RHEL 4 : kernel (RHSA-2009:1024)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages are now available as part of the ongoing
support and maintenance of Red Hat Enterprise Linux version 4. This is
the eighth regular update.

These updated packages fix two security issues, hundreds of bugs, and
add numerous enhancements. Space precludes a detailed description of
each of these in this advisory. Refer to the Red Hat Enterprise Linux
4.8 Release Notes for information on 22 of the most significant of
these changes. For more detailed information on specific bug fixes or
enhancements, refer to the Bugzilla numbers associated with this
advisory.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fixes :

* the exit_notify() function in the Linux kernel did not properly
reset the exit signal if a process executed a set user ID (setuid)
application before exiting. This could allow a local, unprivileged
user to elevate their privileges. (CVE-2009-1337, Important)

* the Linux kernel implementation of the Network File System (NFS) did
not properly initialize the file name limit in the nfs_server data
structure. This flaw could possibly lead to a denial of service on a
client mounting an NFS share. (CVE-2009-1336, Moderate)

Bug Fixes and Enhancements :

Kernel Feature Support :

* added a new allowable value to '/proc/sys/kernel/wake_balance' to
allow the scheduler to run the thread on any available CPU rather than
scheduling it on the optimal CPU. * added 'max_writeback_pages'
tunable parameter to /proc/sys/vm/ to allow the maximum number of
modified pages kupdate writes to disk, per iteration per run. * added
'swap_token_timeout' tunable parameter to /proc/sys/vm/ to provide a
valid hold time for the swap out protection token. * added diskdump
support to sata_svw driver. * limited physical memory to 64GB for
32-bit kernels running on systems with more than 64GB of physical
memory to prevent boot failures. * improved reliability of autofs. *
added support for 'rdattr_error' in NFSv4 readdir requests. * fixed
various short packet handling issues for NFSv4 readdir and sunrpc. *
fixed several CIFS bugs.

Networking and IPv6 Enablement :

* added router solicitation support. * enforced sg requires tx csum in
ethtool.

Platform Support :

x86, AMD64, Intel 64, IBM System z

* added support for a new Intel chipset. * added initialization vendor
info in boot_cpu_data. * added support for N_Port ID Virtualization
(NPIV) for IBM System z guests using zFCP. * added HDMI support for
some AMD and ATI chipsets. * updated HDA driver in ALSA to latest
upstream as of 2008-07-22. * added support for affected_cpus for
cpufreq. * removed polling timer from i8042. * fixed PM-Timer when
using the ASUS A8V Deluxe motherboard. * backported usbfs_mutex in
usbfs.

64-bit PowerPC :

* updated eHEA driver from version 0078-04 to 0078-08. * updated
logging of checksum errors in the eHEA driver.

Network Driver Updates :

* updated forcedeth driver to latest upstream version 0.61. * fixed
various e1000 issues when using Intel ESB2 hardware. * updated e1000e
driver to upstream version 0.3.3.3-k6. * updated igb to upstream
version 1.2.45-k2. * updated tg3 to upstream version 3.96. * updated
ixgbe to upstream version 1.3.18-k4. * updated bnx2 to upstream
version 1.7.9. * updated bnx2x to upstream version 1.45.23. * fixed
bugs and added enhancements for the NetXen NX2031 and NX3031 products.
* updated Realtek r8169 driver to support newer network chipsets. All
variants of RTL810x/RTL8168(9) are now supported.

Storage Driver Updates :

* fixed various SCSI issues. Also, the SCSI sd driver now calls the
revalidate_disk wrapper. * fixed a dmraid reduced I/O delay bug in
certain configurations. * removed quirk aac_quirk_scsi_32 for some
aacraid controllers. * updated FCP driver on IBM System z systems with
support for point-to-point connections. * updated lpfc to version
8.0.16.46. * updated megaraid_sas to version 4.01-RH1. * updated MPT
Fusion driver to version 3.12.29.00rh. * updated qla2xxx firmware to
4.06.01 for 4GB/s and 8GB/s adapters. * updated qla2xxx driver to
version 8.02.09.00.04.08-d. * fixed sata_nv in libsata to disable ADMA
mode by default.

Miscellaneous Updates :

* upgraded OpenFabrics Alliance Enterprise Distribution (OFED) to
version 1.4. * added driver support and fixes for various Wacom
tablets.

Users should install this update, which resolves these issues and adds
these enhancements.

See also :

https://www.redhat.com/security/data/cve/CVE-2009-1336.html
https://www.redhat.com/security/data/cve/CVE-2009-1337.html
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/4.8/html/
http://rhn.redhat.com/errata/RHSA-2009-1024.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 38818 ()

Bugtraq ID:

CVE ID: CVE-2009-1336
CVE-2009-1337