The remote Scientific Linux host is missing one or more security
CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs
CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl
CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow
CVE-2009-4020 kernel: hfs buffer overflow
This update fixes the following security issues :
- an array index error was found in the gdth driver in the
Linux kernel. A local user could send a specially
crafted IOCTL request that would cause a denial of
service or, possibly, privilege escalation.
- a flaw was found in the collect_rx_frame() function in
the HiSax ISDN driver (hfc_usb) in the Linux kernel. An
attacker could use this flaw to send a specially crafted
HDLC packet that could trigger a buffer out of bounds,
possibly resulting in a denial of service.
- permission issues were found in the megaraid_sas driver
(for SAS based RAID controllers) in the Linux kernel.
The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file
system ('/sys/') had world-writable permissions. This
could allow local, unprivileged users to change the
behavior of the driver. (CVE-2009-3889, CVE-2009-3939,
- a buffer overflow flaw was found in the hfs_bnode_read()
function in the HFS file system implementation in the
Linux kernel. This could lead to a denial of service if
a user browsed a specially crafted HFS file system, for
example, by running 'ls'. (CVE-2009-4020, Low)
This update also fixes the following bugs :
- if a process was using ptrace() to trace a
multi-threaded process, and that multi-threaded process
dumped its core, the process performing the trace could
hang in wait4(). This issue could be triggered by
running 'strace -f' on a multi-threaded process that was
dumping its core, resulting in the strace command
- a bug in the ptrace() implementation could have, in some
cases, caused ptrace_detach() to create a zombie process
if the process being traced was terminated with a
SIGKILL signal. (BZ#555869)
- the kernel-2.6.9-89.0.19.EL update resolved an issue
(CVE-2009-4537) in the Realtek r8169 Ethernet driver.
This update implements a better solution for that issue.
Note: This is not a security regression. The original
fix was complete. This update is adding the official
upstream fix. (BZ#556406)
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8