Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2010:0907-1
Type: Security Advisory
Severity: Important
Issued on: 2010-11-23
Last updated on: 2010-11-23
Affected Products: Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2010-2521

Details

Updated kernel packages that fix one security issue and four bugs are now
available for Red Hat Enterprise Linux 5.4 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* Buffer overflow flaws were found in the Linux kernel's implementation of
the server-side External Data Representation (XDR) for the Network File
System (NFS) version 4. An attacker on the local network could send a
specially-crafted large compound request to the NFSv4 server, which could
possibly result in a kernel panic (denial of service) or, potentially, code
execution. (CVE-2010-2521, Important)

This update also fixes the following bugs:

* A race condition existed when generating new process IDs with the result
that the wrong process could have been signaled or killed accidentally,
leading to various application faults. This update detects and disallows
the reuse of PID numbers. (BZ#638865)

* In a two node cluster, moving 100 files between two folders using the
lock master was nearly instantaneous. However, not using the lock master
resulted in considerably worse performance on both GFS1 (Global File System
1) and GFS2 (Global File System 2) file systems. With this update, not
using the lock master does not lead to worsened performance on either of
the aforementioned file systems. (BZ#639071)

* The device naming changed after additional devices were added to the
system and caused various problems. With this update, device naming remains
constant after adding any additional devices. (BZ#646764)

* On some bnx2-based devices, frames could drop unexpectedly. This was
shown by the increasing "rx_fw_discards" values in the "ethtool
--statistics" output. With this update, frames are no longer dropped and
all bnx2-based devices work as expected. (BZ#649254)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux EUS (v. 5.4.z server)

SRPMS:
kernel-2.6.18-164.30.1.el5.src.rpm
File outdated by:  RHBA-2011:0956
    MD5: 0ba35bfc67014a5d89b5021eca6f36e7
SHA-256: 3079de4af34c3ae70240e1dd11c4bd9542b045279e1cf455c9e0dc374b23968b
 
IA-32:
kernel-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7631352f5db9fe0e556eda2a49a04155
SHA-256: 4e528675d9eb5d0c21adf46996e0320ed4238aae3076e2cf663e45ae0ee6bfb6
kernel-PAE-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 975bfadbe516e7f51c3ecdcc7d8ab6f1
SHA-256: 8a1ad43bbaecfd2e482e289ac9258fdf6dded5e087b753e4e9f192776c0dc5ac
kernel-PAE-devel-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 3abd503d065ac18fe439180b7b7df777
SHA-256: 3e02e9f28c8ce17937e1d1bd35ba6035bf7f998ffe9bb47c267beb9a258c97ca
kernel-debug-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 2adbdecd45f94f668ba1d8310b8bf1ac
SHA-256: 0a9981f779b2e99776086ffd245c55ef82ed2679fa5256cba912289ebcaef59d
kernel-debug-devel-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: e75af647601e138ae90c04a62747081c
SHA-256: 8fedb94c8d854ff85c55d55e0b2f87b6d64b2c08c7229d207ee156132334975a
kernel-devel-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 00e0f69832ac196b4b094936aa6fe952
SHA-256: 49e7eb5c3db2057343b5ebbc3e927fb911a1c68c9c3cbef32fac7e1f498efe80
kernel-doc-2.6.18-164.30.1.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: c6500ac8afc6522d8b28fd46b75ba000
SHA-256: b2b191f96ad70c3ada74e863c10d266f3f1ea4eabcd779da68319513e2b61f4f
kernel-headers-2.6.18-164.30.1.el5.i386.rpm
File outdated by:  RHBA-2011:0956
    MD5: 3088b2321034eccb367c5b93e58bd603
SHA-256: cb837ab991c44acc39d4fb6eae81ce20a4f527c4d5158f5fecff735af073474e
kernel-xen-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 01b38ca021acb3e07549ecba8b2a1675
SHA-256: 7753dc3619f305df9c527e86ec84ac9ecee353c28af17c98140dd44587b98d8b
kernel-xen-devel-2.6.18-164.30.1.el5.i686.rpm
File outdated by:  RHBA-2011:0956
    MD5: 2de5983a0a3d258128ae06b6d253824f
SHA-256: ae71ebb07128ba2b61964759effdb75c862584307430f3336ec2da58ad266892
 
IA-64:
kernel-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: ba44a008c5f99e2f6d63f79c5e050bbc
SHA-256: d2a5f77c2b1f84a9fe5f0e438f32803336bfdc3dfdbbda70c1276b9bada6d1c7
kernel-debug-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 0454fb30fefa1c559f1a1ce1795ac8df
SHA-256: 8073b34de20827fb591cdd0b0955702369d2ff50253e38219f92c0825344dd33
kernel-debug-devel-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 52152f8b87d2ee0ac0f78feed89ff257
SHA-256: f93bdd01d68f7cb5776b9f7f88f0def2db330246e0626ac8d8deac106b6851b0
kernel-devel-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 232f5a2e167b00fba274679bf0148532
SHA-256: 12c9014a04d6b8f2fb11781978203d3a2a83d898654e5f61d21961f19a0fe2f6
kernel-doc-2.6.18-164.30.1.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: c6500ac8afc6522d8b28fd46b75ba000
SHA-256: b2b191f96ad70c3ada74e863c10d266f3f1ea4eabcd779da68319513e2b61f4f
kernel-headers-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 28c93ab71cb7402251de9276570b7c46
SHA-256: 228d362dcc74a1b640b68b81ed8a96b8dbaabfd92193ecd64bf20b405a5798fe
kernel-xen-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 7fcc694a461a9d4581f2bc1e05de46bb
SHA-256: ffdb4e2105e7453d095f11414f0bfd83daec91c7d652ec5eea6b9a94b2428bc8
kernel-xen-devel-2.6.18-164.30.1.el5.ia64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 8522b6c2cfedbff962e78e50355c9169
SHA-256: 3abe9478477005e9f8d3ae829e4be55446d9d7f2017dbe99f9088bc3eed9a73a
 
PPC:
kernel-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 653176b77132dcecaa8c287933d84793
SHA-256: 02370aee02303a90c356d8ef9a5e26a23cb59b592b24fdaf0cec2e05b061ea54
kernel-debug-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 18dd41e4cd7d190e50f8bbb7abeaf441
SHA-256: b39999be21e905112565ba44cd9f35a64d8b957f8f2a383455eaea1f73d0ae1b
kernel-debug-devel-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 0c8922ec26f175139c094cd13bf4646c
SHA-256: 490203cc1d45999a9ac4b15f2ceaba873e783d160c0d34a55776d38a8c15d466
kernel-devel-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 3eb492b3e65e07214a2a5ae6ee77b9ee
SHA-256: 230b2f6d8f7b3cd8f9e0353c5ed7632ef8c1f820cc65912618808132bfc47bb8
kernel-doc-2.6.18-164.30.1.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: c6500ac8afc6522d8b28fd46b75ba000
SHA-256: b2b191f96ad70c3ada74e863c10d266f3f1ea4eabcd779da68319513e2b61f4f
kernel-headers-2.6.18-164.30.1.el5.ppc.rpm
File outdated by:  RHBA-2011:0956
    MD5: 9803c6a9b741a203baa3d37818d23e63
SHA-256: ad03fae6ec4b275a1a1a43f4f388a167d62952175ac2e4cf661ed802c3a744f4
kernel-headers-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 34a32657e60aa18911cafc07d315a32f
SHA-256: 06117b10da68c42dfabdd1a2cca4b523047cdb8869df1991cd9d7d4deb4a9888
kernel-kdump-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: b96428b1136f191e6ce81a23d1e28fc6
SHA-256: 907f471d2d22efb2a0960ade14cca379491461464571335f3c266670cc41adfc
kernel-kdump-devel-2.6.18-164.30.1.el5.ppc64.rpm
File outdated by:  RHBA-2011:0956
    MD5: df7535084806edad15cb0400770a4524
SHA-256: 62c2b58c9c20ab91cb1b07f32ed3f87944016e9bf4ad7f1794a27ea12b7df594
 
s390x:
kernel-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: e978777dc62f121f0ecb83a37452c8d1
SHA-256: 5e3f0d82774336186565d36d4fcdbfa93efbc78f807c1a74cb838ea95e623d5d
kernel-debug-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 42865cc0d61238d66a4e43092d24b854
SHA-256: 50135857db29c4c8907a2272fa48422c646567563c35ee5c9164b9e599eade1f
kernel-debug-devel-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 02119caed313aff6aeff8774a92d7614
SHA-256: a6d0e25e376c5577cd8eb3692dc97f70fd84ad0c420f5b5e5ed50c5db6ea77b9
kernel-devel-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: fbff75545ff6ff264ac3f15288fec558
SHA-256: bcd6dd6ce9a73f00254932668f748c4510f51d6934bc97615390ede7a6162b6e
kernel-doc-2.6.18-164.30.1.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: c6500ac8afc6522d8b28fd46b75ba000
SHA-256: b2b191f96ad70c3ada74e863c10d266f3f1ea4eabcd779da68319513e2b61f4f
kernel-headers-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 66ac54790d06b3ba54b52e4a7905faba
SHA-256: ce16533ee3d7f9d44bb62a599f03bcb3be96f8a403d1d75aeac08ee09ddec561
kernel-kdump-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: fe797872383b3562508c82e39408807d
SHA-256: b6dabe75dd80b9495c1fd4d0cb219134400a4d3ed3c65e156b7b919008e81df9
kernel-kdump-devel-2.6.18-164.30.1.el5.s390x.rpm
File outdated by:  RHBA-2011:0956
    MD5: 3c6912be7912906f321bf41c024d9a8d
SHA-256: b72e02133b2ca30bc0add46216d074995cfbed0702293cacc26e42ed97845595
 
x86_64:
kernel-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 0cccfb0c838b8d0e6f6dd8cef575590e
SHA-256: 0109e7cbf4d988e2e2a94adb03868aed39bb1825888a358dfee4d313ef719648
kernel-debug-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: f61054b343e49b44c62b452b84ef0df3
SHA-256: 658e31ff0e883d5a8fbeca8b55ecbfaf3e82f721a09dd278c49abde6e3055943
kernel-debug-devel-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 2794c9e9a810da1be1f7d0c4cd4de2c9
SHA-256: a7a223c97f9c6bc2e4cec6608aed325eb4b077e289e2f790c95d29521e12fb2c
kernel-devel-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: 51d62d2c6119bf09d98446aa32c21f1e
SHA-256: e5da4f2aa6d5e12560ff33e8231ee82d49dc83bbf1571d49749a7f2b03a9215d
kernel-doc-2.6.18-164.30.1.el5.noarch.rpm
File outdated by:  RHBA-2011:0956
    MD5: c6500ac8afc6522d8b28fd46b75ba000
SHA-256: b2b191f96ad70c3ada74e863c10d266f3f1ea4eabcd779da68319513e2b61f4f
kernel-headers-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: e1b532474c82c3981723b22694a56b23
SHA-256: 9f9a3e82d6021a5d995a2ceed4d4fa4688bd078390e516041e4b4c12cf089891
kernel-xen-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: b818b605c7dcadf6f079e30c0b677679
SHA-256: 877cdc9603a857b48fd8e8d2442364d2b4388f9276358004b6b2c8cae16f9e1e
kernel-xen-devel-2.6.18-164.30.1.el5.x86_64.rpm
File outdated by:  RHBA-2011:0956
    MD5: c305be3bf446aebbb8341400354446ae
SHA-256: e2dbb5765d7f24d8f4570a69ccd09f83426702a0c871c6b8e147380c15611711
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf
638865 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.4.z]
639071 - GFS1 vs GFS2 performance issue [rhel-5.4.z]
646764 - RHEL5.6 Include DL580 G7 in bfsort whitelist [rhel-5.4.z]
649254 - bnx2 adapter periodically dropping received packets [rhel-5.4.z]


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/