| Description: | The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important)
a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important)
a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important)
a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate)
an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low)
Red Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.
Bug fixes:
a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot. (BZ#567205)
the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Red Hat Enterprise Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM. (BZ#574392)
RHSA-2009:1024 introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234)
a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089)
on some systems, using the "arp_validate=3" bonding option caused both links to show as "down" even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842)
in some circumstances, when a Red Hat Enterprise Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic. "bad_inode_ops" handling was changed to prevent this. Note: filehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908)
when installing a Red Hat Enterprise Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911)
Enhancements:
kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly. (BZ#563223)
support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events. (BZ#582913)
kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241)
Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
|