Solution
Please Install the Updated Packages.
Insight
The kernel packages contain the Linux kernel, the core of any Linux operating system.
* Olaf Kirch reported a flaw in the i915 kernel driver that only affects the Intel G33 series and newer. This flaw could, potentially, lead to local privilege escalation. (CVE-2008-3831, Important)
* Miklos Szeredi reported a missing check for files opened with O_APPEND in the sys_splice(). This could allow a local, unprivileged user to bypass the append-only file restrictions. (CVE-2008-4554, Important)
* a deficiency was found in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This could lead to a possible denial of service if one end of a SCTP connection did not support the AUTH extension.
(CVE-2008-4576, Important)
In addition, these updated packages fix the following bugs:
* on Itanium® systems, when a multithreaded program was traced using the command "
strace -f"
, messages similar to the following ones were displayed, after which the trace would stop:
PANIC: attached pid 10740 exited
PANIC: handle_group_exit: 10740 leader 10721
PANIC: attached pid 10739 exited
PANIC: handle_group_exit: 10739 leader 10721
...
In these updated packages, tracing a multithreaded program using the "
strace -f"
command no longer results in these error messages, and strace terminates normally after tracing all threads.
* on big-endian systems such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255.
* when using an NFSv4 file system, accessing the same file with two separate processes simultaneously resulted in the NFS client process becoming unresponsive.
* on AMD64 and Intel® 64 hypervisor-enabled systems, in cases in which a syscall correctly returned '-1' in code compiled on Red Hat Enterprise Linux 5, the same code, when run with the strace utility, would incorrectly return an invalid return value. This has been fixed so that on AMD64 and Intel® 64 hypervisor-enabled systems, syscalls in compiled code return the same, correct values as syscalls do when run with strace.
* on the Itanium® architecture, fully-virtualized guest domains which were created using more than 64 GB of memory caused other guest domains not to receive interrupts, which caused a soft lockup on other guests. All guest domains are now able to receive interrupts regardless of their allotted memory.
* when user-space used SIGIO notification, which wasn't disabled ...
Description truncated, for more information please check the Reference URL
Affected
kernel on Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3831, CVE-2008-4554, CVE-2008-4576 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities