Skip to navigation

Security Advisory Important: kernel security update

Advisory: RHSA-2010:0705-1
Type: Security Advisory
Severity: Important
Issued on: 2010-09-21
Last updated on: 2010-09-21
Affected Products: Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2010-3081

Details

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.4 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel if its length argument
can be controlled from user-space. On 64-bit systems, a local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)

Red Hat would like to thank Ben Hawkes for reporting this issue.

Red Hat is aware that a public exploit for this issue is available. Refer
to Knowledgebase article DOC-40265 for further details:
https://access.redhat.com/kb/docs/DOC-40265

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux EUS (v. 5.4.z server)

SRPMS:
kernel-2.6.18-164.25.2.el5.src.rpm
File outdated by:  RHBA-2011:0956
    MD5: ffade78000c4c88467745124d18ad2f2
SHA-256: ed33d332c61dbf51e82c1ab493f43d13eebc024e8e8cb1c108995fffcb0b705e
 
IA-32:
kernel-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: dd8e9e97427fe0cf33aeb211c4db8b03
SHA-256: 97547629314d69674ef10697585869c749c0453df2bbaaa44e6481ff179ef8ae
kernel-PAE-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 02dff3159f898e54883bc93d7eb1ae19
SHA-256: b41bab3cadf71326b0ec4ba05da821b73e938ef208c4a9e42aef8de954fead16
kernel-PAE-devel-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 51e8acdd39010b844add570de962701c
SHA-256: 70a7dac95f9903341776902a58ce6495df41e1abed4788aadc21de53846662e5
kernel-debug-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7cd465fca39857cb80888f1e50af1917
SHA-256: 5226316a7e05cdf0347e94332a66cf2d3a1886f870345509ea06e30644a03d6f
kernel-debug-devel-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7d0128e556a297af0718678c4c7a494f
SHA-256: 57cb44a51fc028ea91b6af90b76228703bb939ee4485e0742b0ddcb6132f3ce6
kernel-devel-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 1dd217762f3bf6eb29ab5f2570f80f86
SHA-256: 4263bd2fec991d87af2dbc408f52c8f8a84e85ccc2e5d3fdcae5ca2bf19a876e
kernel-doc-2.6.18-164.25.2.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7ced1e96bbedc4e22f6c4570f7235a34
SHA-256: a8a9235455233f7225861f92a008c99e011ce027b99dcae60b62a18ea0fe8ad8
kernel-headers-2.6.18-164.25.2.el5.i386.rpm
File outdated by:  RHBA-2011:0956
    MD5: 807a213223e8d73283d5c0bf7f3edeff
SHA-256: f886bd872db9bd7f6184feb58a4571b21aaf8301baa8235cfe338dbfaba24e7a
kernel-xen-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 53f389e7363c00917df1c811278b2200
SHA-256: e871c002f52745dcf8a0a014c67a7d0e250066697fa7f976e5d76f466debf962
kernel-xen-devel-2.6.18-164.25.2.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: ad9d8ea4927258c4b0c30da5706f13ce
SHA-256: ed2ecc7e21deca331ec96409d140f0ef0ab4add217e039cb4ca2d7245a2a2a82
 
IA-64:
kernel-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 9ddd168a0584aca49b31a5f8ea4ca4cc
SHA-256: 5e3f1489ca9ed19e05fb0a2212ebb637d04d685e11fead2de721f058c50d7e81
kernel-debug-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 2bb435f9795c8648a4bca363caf88671
SHA-256: e1b98ba3e391e3904887101a72bc754e2c4d89ae66522adf98889254530ed050
kernel-debug-devel-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 8b8a17a5a623507f33983452c8ee250e
SHA-256: c68f25c8c5453d1b64529c6b3acbcfa0a7ba448968cb57a6ddba6d35d3b52360
kernel-devel-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: e016414eb64d2f24659d19f6a7dfba4c
SHA-256: 5bc7f5e4da7a44ce05076d36fcab64835fd0559b46613495b86ee8e643f62066
kernel-doc-2.6.18-164.25.2.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7ced1e96bbedc4e22f6c4570f7235a34
SHA-256: a8a9235455233f7225861f92a008c99e011ce027b99dcae60b62a18ea0fe8ad8
kernel-headers-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 6ec86491dd3d3310f29b94debc118987
SHA-256: de666dd4641407d909e9671816fba1e1ec49ce584744e9068924aece27020ba7
kernel-xen-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 84fac2709447778c2c9fc32e5d87cb8f
SHA-256: d9317275b9437873abcbe15ea6204af804dbe2a6bda044b573057c81b4c324d6
kernel-xen-devel-2.6.18-164.25.2.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 1de94a8c33c203726e903b0abe31c178
SHA-256: cdb009fe1c901aa49357c4248ed29b90b28a185f0cce265ed9f2c2a98c5f2f6a
 
PPC:
kernel-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 3c19f6e8ef679128c56bdd26cacd1c84
SHA-256: a363d0a65c682a88a786b0a217d0aced1cefc7d01fbc6fee562048dfb896eb4e
kernel-debug-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 2a9d1dbe09bfee12c01583f59f09fe2d
SHA-256: 6d490ebeb1d356bd1cd2820c828c2e1e2bf400d0827719b697244cc68eeb1909
kernel-debug-devel-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 87296b437d9e37d20b70102e27493475
SHA-256: e3dc31d4b94a65520a25d7b11f318a28a86d31d098a7ad7695837810d8f633e4
kernel-devel-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 01e448dbba9922e55eb9fe371a54e824
SHA-256: 0d961fc397ad55203a01ae420d3066b7b9920683ddde11b18c8017809cf42fdb
kernel-doc-2.6.18-164.25.2.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7ced1e96bbedc4e22f6c4570f7235a34
SHA-256: a8a9235455233f7225861f92a008c99e011ce027b99dcae60b62a18ea0fe8ad8
kernel-headers-2.6.18-164.25.2.el5.ppc.rpm
File outdated by:  RHBA-2011:0956
    MD5: c260fa568e07c7af2a347c9df1d3fd4f
SHA-256: 2e4e1e1e7d487ad209c765b8a1d9d47a06dfbea1fd7a3ef44c2f122ea18db7ad
kernel-headers-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 023a7a7ed23cf01237a81fb01cb2693c
SHA-256: cbf84ef5f6dac8d02c6f61ce11754f41de724525b4f2226734ec52f2735c75d3
kernel-kdump-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 9a7d42de632cfe881ac59309cd6e8357
SHA-256: 160762436a4860db8c5a6512904eaffd5c6c1861c666c2eb72b675e9460b9062
kernel-kdump-devel-2.6.18-164.25.2.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 54f4526059f808e72b7a925c8b0298e1
SHA-256: 6730c06fa367b799feb5f10efb6f0550afed81046d6f6b76825435db9c424b46
 
s390x:
kernel-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 5e55b1038769a6a9f4bfb5e4817c3ff8
SHA-256: 7f133872e18fdfe3f522ef4be644399cadce0aa6f6c758ead242d5d62bafa9ff
kernel-debug-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 49f8bb1d0dc455e46597d509d959a199
SHA-256: 72dd25ab93d3bc28b95c57f437231f03c49e899ec892d772418095e4ee6c6e74
kernel-debug-devel-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: d5913ace9f2641e05a9c7f156fd57e4a
SHA-256: d43937043b2940e82a21ee4b0d4bda48582a8ff18faca592e5a6d4df4d61bf7f
kernel-devel-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: d76c19794b9ba90ca3aeb4275326486d
SHA-256: 3448728c9495fa10e78b7deee87d0c7d7e6572febe3787518cbc8a03b5494735
kernel-doc-2.6.18-164.25.2.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7ced1e96bbedc4e22f6c4570f7235a34
SHA-256: a8a9235455233f7225861f92a008c99e011ce027b99dcae60b62a18ea0fe8ad8
kernel-headers-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 640f2ea7dcd6a08094a540e60a5c3f45
SHA-256: 2200bac1e986e66afd5ca8d366d24313cc1fc11ff02570efb1f3be53734bcb10
kernel-kdump-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: d4c329b38a01d45dc2fc16e02eacf0ee
SHA-256: d87f56e5634596ef2086b7fe31ceda4eea40a6c80564b77c53eb8cb8f3fd0629
kernel-kdump-devel-2.6.18-164.25.2.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: e8d6727cc4c9d998416cf8af6b0d9a13
SHA-256: 82d1fe192f36dbb00292fca77e86fc343364847aa1aa04fe2d894ef73cbb5aa6
 
x86_64:
kernel-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 8618bcf8968e84ce2df5491881b0b7c4
SHA-256: e29fc680806de4ae95ca7adbec6f76b5c283ca55856d53dca46695b975ae5e32
kernel-debug-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 900e717722eb0d2d08ce0fe0a35a37c6
SHA-256: 9bf174c31cc52cd1c07044b5921e93a09921b626f90f71ddb8f7c6f05dec2f2e
kernel-debug-devel-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 8a80f4fb3a70581946021935a379a507
SHA-256: 6f8262f91515167f596c9310978ea2b952f2a2b49f7343f89ba4b09e5d6baf9a
kernel-devel-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 45a7339a3ed479502e3124478d8647c7
SHA-256: f8745485141c3ae639935b9a0aff17e066b35d0eddaca41c202ddb40fc30f507
kernel-doc-2.6.18-164.25.2.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7ced1e96bbedc4e22f6c4570f7235a34
SHA-256: a8a9235455233f7225861f92a008c99e011ce027b99dcae60b62a18ea0fe8ad8
kernel-headers-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 8b7194bebd162792cf91c84db707c5cf
SHA-256: 4215f794dd588c98f08c6cfbbf71d424ce43b0e7dac06ea51c75a8b86ba0117c
kernel-xen-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 40e17aa0fccef391c872f1512eba628a
SHA-256: 0b27bc55efede6a22d45991ad65c157bd9f4ca341f2db2b0f7ec17435a533848
kernel-xen-devel-2.6.18-164.25.2.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: f679737a27d8050a36c99a3dc246b94d
SHA-256: 113ecbd8a885a69cd0bde33fa229254b19286e388d92c25a1647959019d8c732
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/