Skip to navigation

Security Advisory Important: kernel security and enhancement update

Advisory: RHSA-2010:0424-1
Type: Security Advisory
Severity: Important
Issued on: 2010-05-18
Last updated on: 2010-05-18
Affected Products: Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux ES (v. 4.7.z)
CVEs (cve.mitre.org): CVE-2010-1188

Details

Updated kernel packages that fix one security issue and add one enhancement
are now available for Red Hat Enterprise Linux 4.7 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* a use-after-free flaw was found in the tcp_rcv_state_process() function
in the Linux kernel TCP/IP protocol suite implementation. If a system using
IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote
attacker could send an IPv6 packet to that system, causing a kernel panic
(denial of service). (CVE-2010-1188, Important)

This update also adds the following enhancement:

* kernel support for the iptables connlimit module. This module can be used
to help mitigate some types of denial of service attacks. Note: This update
alone does not address connlimit support. A future iptables package update
will allow connlimit to work correctly. (BZ#563222)

Users should upgrade to these updated packages, which contain backported
patches to correct this issue and add this enhancement. The system must be
rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 4.7.z)

SRPMS:
kernel-2.6.9-78.0.31.EL.src.rpm
File outdated by:  RHBA-2010:0887
    MD5: ac11aa7123c3cc20d72ab04c1649fa8d
SHA-256: 339a17412effad25b0bf9a129942d5b08f87fb836099bda666f1e61051976945
 
IA-32:
kernel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 79b77d973133f015ec10b56da90c8f75
SHA-256: b5a65a477774f6fc20cdd0b32b14eff7aacea5c9818c9befb737a9eabfd38277
kernel-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 38c8e9f1d8932b9de24ada2edc6cdb9d
SHA-256: c7b6bc3b101a51e71b0bd5e44fa6ce26c6bd36f2d4e052eab78fc320f7ca6b03
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-hugemem-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 377b6caed0db598d447f709c0bb8f937
SHA-256: 3b5ef7442a2abb050ce44633db0e1055beb2d65578c177a68df0680734b01182
kernel-hugemem-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: eb7e03b37b9611cada71b6fe9930b15d
SHA-256: 8f5f3c6af2f91099c78a9b5e91d43283f925858e34a0f7dc4288f02a7faa88ff
kernel-smp-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 437119ae6d6e7eeb3d334ee94ff2a2e1
SHA-256: fbf66ee50076a5d2ccaa2052030b18e81985263f2fed291f4d37f373697ff36e
kernel-smp-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 6e664e4d8b62512730b70f6c0b646613
SHA-256: c39798e121b2263119c2a2ce098116dc885686b2a60c9b019890227d4c01cd52
kernel-xenU-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 38773d30b97b2f0590f679e4838cdc46
SHA-256: 313cadbaa9735b210e2c8df2c40d481cb7aa7a39d138cbdb7311eedccb48473f
kernel-xenU-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 3baf55cf96d7a101e91feeda9ec44499
SHA-256: 2ce9389cc0a0c7e6270233bc448856172aa627704011d600c56a023227cf576b
 
IA-64:
kernel-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: b5c571c0ed486d3638f82e22db38d74f
SHA-256: 58da6d62a0c3667d12940cc195651d6a4a4c3ddfd86ad3d213e6f7c1977ff2ec
kernel-devel-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: dfbab467846823a6bc226474ae4533d8
SHA-256: 5503e01f1470c0fec215a5c96510ad89751faca15fc6ef12d574212bff8f2600
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-largesmp-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: d4ecebba05549fb65e11ce3bce48a2d8
SHA-256: 442d282898ae1ea229b66e43469337bee66ff0a4e2052961c4b3008532492b0c
kernel-largesmp-devel-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 5b1248aba663259115fd5ce1b2722193
SHA-256: 5b247b1468e8c16f17761c73accf6382b56291ddd44d863deb32f5a66e3814de
 
PPC:
kernel-2.6.9-78.0.31.EL.ppc64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 4b51257c29dd4d8395ede41723edb3aa
SHA-256: 818850d17fcfce71e748015b7b10157894070e03fa9ab0510efa77a99dcc8ef4
kernel-2.6.9-78.0.31.EL.ppc64iseries.rpm
File outdated by:  RHBA-2010:0887
    MD5: 3a085c502925da2c198951eee1dd7080
SHA-256: d49a74b21975cb2fe508a47f148716e3a302a53ca3aa84609a69b499cfd05ed8
kernel-devel-2.6.9-78.0.31.EL.ppc64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 389925ca02a8037668d6350eea21fd79
SHA-256: a97fb0610d4818206daf730d86d5363a43667bc7dab4e138f66f9fccc82a3bd8
kernel-devel-2.6.9-78.0.31.EL.ppc64iseries.rpm
File outdated by:  RHBA-2010:0887
    MD5: 3594940fed4d4470d522e79709fbf80a
SHA-256: b58b18ea497949cf74e7c9af54b50df1e0338576d76a21f8c639bc581b110a88
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-largesmp-2.6.9-78.0.31.EL.ppc64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 74e69ccac38cfe4e0078f6ba6253616d
SHA-256: fe7639dd2808f42eba9336ac11197278b713071538aed7b6c67dca3b6fa8f560
kernel-largesmp-devel-2.6.9-78.0.31.EL.ppc64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 87e52bea06b6f955e8be91fbcb0fd5f3
SHA-256: 6ff3c0f4a82224e256b1d7ce9cca92ffd43809db816185762f4d6cf1bf19a74e
 
s390:
kernel-2.6.9-78.0.31.EL.s390.rpm
File outdated by:  RHBA-2010:0887
    MD5: 47f009e10502f041ae3e06337fa23e4a
SHA-256: e1116a429eb495824b55baf149cb57fc2b40670769d36c3c5b420db5db483a1d
kernel-devel-2.6.9-78.0.31.EL.s390.rpm
File outdated by:  RHBA-2010:0887
    MD5: f6506508d3505b86a9eed06be49330c2
SHA-256: 35d8d73082bc89bd1f9f000d829db6eadb3da35c2ed24867f7c373d2846cd21b
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
 
s390x:
kernel-2.6.9-78.0.31.EL.s390x.rpm
File outdated by:  RHBA-2010:0887
    MD5: 33a4afb4b9554473a452a1f4182fea41
SHA-256: 4866d5b3eac2fe746544427645531a5e67ad031e3169b87a0197d14362bf7898
kernel-devel-2.6.9-78.0.31.EL.s390x.rpm
File outdated by:  RHBA-2010:0887
    MD5: f768f32327220810c9f54857e72504da
SHA-256: e647886b5d86fb80360c3b800a0b85dc446ecea69e5e92d81d8212ede9b19b53
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
 
x86_64:
kernel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: d44bb22d0d42a9375c338464ae0de7d3
SHA-256: 4015fb2fce548361d8cdfa28c31884e890542ea6caf1fb24efb551c390661ce3
kernel-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 73cd1a5a4d9aec17ced414a39186aa43
SHA-256: 7f615c9855afb521da0231b1f529f1db2285e92a3c8be5c6d4314e13b4fd9cdf
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-largesmp-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 253e7490b9377c5b1a38e19a99a7c881
SHA-256: 93b168c24ce4db6afb29e1e200ae8ec029b7d21cf4f5ebaf8fd24eae09f58b0a
kernel-largesmp-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 30b3e1f8c49353dace35f9c9939c6066
SHA-256: 990359d5ea760eaa5d1a16884571d7649afd439772ca9d24035251b6c4754b58
kernel-smp-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: fda02d4848732efce68e65fe3f587e46
SHA-256: 22e31f662a297e8e6a8011f0cc8af2be69c4b54e39975a580c95c493889132c4
kernel-smp-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 255438af6b757498a707a10a7e244c33
SHA-256: 52a7117fefcb64944f258c5c215ae8ae168fd28d82d325107afa79985120be31
kernel-xenU-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 7fcf83d2aae93d0a6db293caf3ab8fe2
SHA-256: 99288c6541c3083a48735d5310dcff635f8292ae9cf40f0b187e2a6d71f2a054
kernel-xenU-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: efb2e48f0783098a2a661afa455d1d50
SHA-256: 2108ef4542d60bca1c7f0959e83569ba4af3851b55900f64fc9e12295cdd3d68
 
Red Hat Enterprise Linux ES (v. 4.7.z)

SRPMS:
kernel-2.6.9-78.0.31.EL.src.rpm
File outdated by:  RHBA-2010:0887
    MD5: ac11aa7123c3cc20d72ab04c1649fa8d
SHA-256: 339a17412effad25b0bf9a129942d5b08f87fb836099bda666f1e61051976945
 
IA-32:
kernel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 79b77d973133f015ec10b56da90c8f75
SHA-256: b5a65a477774f6fc20cdd0b32b14eff7aacea5c9818c9befb737a9eabfd38277
kernel-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 38c8e9f1d8932b9de24ada2edc6cdb9d
SHA-256: c7b6bc3b101a51e71b0bd5e44fa6ce26c6bd36f2d4e052eab78fc320f7ca6b03
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-hugemem-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 377b6caed0db598d447f709c0bb8f937
SHA-256: 3b5ef7442a2abb050ce44633db0e1055beb2d65578c177a68df0680734b01182
kernel-hugemem-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: eb7e03b37b9611cada71b6fe9930b15d
SHA-256: 8f5f3c6af2f91099c78a9b5e91d43283f925858e34a0f7dc4288f02a7faa88ff
kernel-smp-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 437119ae6d6e7eeb3d334ee94ff2a2e1
SHA-256: fbf66ee50076a5d2ccaa2052030b18e81985263f2fed291f4d37f373697ff36e
kernel-smp-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 6e664e4d8b62512730b70f6c0b646613
SHA-256: c39798e121b2263119c2a2ce098116dc885686b2a60c9b019890227d4c01cd52
kernel-xenU-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 38773d30b97b2f0590f679e4838cdc46
SHA-256: 313cadbaa9735b210e2c8df2c40d481cb7aa7a39d138cbdb7311eedccb48473f
kernel-xenU-devel-2.6.9-78.0.31.EL.i686.rpm
File outdated by:  RHBA-2010:0887
    MD5: 3baf55cf96d7a101e91feeda9ec44499
SHA-256: 2ce9389cc0a0c7e6270233bc448856172aa627704011d600c56a023227cf576b
 
IA-64:
kernel-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: b5c571c0ed486d3638f82e22db38d74f
SHA-256: 58da6d62a0c3667d12940cc195651d6a4a4c3ddfd86ad3d213e6f7c1977ff2ec
kernel-devel-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: dfbab467846823a6bc226474ae4533d8
SHA-256: 5503e01f1470c0fec215a5c96510ad89751faca15fc6ef12d574212bff8f2600
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-largesmp-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: d4ecebba05549fb65e11ce3bce48a2d8
SHA-256: 442d282898ae1ea229b66e43469337bee66ff0a4e2052961c4b3008532492b0c
kernel-largesmp-devel-2.6.9-78.0.31.EL.ia64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 5b1248aba663259115fd5ce1b2722193
SHA-256: 5b247b1468e8c16f17761c73accf6382b56291ddd44d863deb32f5a66e3814de
 
x86_64:
kernel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: d44bb22d0d42a9375c338464ae0de7d3
SHA-256: 4015fb2fce548361d8cdfa28c31884e890542ea6caf1fb24efb551c390661ce3
kernel-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 73cd1a5a4d9aec17ced414a39186aa43
SHA-256: 7f615c9855afb521da0231b1f529f1db2285e92a3c8be5c6d4314e13b4fd9cdf
kernel-doc-2.6.9-78.0.31.EL.noarch.rpm
File outdated by:  RHBA-2010:0887
    MD5: ca3dfe556e744a2ed8d70ff87ce933c2
SHA-256: 4fb0c599a6949bd22ee188e875ed75c4a70109cf56091cbc739cc75fdb5bd664
kernel-largesmp-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 253e7490b9377c5b1a38e19a99a7c881
SHA-256: 93b168c24ce4db6afb29e1e200ae8ec029b7d21cf4f5ebaf8fd24eae09f58b0a
kernel-largesmp-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 30b3e1f8c49353dace35f9c9939c6066
SHA-256: 990359d5ea760eaa5d1a16884571d7649afd439772ca9d24035251b6c4754b58
kernel-smp-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: fda02d4848732efce68e65fe3f587e46
SHA-256: 22e31f662a297e8e6a8011f0cc8af2be69c4b54e39975a580c95c493889132c4
kernel-smp-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 255438af6b757498a707a10a7e244c33
SHA-256: 52a7117fefcb64944f258c5c215ae8ae168fd28d82d325107afa79985120be31
kernel-xenU-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: 7fcf83d2aae93d0a6db293caf3ab8fe2
SHA-256: 99288c6541c3083a48735d5310dcff635f8292ae9cf40f0b187e2a6d71f2a054
kernel-xenU-devel-2.6.9-78.0.31.EL.x86_64.rpm
File outdated by:  RHBA-2010:0887
    MD5: efb2e48f0783098a2a661afa455d1d50
SHA-256: 2108ef4542d60bca1c7f0959e83569ba4af3851b55900f64fc9e12295cdd3d68
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

563222 - [RFE ] Connlimit kernel module support [rhel-4.9] [rhel-4.7.z]
577711 - CVE-2010-1188 kernel: ipv6: skb is unexpectedly freed


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/