__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Updated Kernel Packages Red Hat Enterprise Linux 3 Update 6 [Red Hat RHSA-2005:663-19] September 29, 2005 12:00 GMT Number P-318 [REVISED 16 Dec 2005] [REVISED 24 Mar 2006] [REVISED 20 May 2006] ______________________________________________________________________________ PROBLEM: There are flaws in IPSEC network handling and potential leaks of kernel data from jfs and ext2 file system handling. PLATFORM: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS, ES, WS (v. 3) Debian GNU/Linux 3.1 alias sarge Debian GNU/Linux 3.0 alias woody DAMAGE: Allows a local user to dause a DoS or potentially gain privileges and potential leaks of kernel data. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Allows a local user to dause a DoS or ASSESSMENT: potentially gain privileges and potential leaks of kernel data. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-318.shtml ORIGINAL BULLETIN: Red Hat RHSA-2005:663-19 https://rhn.redhat.com/errata/RHSA-2005-663.html ADDITIONAL LINKS: Debian Security Advisories DSA-922-1 http://www.debian.org/security/2005/dsa-922 DSA-921-1 http://www.debian.org/security/2005/dsa-921 DSA-1017-1 http://www.debian.org/security/2006/dsa-1017 DSA-1018-1 http://www.debian.org/security/2006/dsa-1018 DSA-1082-1 http://www.debian.org/security/2006/dsa-1082 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-2456 CAN-2005-2555 CAN-2004-0181 CAN-2005-0400 ______________________________________________________________________________ REVISION HISTORY: 12/16/2005 - added a link to Debian Security Advisories DSA-921-1 and DSA-922-1 for Debian GNU/Linux 3.1 alias sarge. 03/24/2006 - added a link to DSA 1017 and DSA 1018 05/30/2006 - added a link to Debian Security Advisory DSA-1082-1 for Debian GNU/Linux 3.0 alias woody. [***** Start Red Hat RHSA-2005:663-19 *****] Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6 Advisory: RHSA-2005:663-19 Type: Security Advisory Issued on: 2005-09-28 Last updated on: 2005-09-28 Affected Products: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) CVEs (cve.mitre.org): CAN-2004-0181 CAN-2004-1056 CAN-2005-0124 CAN-2005-0136 CAN-2005-0179 CAN-2005-0210 CAN-2005-0400 CAN-2005-0504 CAN-2005-0756 CAN-2005-0815 CAN-2005-1761 CAN-2005-1762 CAN-2005-1767 CAN-2005-1768 CAN-2005-2456 CAN-2005-2490 CAN-2005-2553 CAN-2005-2555 Details Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include: - diskdump support on HP Smart Array devices - netconsole/netdump support over bonded interfaces - new chipset and device support via PCI table updates - support for new "oom-kill" and "kscand_work_percent" sysctls - support for dual core processors and ACPI Power Management timers on AMD64 and Intel EM64T systems There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include kswapd, inode handling, the SATA subsystem, diskdump handling, ptrace() syscall support, and signal handling. The following device drivers have been upgraded to new versions: 3w-9xxx ---- 2.24.03.008RH cciss ------ 2.4.58.RH1 e100 ------- 3.4.8-k2 e1000 ------ 6.0.54-k2 emulex ----- 7.3.2 fusion ----- 2.06.16i.01 iscsi ------ 3.6.2.1 ipmi ------- 35.4 lpfcdfc ---- 1.2.1 qlogic ----- 7.05.00-RH1 tg3 -------- 3.27RH The following security bugs were fixed in this update: - a flaw in syscall argument checking on Itanium systems that allowed a local user to cause a denial of service (crash) (CAN-2005-0136) - a flaw in stack expansion that allowed a local user of mlockall() to cause a denial of service (memory exhaustion) (CAN-2005-0179) - a small memory leak in network packet defragmenting that allowed a remote user to cause a denial of service (memory exhaustion) on systems using netfilter (CAN-2005-0210) - flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems that allowed a local user to cause a denial of service (crash) (CAN-2005-0756, CAN-2005-1762, CAN-2005-2553) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CAN-2005-0815) - a flaw in ptrace() syscall handling on Itanium systems that allowed a local user to cause a denial of service (crash) (CAN-2005-1761) - a flaw in the alternate stack switching on AMD64 and Intel EM64T systems that allowed a local user to cause a denial of service (crash) (CAN-2005-1767) - race conditions in the ia32-compat support for exec() syscalls on AMD64, Intel EM64T, and Itanium systems that could allow a local user to cause a denial of service (crash) (CAN-2005-1768) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CAN-2005-2456, CAN-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CAN-2005-2490) - flaws in unsupported modules that allowed denial-of-service attacks (crashes) or local privilege escalations on systems using the drm, coda, or moxa modules (CAN-2004-1056, CAN-2005-0124, CAN-2005-0504) - potential leaks of kernel data from jfs and ext2 file system handling (CAN-2004-0181, CAN-2005-0400) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Solution Before applying this update, make sure that all previously released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-37.EL.src.rpm e6108d7306a287a840f7c30bfeccba75 IA-32: kernel-2.4.21-37.EL.athlon.rpm 24024fe9b3193481b6b21f867fcfc781 kernel-2.4.21-37.EL.i686.rpm 0003c5fe364b249f78be426c4a62fcf5 kernel-BOOT-2.4.21-37.EL.i386.rpm 18e3b2c8d83e231c643838ce400ca0bb kernel-doc-2.4.21-37.EL.i386.rpm b5edf6be7d814b24d0bf5a3628c18cbc kernel-hugemem-2.4.21-37.EL.i686.rpm d4719d3183bf1ca319532aa2a9ebe9c4 kernel-hugemem-unsupported-2.4.21-37.EL.i686.rpm 76446bd5fc2667445be1bca8dda588b4 kernel-smp-2.4.21-37.EL.athlon.rpm 508cf0f34c04da1b911621aeb1070321 kernel-smp-2.4.21-37.EL.i686.rpm 2bdfc7a71802f60d1c844d5137dcc255 kernel-smp-unsupported-2.4.21-37.EL.athlon.rpm 1882c97258377bef50b9db0df4a5cf9f kernel-smp-unsupported-2.4.21-37.EL.i686.rpm 03581f6d868efb9e5bce35625b5d8daa kernel-source-2.4.21-37.EL.i386.rpm ae7bad600f1d8963f734168436e18db2 kernel-unsupported-2.4.21-37.EL.athlon.rpm 72e0653010d19e8ed68c6732f6e2b271 kernel-unsupported-2.4.21-37.EL.i686.rpm d62ebb552a8b47ac1b117c762d05ba73 x86_64: kernel-2.4.21-37.EL.ia32e.rpm 931b4ddb3af86aac5b801bd2587eb723 kernel-2.4.21-37.EL.x86_64.rpm 8d1adc29f437dc5cf62ec08d3da6ae53 kernel-doc-2.4.21-37.EL.x86_64.rpm 9460d2e2df9b07a0af26eb69896adc44 kernel-smp-2.4.21-37.EL.x86_64.rpm aa025df62ceb220adbf5aea14cc10e6e kernel-smp-unsupported-2.4.21-37.EL.x86_64.rpm 9c442639c8e232b3aee13c163a82e848 kernel-source-2.4.21-37.EL.x86_64.rpm 6da838c902259f34e4d371c950e9a6d9 kernel-unsupported-2.4.21-37.EL.ia32e.rpm 53b7464a7fcdbfefb6f3e0da044cea0f kernel-unsupported-2.4.21-37.EL.x86_64.rpm 3f266854de88d229ca1831bf2e476787 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-37.EL.src.rpm e6108d7306a287a840f7c30bfeccba75 IA-32: kernel-2.4.21-37.EL.athlon.rpm 24024fe9b3193481b6b21f867fcfc781 kernel-2.4.21-37.EL.i686.rpm 0003c5fe364b249f78be426c4a62fcf5 kernel-BOOT-2.4.21-37.EL.i386.rpm 18e3b2c8d83e231c643838ce400ca0bb kernel-doc-2.4.21-37.EL.i386.rpm b5edf6be7d814b24d0bf5a3628c18cbc kernel-hugemem-2.4.21-37.EL.i686.rpm d4719d3183bf1ca319532aa2a9ebe9c4 kernel-hugemem-unsupported-2.4.21-37.EL.i686.rpm 76446bd5fc2667445be1bca8dda588b4 kernel-smp-2.4.21-37.EL.athlon.rpm 508cf0f34c04da1b911621aeb1070321 kernel-smp-2.4.21-37.EL.i686.rpm 2bdfc7a71802f60d1c844d5137dcc255 kernel-smp-unsupported-2.4.21-37.EL.athlon.rpm 1882c97258377bef50b9db0df4a5cf9f kernel-smp-unsupported-2.4.21-37.EL.i686.rpm 03581f6d868efb9e5bce35625b5d8daa kernel-source-2.4.21-37.EL.i386.rpm ae7bad600f1d8963f734168436e18db2 kernel-unsupported-2.4.21-37.EL.athlon.rpm 72e0653010d19e8ed68c6732f6e2b271 kernel-unsupported-2.4.21-37.EL.i686.rpm d62ebb552a8b47ac1b117c762d05ba73 IA-64: kernel-2.4.21-37.EL.ia64.rpm 70a3b87f906126d91ef2264a0f6650ee kernel-doc-2.4.21-37.EL.ia64.rpm f7ca10f3a01c71e5ab23adaaab35ef62 kernel-source-2.4.21-37.EL.ia64.rpm 49d6534a07e3946873f8999da8f59887 kernel-unsupported-2.4.21-37.EL.ia64.rpm 6c3798182a8469f2cbfb2be8af76fd9a PPC: kernel-2.4.21-37.EL.ppc64iseries.rpm 5b863fa036a70582198cbf2fc136be46 kernel-2.4.21-37.EL.ppc64pseries.rpm eda3399747f8e54c36c5e230811ea9fc kernel-doc-2.4.21-37.EL.ppc64.rpm 6985b82adc890f8873591266a9da4070 kernel-source-2.4.21-37.EL.ppc64.rpm e2d499ed6fd904e5a672b7330d7fef72 kernel-unsupported-2.4.21-37.EL.ppc64iseries.rpm dda7e7baefb028e6e6341f15d1f7c9bf kernel-unsupported-2.4.21-37.EL.ppc64pseries.rpm e06a22a694d8b3825227a779460527a1 s390: kernel-2.4.21-37.EL.s390.rpm ec0162d8a6aa2486413d16b358728647 kernel-doc-2.4.21-37.EL.s390.rpm bf545a3700abd36242230248b6f49a34 kernel-source-2.4.21-37.EL.s390.rpm 60fffc4834ab716aee3d7d70cf21e79f kernel-unsupported-2.4.21-37.EL.s390.rpm 69204c00d6dbb585d6c62441ab6d87fe s390x: kernel-2.4.21-37.EL.s390x.rpm ce3087f1eb23d676acb52870ef40fcfc kernel-doc-2.4.21-37.EL.s390x.rpm c90ba228d51e3ea9d8b00ac62958ac6b kernel-source-2.4.21-37.EL.s390x.rpm d9d6f9ea55db73544d5a7e41397d2c8f kernel-unsupported-2.4.21-37.EL.s390x.rpm 897d706f8bac2d870d3380d8edd6794f x86_64: kernel-2.4.21-37.EL.ia32e.rpm 931b4ddb3af86aac5b801bd2587eb723 kernel-2.4.21-37.EL.x86_64.rpm 8d1adc29f437dc5cf62ec08d3da6ae53 kernel-doc-2.4.21-37.EL.x86_64.rpm 9460d2e2df9b07a0af26eb69896adc44 kernel-smp-2.4.21-37.EL.x86_64.rpm aa025df62ceb220adbf5aea14cc10e6e kernel-smp-unsupported-2.4.21-37.EL.x86_64.rpm 9c442639c8e232b3aee13c163a82e848 kernel-source-2.4.21-37.EL.x86_64.rpm 6da838c902259f34e4d371c950e9a6d9 kernel-unsupported-2.4.21-37.EL.ia32e.rpm 53b7464a7fcdbfefb6f3e0da044cea0f kernel-unsupported-2.4.21-37.EL.x86_64.rpm 3f266854de88d229ca1831bf2e476787 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-37.EL.src.rpm e6108d7306a287a840f7c30bfeccba75 IA-32: kernel-2.4.21-37.EL.athlon.rpm 24024fe9b3193481b6b21f867fcfc781 kernel-2.4.21-37.EL.i686.rpm 0003c5fe364b249f78be426c4a62fcf5 kernel-BOOT-2.4.21-37.EL.i386.rpm 18e3b2c8d83e231c643838ce400ca0bb kernel-doc-2.4.21-37.EL.i386.rpm b5edf6be7d814b24d0bf5a3628c18cbc kernel-hugemem-2.4.21-37.EL.i686.rpm d4719d3183bf1ca319532aa2a9ebe9c4 kernel-hugemem-unsupported-2.4.21-37.EL.i686.rpm 76446bd5fc2667445be1bca8dda588b4 kernel-smp-2.4.21-37.EL.athlon.rpm 508cf0f34c04da1b911621aeb1070321 kernel-smp-2.4.21-37.EL.i686.rpm 2bdfc7a71802f60d1c844d5137dcc255 kernel-smp-unsupported-2.4.21-37.EL.athlon.rpm 1882c97258377bef50b9db0df4a5cf9f kernel-smp-unsupported-2.4.21-37.EL.i686.rpm 03581f6d868efb9e5bce35625b5d8daa kernel-source-2.4.21-37.EL.i386.rpm ae7bad600f1d8963f734168436e18db2 kernel-unsupported-2.4.21-37.EL.athlon.rpm 72e0653010d19e8ed68c6732f6e2b271 kernel-unsupported-2.4.21-37.EL.i686.rpm d62ebb552a8b47ac1b117c762d05ba73 IA-64: kernel-2.4.21-37.EL.ia64.rpm 70a3b87f906126d91ef2264a0f6650ee kernel-doc-2.4.21-37.EL.ia64.rpm f7ca10f3a01c71e5ab23adaaab35ef62 kernel-source-2.4.21-37.EL.ia64.rpm 49d6534a07e3946873f8999da8f59887 kernel-unsupported-2.4.21-37.EL.ia64.rpm 6c3798182a8469f2cbfb2be8af76fd9a x86_64: kernel-2.4.21-37.EL.ia32e.rpm 931b4ddb3af86aac5b801bd2587eb723 kernel-2.4.21-37.EL.x86_64.rpm 8d1adc29f437dc5cf62ec08d3da6ae53 kernel-doc-2.4.21-37.EL.x86_64.rpm 9460d2e2df9b07a0af26eb69896adc44 kernel-smp-2.4.21-37.EL.x86_64.rpm aa025df62ceb220adbf5aea14cc10e6e kernel-smp-unsupported-2.4.21-37.EL.x86_64.rpm 9c442639c8e232b3aee13c163a82e848 kernel-source-2.4.21-37.EL.x86_64.rpm 6da838c902259f34e4d371c950e9a6d9 kernel-unsupported-2.4.21-37.EL.ia32e.rpm 53b7464a7fcdbfefb6f3e0da044cea0f kernel-unsupported-2.4.21-37.EL.x86_64.rpm 3f266854de88d229ca1831bf2e476787 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-37.EL.src.rpm e6108d7306a287a840f7c30bfeccba75 IA-32: kernel-2.4.21-37.EL.athlon.rpm 24024fe9b3193481b6b21f867fcfc781 kernel-2.4.21-37.EL.i686.rpm 0003c5fe364b249f78be426c4a62fcf5 kernel-BOOT-2.4.21-37.EL.i386.rpm 18e3b2c8d83e231c643838ce400ca0bb kernel-doc-2.4.21-37.EL.i386.rpm b5edf6be7d814b24d0bf5a3628c18cbc kernel-hugemem-2.4.21-37.EL.i686.rpm d4719d3183bf1ca319532aa2a9ebe9c4 kernel-hugemem-unsupported-2.4.21-37.EL.i686.rpm 76446bd5fc2667445be1bca8dda588b4 kernel-smp-2.4.21-37.EL.athlon.rpm 508cf0f34c04da1b911621aeb1070321 kernel-smp-2.4.21-37.EL.i686.rpm 2bdfc7a71802f60d1c844d5137dcc255 kernel-smp-unsupported-2.4.21-37.EL.athlon.rpm 1882c97258377bef50b9db0df4a5cf9f kernel-smp-unsupported-2.4.21-37.EL.i686.rpm 03581f6d868efb9e5bce35625b5d8daa kernel-source-2.4.21-37.EL.i386.rpm ae7bad600f1d8963f734168436e18db2 kernel-unsupported-2.4.21-37.EL.athlon.rpm 72e0653010d19e8ed68c6732f6e2b271 kernel-unsupported-2.4.21-37.EL.i686.rpm d62ebb552a8b47ac1b117c762d05ba73 IA-64: kernel-2.4.21-37.EL.ia64.rpm 70a3b87f906126d91ef2264a0f6650ee kernel-doc-2.4.21-37.EL.ia64.rpm f7ca10f3a01c71e5ab23adaaab35ef62 kernel-source-2.4.21-37.EL.ia64.rpm 49d6534a07e3946873f8999da8f59887 kernel-unsupported-2.4.21-37.EL.ia64.rpm 6c3798182a8469f2cbfb2be8af76fd9a x86_64: kernel-2.4.21-37.EL.ia32e.rpm 931b4ddb3af86aac5b801bd2587eb723 kernel-2.4.21-37.EL.x86_64.rpm 8d1adc29f437dc5cf62ec08d3da6ae53 kernel-doc-2.4.21-37.EL.x86_64.rpm 9460d2e2df9b07a0af26eb69896adc44 kernel-smp-2.4.21-37.EL.x86_64.rpm aa025df62ceb220adbf5aea14cc10e6e kernel-smp-unsupported-2.4.21-37.EL.x86_64.rpm 9c442639c8e232b3aee13c163a82e848 kernel-source-2.4.21-37.EL.x86_64.rpm 6da838c902259f34e4d371c950e9a6d9 kernel-unsupported-2.4.21-37.EL.ia32e.rpm 53b7464a7fcdbfefb6f3e0da044cea0f kernel-unsupported-2.4.21-37.EL.x86_64.rpm 3f266854de88d229ca1831bf2e476787 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 116037 - Existence of race condition in Linux SD driver that leads to a deadlock 116317 - symbolic links have invalid permissions 116900 - RHEL3_U4 Data corruption in spite of using O_SYNC 119451 - System can hang while running multiple instances of fdisk 121041 - CAN-2004-0181 jfs infoleak 122982 - microcode_ctl errors with modprobe: Can't locate module char-major-10-184 123331 - LUN i not getting registered 128428 - Opteron gettimeofday granularity problem 128788 - RHEL3 U6: Diskdump support for Compaq Smart Array Controllers (cciss) 128907 - iostat -x 1 5 give bogus statistics... 129853 - RHEL3 U4: need netdump to work with the bonding driver 131029 - gart errors when using 2.4.21-15.0.3.EL.smp or -9.0.1 on AMD64 quad system 131136 - [Patch] Simultaneous calls to open() on a usb device hangs the kernel 131886 - __put_task_struct unresolved when loading externally compiled module 132754 - char-major-10-184 microcode error with kernel 2.4.21-15.ELhugemem 134579 - bogus data in /proc/partitions for IDE whole-disk device 137788 - Extraneous data in option name for scsi_mod 138192 - gart errors when using 2.4.21-20.EL on HP DL585 138534 - CAN-2004-1056 insufficient locking checks in DRM code 139033 - RHEL3 U5: netdump does not work over bonded interfaces 139113 - System hangs for 15-45 seconds on RHEL3 / kernel 2.4.21-20.EL 140849 - "fdisk -l" broken when over 26 EMC Powerpath disks 142263 - Only 16 EMC powerpath LUNs usable with LVM1 142532 - error unmounting /var filesystem while shutdown 142586 - Potential kernel DOS 142856 - 'ghosted' autofs shares disappear 142960 - Unable to umount /var during shutdown process when connected with ssh 143823 - [PATCH] Stale POSIX flock 144524 - CAN-2005-0179 RLIMIT_MEMLOCK bypass and (2.6) unprivileged user DoS 144781 - Kernel panic in shutdown path when iSCSI LUNs are mounted 145476 - netdump client/server problems 145551 - Use of bonding driver in mode 5 can cause multicast packet loss 145950 - high loads / high iowait / up 100% cpu time for kscand on oracle box 146080 - CAN-2005-0124 Coverity: coda fs flaw 146105 - CAN-2005-0504 moxa CAP_SYS_RAWIO missing (-unsupported) 146460 - Need openIPMI driver to work with IBM's x336 BMC [PATCH] 147823 - FEAT: RHEL3 U6: Enable dual-core processors from Intel 148862 - CAN-2005-0136 ptrace corner cases on ia64 149011 - Oracle 8 import of Oracle 9 database can lock system. 149405 - LTC13257-LTPstress sigaction01 Testcase Ends up Segmentation Fault [PATCH] 149636 - Kernel panic (EIP is at find_inode) 149691 - No data avaliable for eth card 149965 - panic at ia64_leave_kernel [kernel] 0x1 (2.4.21-27.EL) 150019 - Don't oom kill TASK_UNINTERRUPTIBLE processes 150130 - e1000 has memory leak when run continuously getting new dhcp leases. 150209 - Over time, autofs leaks kernel memory in the size-256 slab 151054 - kernel panic when bringing up and down multiple interfaces simultaneously 151488 - sk98lin driver drops udp packets 151920 - 8GB SMP servers appear to hang in VM subsystem under stress 152400 - CAN-2005-0400 ext2 mkdir() directory entry random kernel memory leak 152406 - CAN-2005-0815 isofs range checking flaws 153775 - [RHEL3-U6][Diskdump] Backtrace of OS_INIT doesn't work 154245 - RHEL3 U4 - kswapd/rpciod deadlock 154678 - [Texas Instruments] nfs bindresvport: Address already in use 154797 - [RHEL3 U6] diskdump fails with block_order=8 154925 - [RHEL3 U6] Diskdump fails if module parameter 'block_order' has too big value 155244 - Kernel Panics on kernel 2.4.21-27 155259 - [LSI Logic] Feature RHEL: Add mpt fusion SAS support, and new PCI IDs 155289 - [RHEL 3 U6]inode_lock deadlock/race? 155365 - 20041216 ROSE ndigis verification 155473 - ext3 data corruption under Samba share 155978 - CAN-2005-1762 x86_64 sysret exception leads to DoS 156142 - kernel may oops if more than 4k worth of string data returned in /proc/devices 156364 - [RHEL3] IPv6 Neighbor Cache : RHEL 3.0 does not update the IsRouter flag in the cache entry and improperly remove router from the Default Router List. 156608 - [RHEL3 U4] The system clock gains much time when netconle is activated. 156644 - CRM 479318 Unexpected IO-APIC on Opteron system 156831 - sd _mod doesn't handle removable drives (USB floppy) well 156923 - PPC64 not setting backchain in signal frames 156985 - FEAT: RHEL3 U6: cciss driver updates (STOPSHIP) 156989 - FEAT: RH EL 3 U6: diskdump driver 156991 - RHEL3 U6: Add 'ht' flag in EM64T /proc/cpuinfo [PATCH] 156993 - FEAT: RHEL3 U6: Add ICH4L support to kernel (MEDIUM) 156994 - 529692 - /proc/stat documentation is out of date. 156998 - RHEL 3 U6: Use of Performance Monitoring Counters based on Model number (x86-64) 157075 - When an AX100i SP reboot occurs, the Cisco iSCSI driver doesnt log back into array. 157434 - FEAT RHEL3 U6: Need e1000 driver Update to v.6.0.54 or higher (MUSTFIX) 157439 - LTC14642-NetDump is too slow to dump...[PATCH] 157446 - [RFE] [RHEL3 U6]Update 3w-9xxx driver 157571 - [CRM 511714] bonding and arp ping failure detection 157669 - attempt to access beyond end of device: ext2 symlink/EA problem 157846 - Potential kernel panic with stale POSIX locks 157849 - IPVS panic at ip_vs_conn_flush() when unloading ip_vs module 158358 - Updated Qlogic driver is requested in RHEL 3 U6 158456 - Update Emulex driver in RHEL 3 U6 158457 - Long tape commands (e.g. erase) timeout on dpt_i2o. 158459 - RHEL 3 configures non-existent SCSI target devices 158581 - FEAT RHEL3U6: new devices supported by tg3 (STOPSHIP) 158724 - CAN-2005-0210 dst leak 158814 - FEAT: [RHEL3 U6] add PCI_VENDOR_ID_NEC to megaraid subsysvid 158817 - Adding 3pardata to the scsi device whitelist 158877 - [RHEL3 U4] setsockopt SO_RCVTIMEO call fails from a 32 bit binary running on a x86_64 system 158880 - [Patch] RHEL3 U6: lower severity of blk: queue xxxx printks (~MF) 159045 - CAN-2005-1767 x86_64 crashes from context switches on stk-seg-fault stack 159300 - FEAT: RHEL3 U6: Update e100 driver to later than v.3.4.1 159330 - x86_64 kernel stops allocating memory too early when overcommit_memory set to strict 159420 - RHEL3 U6: ESB2 support (PATA, SATA, USB, SMBUS, LPC, Audio and AHCI) 159790 - ptrace changes to registers during ia32 syscall tracing stop are lost 159814 - x86-64 PTRACE_SETOPTIONS does not support most option flags 159823 - CAN-2005-1761 local user can use ptrace to crash system 159915 - CAN-2005-1762 x86_64 crash (ptrace-canonical) 159917 - CAN-2005-0756 x86_64 crash (ptrace-check-segment) 159938 - Diskdump disk controllers support 159979 - Fix dangling pointer in acpi_pci_root_add() 159989 - [RHEL3][PATCH] suppress medum-not-present messages from idefloppy 159991 - [taroon patch] fix for indefinite postponement under __alloc_pages() 159992 - Add docs detailing which drivers support netconsole 159993 - CAN-2005-2553 x86_64 fix for 32-bit ptrace find_target() oops 160093 - [RHEL3][PATCH] suppress medum-not-present messages from idefloppy 160199 - CAN-2005-1768 64bit execve() race leads to buffer overflow 160392 - Memory Leak in autofs 160400 - The AHCI driver was incorrectly resetting the hardware on error 160495 - RHEL 3 U5 code base contains duplicate USB ESSENTIAL_REALITY 160664 - cable link state ignored on ethernet card (b44). 160752 - accounting of SETITIMER_PROF inaccurate 160799 - Kernel panic: pci_map_single: high address but no IOMMU. 160820 - nVidia driver requires upstream page_attr patch 161097 - CRM 565876: samba-3.0.8pre1-smbmnt.patch to fix smbmount UID wraparound bug for RHEL3 Samba packages 161238 - superbh function causing a server to crash when Veritas Volume Manager Modules for VxVM 4.0 are loaded. 161657 - iscsi_sfnet driver does not calculate ConnFailTimeout correctly when greater than 15 secs 161957 - CRM: 507606 / short freezes on Informix server 161986 - RHEL3 U5 panic in kmem_cache_grow 162103 - add SGI scsi devices to list in scsi_scan.c 162603 - dpt_i2o driver oopses on insmod in U5 163152 - Initiator does not retry login on target error when PortalFailover is disabled 164074 - Placeholder for 2.4.x SATA update 20050723-1 164185 - rpm install of -33.EL on ia64 gets unresolved pm_power_off symbol 164226 - User-mode program run on IA64 AS 3.0 causes system to crash due to invalid stack pointer 164819 - [RHEL3U6] diskdump - scsi dump fails with module CRC error 165467 - [RHEL3 U6] Fix to update openipmi drivers for Dell 8G server line (MUSTFIX) 165565 - CAN-2005-2456 IPSEC overflow 165739 - LTC14996-IPMI driver is broken on multiple platforms 165841 - [RHEL3U6] diskdump fails with machine check error on x86_64 165850 - Disable FAN processing in Emulex lpfc driver 165866 - Add Invista to RHEL 3 SCSI Whitelist 165993 - NFS deadlock when multiple processes creating/deleting a file 166066 - IBM TapeLibrary 3583 166132 - CAN-2005-2555 IPSEC lacks restrictions 166172 - Kernel crash on 2.4.21-34 base due to kiobuf_init() setting the initialized state when expand_kiobuf() was not called. 166329 - CAN-2005-2490 sendmsg compat stack overflow 167047 - cciss, add pci id for P400 167222 - [BETA RHEL3 U6] kernel panic while booting numa=off on x86_64 167265 - drivers/addon/lpfc/lpfcdfc/Makefile change causing intermittent build failures 167369 - [RHEL3] cosmetic change to IPMI drivers to update version revision number 79086 - Request for enhancement for callback function 98542 - iostat -x shows infeasible avgqu-sz results and max util 99502 - LTC3549 - ps wchan broken References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555 Keywords kernel, taroon, update -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2005:663-19 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-308: 'kcheckpass' Vulnerability P-309: VERITAS Storage Exec DCOM Server Buffer Overflows P-310: Firefox Security Update P-311: Mozilla Security Update P-312: Apple Security Update 2005-008 P-313: Courier P-314: HelixPlayer Security Update P-315: Security Vulnerability in the Xsun(1) and Xprt(1) Commands P-316: TWiki INCLUE Function Allows Arbitrary Shell Command Execution P-317: Binutils Security Update