Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2008:0275-7
Type: Security Advisory
Severity: Important
Issued on: 2008-05-20
Last updated on: 2008-05-20
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2007-5093
CVE-2007-6282
CVE-2007-6712
CVE-2008-1615

Details

Updated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* on AMD64 architectures, the possibility of a kernel crash was discovered
by testing the Linux kernel process-trace ability. This could allow a local
unprivileged user to cause a denial of service (kernel crash).
(CVE-2008-1615, Important)

* on 64-bit architectures, the possibility of a timer-expiration value
overflow was found in the Linux kernel high-resolution timers
functionality, hrtimer. This could allow a local unprivileged user to setup
a large interval value, forcing the timer expiry value to become negative,
causing a denial of service (kernel hang). (CVE-2007-6712, Important)

* the possibility of a kernel crash was found in the Linux kernel IPsec
protocol implementation, due to improper handling of fragmented ESP
packets. When an attacker controlling an intermediate router fragmented
these packets into very small pieces, it would cause a kernel crash on the
receiving node during packet reassembly. (CVE-2007-6282, Important)

* a potential denial of service attack was discovered in the Linux kernel
PWC USB video driver. A local unprivileged user could use this flaw to
bring the kernel USB subsystem into the busy-waiting state, causing a
denial of service. (CVE-2007-5093, Low)

As well, these updated packages fix the following bugs:

* in certain situations, a kernel hang and a possible panic occurred when
disabling the cpufreq daemon. This may have prevented system reboots from
completing successfully.

* continual "softlockup" messages, which occurred on the guest's console
after a successful save and restore of a Red Hat Enterprise Linux 5
para-virtualized guest, have been resolved.

* in the previous kernel packages, the kernel may not have reclaimed NFS
locks after a system reboot.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux (v. 5 server)

IA-32:
kernel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 1562cc662aa5ac370233cb3cd9f89866
kernel-PAE-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 794bb9d056054f4fb4465e647ef8918c
kernel-PAE-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 677f229b93444173b0ee047de800acd3
kernel-debug-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 39d71c01c9196fdf50eaacbb067c0f09
kernel-debug-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 7b00b9d5931b90a0154665500a5a83fb
kernel-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: a2fb905fde6e98e7b0b396189c7284b8
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.i386.rpm
File outdated by:  RHSA-2014:0433
    MD5: 7b929bcfb7d6fc7a042f1e707daa7520
kernel-xen-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 05d9134d61b644893492336536161d1b
kernel-xen-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: ede8b1d8286719d6f598e00b7150a202
 
IA-64:
kernel-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 68422773357aca99e916cf88862048f5
kernel-debug-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 7c675940c073ee17f3a87e9b362bab21
kernel-debug-devel-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 8dcd6865ac6d99384fb11bf1b60c730c
kernel-devel-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 630189c9842b1f6d08b2e74133cfd70c
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 9dddfe9304ac3e5b1122c0837629f6ba
kernel-xen-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: fef49d810a3ec7a03e816f0d8d91d1b5
kernel-xen-devel-2.6.18-53.1.21.el5.ia64.rpm
File outdated by:  RHSA-2014:0433
    MD5: d827fc4a22b91c038bc79230ef9e1d1c
 
PPC:
kernel-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 39d17a02b4cbfdfb7d1a1a1876c80aec
kernel-debug-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 82cbc744cca39fdeab9632c31c376a19
kernel-debug-devel-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: ac5c07fd395c2dc60fa149ec3da4910c
kernel-devel-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 633ea44111d4f9cdccf1a19f46a5a5ad
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.ppc.rpm
File outdated by:  RHSA-2014:0433
    MD5: 43d6bcbb3927f753ee241fe093d07cda
kernel-headers-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: f10021c36dea6e4dee7bb4e27c02709b
kernel-kdump-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 71eabcd513173400b608da742e6b8d75
kernel-kdump-devel-2.6.18-53.1.21.el5.ppc64.rpm
File outdated by:  RHSA-2014:0433
    MD5: f6a406da9ee0a76115151aef6a539e87
 
s390x:
kernel-2.6.18-53.1.21.el5.s390x.rpm
File outdated by:  RHSA-2014:0433
    MD5: eee9f9363568dae84c7018857805e166
kernel-debug-2.6.18-53.1.21.el5.s390x.rpm
File outdated by:  RHSA-2014:0433
    MD5: 4d4821f89fe73d1d82512ef5495e9238
kernel-debug-devel-2.6.18-53.1.21.el5.s390x.rpm
File outdated by:  RHSA-2014:0433
    MD5: 1f665b1175cfc59d040f1b64e11d943a
kernel-devel-2.6.18-53.1.21.el5.s390x.rpm
File outdated by:  RHSA-2014:0433
    MD5: f9342236e9d369b944da574e52c055b1
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.s390x.rpm
File outdated by:  RHSA-2014:0433
    MD5: 2bd971d80b73ac84fc1a3c32195de385
 
x86_64:
kernel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: d10e48377999aa5e3a4843005fb6295e
kernel-debug-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: f3bd5decfc606a6929ef795a76acaac2
kernel-debug-devel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 87132148ef84bb8aaad4e6315ad56958
kernel-devel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: bd36069f81ee6d950085569b147c15d3
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: c05ac0f09e5c77ef700ac7fd169cb923
kernel-xen-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: f67ac2e09f6d29def272ef7d0bdf6372
kernel-xen-devel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 91d5abd10de7ec395ad18af41b34b091
 
Red Hat Enterprise Linux Desktop (v. 5 client)

IA-32:
kernel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 1562cc662aa5ac370233cb3cd9f89866
kernel-PAE-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 794bb9d056054f4fb4465e647ef8918c
kernel-PAE-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 677f229b93444173b0ee047de800acd3
kernel-debug-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 39d71c01c9196fdf50eaacbb067c0f09
kernel-debug-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 7b00b9d5931b90a0154665500a5a83fb
kernel-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: a2fb905fde6e98e7b0b396189c7284b8
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.i386.rpm
File outdated by:  RHSA-2014:0433
    MD5: 7b929bcfb7d6fc7a042f1e707daa7520
kernel-xen-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: 05d9134d61b644893492336536161d1b
kernel-xen-devel-2.6.18-53.1.21.el5.i686.rpm
File outdated by:  RHSA-2014:0433
    MD5: ede8b1d8286719d6f598e00b7150a202
 
x86_64:
kernel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: d10e48377999aa5e3a4843005fb6295e
kernel-debug-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: f3bd5decfc606a6929ef795a76acaac2
kernel-debug-devel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 87132148ef84bb8aaad4e6315ad56958
kernel-devel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: bd36069f81ee6d950085569b147c15d3
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
File outdated by:  RHSA-2014:0433
    MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: c05ac0f09e5c77ef700ac7fd169cb923
kernel-xen-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: f67ac2e09f6d29def272ef7d0bdf6372
kernel-xen-devel-2.6.18-53.1.21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0433
    MD5: 91d5abd10de7ec395ad18af41b34b091
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

IA-32:
kernel-2.6.18-53.1.21.el5.i686.rpm     MD5: 1562cc662aa5ac370233cb3cd9f89866
kernel-PAE-2.6.18-53.1.21.el5.i686.rpm     MD5: 794bb9d056054f4fb4465e647ef8918c
kernel-PAE-devel-2.6.18-53.1.21.el5.i686.rpm     MD5: 677f229b93444173b0ee047de800acd3
kernel-debug-2.6.18-53.1.21.el5.i686.rpm     MD5: 39d71c01c9196fdf50eaacbb067c0f09
kernel-debug-devel-2.6.18-53.1.21.el5.i686.rpm     MD5: 7b00b9d5931b90a0154665500a5a83fb
kernel-devel-2.6.18-53.1.21.el5.i686.rpm     MD5: a2fb905fde6e98e7b0b396189c7284b8
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm     MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.i386.rpm     MD5: 7b929bcfb7d6fc7a042f1e707daa7520
kernel-xen-2.6.18-53.1.21.el5.i686.rpm     MD5: 05d9134d61b644893492336536161d1b
kernel-xen-devel-2.6.18-53.1.21.el5.i686.rpm     MD5: ede8b1d8286719d6f598e00b7150a202
 
IA-64:
kernel-2.6.18-53.1.21.el5.ia64.rpm     MD5: 68422773357aca99e916cf88862048f5
kernel-debug-2.6.18-53.1.21.el5.ia64.rpm     MD5: 7c675940c073ee17f3a87e9b362bab21
kernel-debug-devel-2.6.18-53.1.21.el5.ia64.rpm     MD5: 8dcd6865ac6d99384fb11bf1b60c730c
kernel-devel-2.6.18-53.1.21.el5.ia64.rpm     MD5: 630189c9842b1f6d08b2e74133cfd70c
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm     MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.ia64.rpm     MD5: 9dddfe9304ac3e5b1122c0837629f6ba
kernel-xen-2.6.18-53.1.21.el5.ia64.rpm     MD5: fef49d810a3ec7a03e816f0d8d91d1b5
kernel-xen-devel-2.6.18-53.1.21.el5.ia64.rpm     MD5: d827fc4a22b91c038bc79230ef9e1d1c
 
PPC:
kernel-2.6.18-53.1.21.el5.ppc64.rpm     MD5: 39d17a02b4cbfdfb7d1a1a1876c80aec
kernel-debug-2.6.18-53.1.21.el5.ppc64.rpm     MD5: 82cbc744cca39fdeab9632c31c376a19
kernel-debug-devel-2.6.18-53.1.21.el5.ppc64.rpm     MD5: ac5c07fd395c2dc60fa149ec3da4910c
kernel-devel-2.6.18-53.1.21.el5.ppc64.rpm     MD5: 633ea44111d4f9cdccf1a19f46a5a5ad
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm     MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.ppc.rpm     MD5: 43d6bcbb3927f753ee241fe093d07cda
kernel-headers-2.6.18-53.1.21.el5.ppc64.rpm     MD5: f10021c36dea6e4dee7bb4e27c02709b
kernel-kdump-2.6.18-53.1.21.el5.ppc64.rpm     MD5: 71eabcd513173400b608da742e6b8d75
kernel-kdump-devel-2.6.18-53.1.21.el5.ppc64.rpm     MD5: f6a406da9ee0a76115151aef6a539e87
 
s390x:
kernel-2.6.18-53.1.21.el5.s390x.rpm     MD5: eee9f9363568dae84c7018857805e166
kernel-debug-2.6.18-53.1.21.el5.s390x.rpm     MD5: 4d4821f89fe73d1d82512ef5495e9238
kernel-debug-devel-2.6.18-53.1.21.el5.s390x.rpm     MD5: 1f665b1175cfc59d040f1b64e11d943a
kernel-devel-2.6.18-53.1.21.el5.s390x.rpm     MD5: f9342236e9d369b944da574e52c055b1
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm     MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.s390x.rpm     MD5: 2bd971d80b73ac84fc1a3c32195de385
 
x86_64:
kernel-2.6.18-53.1.21.el5.x86_64.rpm     MD5: d10e48377999aa5e3a4843005fb6295e
kernel-debug-2.6.18-53.1.21.el5.x86_64.rpm     MD5: f3bd5decfc606a6929ef795a76acaac2
kernel-debug-devel-2.6.18-53.1.21.el5.x86_64.rpm     MD5: 87132148ef84bb8aaad4e6315ad56958
kernel-devel-2.6.18-53.1.21.el5.x86_64.rpm     MD5: bd36069f81ee6d950085569b147c15d3
kernel-doc-2.6.18-53.1.21.el5.noarch.rpm     MD5: 6b84503bccef1ef9bb98aeebf475cf21
kernel-headers-2.6.18-53.1.21.el5.x86_64.rpm     MD5: c05ac0f09e5c77ef700ac7fd169cb923
kernel-xen-2.6.18-53.1.21.el5.x86_64.rpm     MD5: f67ac2e09f6d29def272ef7d0bdf6372
kernel-xen-devel-2.6.18-53.1.21.el5.x86_64.rpm     MD5: 91d5abd10de7ec395ad18af41b34b091
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

306591 - CVE-2007-5093 kernel PWC driver DoS
400821 - rhel5.1s2 hang at 'Disabling ondemand cpu frequency scaling' [rhel-5.1.z]
404291 - CVE-2007-6282 IPSec ESP kernel panics
429516 - booting with maxcpus=1 panics when starting cpufreq service [rhel-5.1.z]
431430 - CVE-2008-1615 kernel: ptrace: Unprivileged crash on x86_64 %cs corruption
439999 - CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang)
444402 - [RHEL5]: Softlockup after save/restore in PV guest
445360 - RHEL5.1 kernel not reclaiming NFS locks when server reboots


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/