could read the arbitrary physical
memory of the host system, which could make information available to
unauthorized users. (CVE-2007-6416, Important)

A flaw was found in the way core dump files were created. If a local user
can get a root-owned process to dump a core file into a directory, which
the user has write access to, they could gain read access to that core
file, potentially containing sensitive information. (CVE-2007-6206, Moderate)

A buffer overflow flaw was found in the CIFS virtual file system. A
remote,authenticated user could issue a request that could lead to a denial
of service. (CVE-2007-5904, Moderate)

A flaw was found in the "sysfs_readdir" function. A local user could create
a race condition which would cause a denial of service (kernel oops).
(CVE-2007-3104, Moderate)

As well, these updated packages fix the following bugs:

* running the "strace -f" command caused strace to hang, without displaying
information about child processes.

* unmounting an unresponsive, interruptable NFS mount, for example, one
mounted with the "intr" option, may have caused a system crash.

* a bug in the s2io.ko driver prevented VLAN devices from being added.
Attempting to add a device to a VLAN, for example, running the "vconfig
add [device-name] [vlan-id]" command caused vconfig to fail.

* tux used an incorrect open flag bit. This caused problems when building
packages in a chroot environment, such as mock, which is used by the koji
build system.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
kernel-2.6.18-53.1.6.el5.src.rpm
File outdated by:  RHSA-2008:0275
    MD5: 8e69d68ee97d8672e19257a4639ab0fe
 
IA-32:
kernel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4573530ae9aa2ba19c0d206d9992f4dd
kernel-PAE-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: f845c8ac2d0b140bcd2b664f45d1b547
kernel-PAE-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 70e40f6905ccb08c2d6f9fdf1209dcd8
kernel-debug-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 689986d2f9d9800c256aa531ec6c59cc
kernel-debug-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 10c9afbe24e6654f25083dad655c3f9d
kernel-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: c5f0f3c35bbb20bf6c7dc7fa1cfcae40
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.i386.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2a0fc530d7c80944e2fc3d215766532c
kernel-xen-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8374cb83a3feb07cf39a3932f881e947
kernel-xen-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 1bd3ea922af07a07615ee2270befe7e6
 
IA-64:
kernel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: aeb5d2a23f533a23bbaea58891cd6700
kernel-debug-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 3388142d4036b9b4f11334455bed8781
kernel-debug-devel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 58b6f720a668b57fe9fee0d4a3fc2d47
kernel-devel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2003c334fbb08a7775eb4a50821cfaf7
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: f85efe766196e5f1af203202270c0f5d
kernel-xen-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2b36522c390343c45cde7430837c4cd2
kernel-xen-devel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 28d66268b8696927b396b7be22266d3c
 
PPC:
kernel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 89f8fda7ba7a1aa5abefb93ab188754b
kernel-debug-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: f55c12e836f537c7984384fe815ffc0a
kernel-debug-devel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: d231884690bfeafca7190888b4e722c1
kernel-devel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 27cde4f6235cd23f97fd789838d4f8ff
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.ppc.rpm
File outdated by:  RHSA-2014:0285
    MD5: d34ce09bf4c67342fa9323737b13cd9b
kernel-headers-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 143787c4bccf574f7a0369540777a558
kernel-kdump-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: d603fccaed98dfed2e8711bf8ac292b7
kernel-kdump-devel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8713806e0436da906258dcd1a56b86ad
 
s390x:
kernel-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4556f9e1319ceae87635a11aa0c90780
kernel-debug-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2cf90ea706dd77c9cc0b3c38288d9671
kernel-debug-devel-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9c66079be3fee5e57dd6a0f649e0d56d
kernel-devel-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 5b413503508f4f91d2dc98a6d24ea3db
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 1f55a33b1f154c98c2aff439b1db3202
 
x86_64:
kernel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: f6e70522f262918261c3ed503532b086
kernel-debug-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: eee5c8021f569dfd09f12cf5ca526aa4
kernel-debug-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c5c206459166ce6309b79eff64ce6831
kernel-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: ff1d01c975002b525386375f09e83611
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 672aba9a999de72517a57d3fb3624363
kernel-xen-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: fcbcd4544a81489131e76aa5e8940842
kernel-xen-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 72f477f0ed100da867cc6950ce5d012e
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
kernel-2.6.18-53.1.6.el5.src.rpm
File outdated by:  RHSA-2008:0275
    MD5: 8e69d68ee97d8672e19257a4639ab0fe
 
IA-32:
kernel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4573530ae9aa2ba19c0d206d9992f4dd
kernel-PAE-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: f845c8ac2d0b140bcd2b664f45d1b547
kernel-PAE-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 70e40f6905ccb08c2d6f9fdf1209dcd8
kernel-debug-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 689986d2f9d9800c256aa531ec6c59cc
kernel-debug-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 10c9afbe24e6654f25083dad655c3f9d
kernel-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: c5f0f3c35bbb20bf6c7dc7fa1cfcae40
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.i386.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2a0fc530d7c80944e2fc3d215766532c
kernel-xen-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8374cb83a3feb07cf39a3932f881e947
kernel-xen-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 1bd3ea922af07a07615ee2270befe7e6
 
x86_64:
kernel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: f6e70522f262918261c3ed503532b086
kernel-debug-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: eee5c8021f569dfd09f12cf5ca526aa4
kernel-debug-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c5c206459166ce6309b79eff64ce6831
kernel-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: ff1d01c975002b525386375f09e83611
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 672aba9a999de72517a57d3fb3624363
kernel-xen-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: fcbcd4544a81489131e76aa5e8940842
kernel-xen-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 72f477f0ed100da867cc6950ce5d012e
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
kernel-2.6.18-53.1.6.el5.src.rpm
File outdated by:  RHSA-2008:0275
    MD5: 8e69d68ee97d8672e19257a4639ab0fe
 
IA-32:
kernel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: 4573530ae9aa2ba19c0d206d9992f4dd
kernel-PAE-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: f845c8ac2d0b140bcd2b664f45d1b547
kernel-PAE-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: 70e40f6905ccb08c2d6f9fdf1209dcd8
kernel-debug-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: 689986d2f9d9800c256aa531ec6c59cc
kernel-debug-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: 10c9afbe24e6654f25083dad655c3f9d
kernel-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: c5f0f3c35bbb20bf6c7dc7fa1cfcae40
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2008:0275
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.i386.rpm
File outdated by:  RHSA-2008:0275
    MD5: 2a0fc530d7c80944e2fc3d215766532c
kernel-xen-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: 8374cb83a3feb07cf39a3932f881e947
kernel-xen-devel-2.6.18-53.1.6.el5.i686.rpm
File outdated by:  RHSA-2008:0275
    MD5: 1bd3ea922af07a07615ee2270befe7e6
 
IA-64:
kernel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: aeb5d2a23f533a23bbaea58891cd6700
kernel-debug-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 3388142d4036b9b4f11334455bed8781
kernel-debug-devel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 58b6f720a668b57fe9fee0d4a3fc2d47
kernel-devel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 2003c334fbb08a7775eb4a50821cfaf7
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2008:0275
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: f85efe766196e5f1af203202270c0f5d
kernel-xen-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 2b36522c390343c45cde7430837c4cd2
kernel-xen-devel-2.6.18-53.1.6.el5.ia64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 28d66268b8696927b396b7be22266d3c
 
PPC:
kernel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 89f8fda7ba7a1aa5abefb93ab188754b
kernel-debug-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: f55c12e836f537c7984384fe815ffc0a
kernel-debug-devel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: d231884690bfeafca7190888b4e722c1
kernel-devel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 27cde4f6235cd23f97fd789838d4f8ff
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2008:0275
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.ppc.rpm
File outdated by:  RHSA-2008:0275
    MD5: d34ce09bf4c67342fa9323737b13cd9b
kernel-headers-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 143787c4bccf574f7a0369540777a558
kernel-kdump-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: d603fccaed98dfed2e8711bf8ac292b7
kernel-kdump-devel-2.6.18-53.1.6.el5.ppc64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 8713806e0436da906258dcd1a56b86ad
 
s390x:
kernel-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2008:0275
    MD5: 4556f9e1319ceae87635a11aa0c90780
kernel-debug-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2008:0275
    MD5: 2cf90ea706dd77c9cc0b3c38288d9671
kernel-debug-devel-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2008:0275
    MD5: 9c66079be3fee5e57dd6a0f649e0d56d
kernel-devel-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2008:0275
    MD5: 5b413503508f4f91d2dc98a6d24ea3db
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2008:0275
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.s390x.rpm
File outdated by:  RHSA-2008:0275
    MD5: 1f55a33b1f154c98c2aff439b1db3202
 
x86_64:
kernel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: f6e70522f262918261c3ed503532b086
kernel-debug-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: eee5c8021f569dfd09f12cf5ca526aa4
kernel-debug-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: c5c206459166ce6309b79eff64ce6831
kernel-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: ff1d01c975002b525386375f09e83611
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
File outdated by:  RHSA-2008:0275
    MD5: 0375909d5ebbe5da7e5366f37641116f
kernel-headers-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 672aba9a999de72517a57d3fb3624363
kernel-xen-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: fcbcd4544a81489131e76aa5e8940842
kernel-xen-devel-2.6.18-53.1.6.el5.x86_64.rpm
File outdated by:  RHSA-2008:0275
    MD5: 72f477f0ed100da867cc6950ce5d012e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

245777 - CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir [rhel-5.1.z]
372701 - CVE-2007-5904 Buffer overflow in CIFS VFS
396861 - CVE-2007-6206 Issue with core dump owner
412091 - [RHEL5 U1] [ia64] Kernel test failing under limited memory
414041 - NFS: System crashes trying to force umount a unresponsive, interruptible mount, which holds references to silly renamed files.
424181 - RHEL5.1 beta: System hung during warm boot-cycling test
425381 - CVE-2007-6416 [RHEL 5.2] [XEN/IA64] Security: vulnerability of copy_to_user in PAL emulation
426289 - [REG][5.1] VLAN add operation fail on s2io.ko driver(Neterion 10GbE card driver),
427994 - CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir
428791 - CVE-2008-0001 kernel: filesystem corruption by unprivileged user via directory truncation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/