Oval Definition:	oval:com.redhat.rhsa:def:20080055
Revision Date: 2008-01-31 Version: 644 Title: RHSA-2008:0055: kernel security and bug fix update (Important) Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues: A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug: when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the "pvmove /dev/[device] /dev/[device]" command caused a kernel panic. A "kernel: Unable to handle kernel paging request at virtual address [address]" error was logged by syslog. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Family: unix Class: patch Status: Reference(s): CVE-2007-4130 CVE-2007-5500 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0001 RHSA-2008:0055 RHSA-2008:0055-01 RHSA-2008:0055-01 Platform(s): Red Hat Enterprise Linux 4 Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 4 is installed AND kernel earlier than 0:2.6.9-67.0.4.EL is currently running OR kernel earlier than 0:2.6.9-67.0.4.EL is set to boot up on next boot AND kernel is earlier than 0:2.6.9-67.0.4.EL AND kernel is signed with Red Hat redhatrelease2 key kernel-devel is earlier than 0:2.6.9-67.0.4.EL AND kernel-devel is signed with Red Hat redhatrelease2 key kernel-doc is earlier than 0:2.6.9-67.0.4.EL AND kernel-doc is signed with Red Hat redhatrelease2 key kernel-hugemem is earlier than 0:2.6.9-67.0.4.EL AND kernel-hugemem is signed with Red Hat redhatrelease2 key kernel-hugemem-devel is earlier than 0:2.6.9-67.0.4.EL AND kernel-hugemem-devel is signed with Red Hat redhatrelease2 key kernel-largesmp is earlier than 0:2.6.9-67.0.4.EL AND kernel-largesmp is signed with Red Hat redhatrelease2 key kernel-largesmp-devel is earlier than 0:2.6.9-67.0.4.EL AND kernel-largesmp-devel is signed with Red Hat redhatrelease2 key kernel-smp is earlier than 0:2.6.9-67.0.4.EL AND kernel-smp is signed with Red Hat redhatrelease2 key kernel-smp-devel is earlier than 0:2.6.9-67.0.4.EL AND kernel-smp-devel is signed with Red Hat redhatrelease2 key kernel-xenU is earlier than 0:2.6.9-67.0.4.EL AND kernel-xenU is signed with Red Hat redhatrelease2 key kernel-xenU-devel is earlier than 0:2.6.9-67.0.4.EL AND kernel-xenU-devel is signed with Red Hat redhatrelease2 key
BACK