7.8 - RHSA-2006:0437

Problem Description:

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the eighth regular update.

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This is the eighth regular kernel update to Red Hat Enterprise Linux 3.

New features introduced by this update include:

- addition of the adp94xx and dcdbas device drivers
- diskdump support on megaraid_sas, qlogic, and swap partitions
- support for new hardware via driver and SCSI white-list updates

There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3.

There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems, and architecture-specific handling affecting AMD Opteron and Intel EM64T processors.

The following device drivers have been added or upgraded to new versions:

adp94xx -------- 1.0.8 (new)
bnx2 ----------- 1.4.38
cciss ---------- 2.4.60.RH1
dcdbas --------- 5.6.0-1 (new)
e1000 ---------- 7.0.33-k2
emulex --------- 7.3.6
forcedeth ------ 0.30
ipmi ----------- 35.13
qlogic --------- 7.07.04b6
tg3 ------------ 3.52RH

The following security bugs were fixed in this update:

- a flaw in the USB devio handling of device removal that allowed a
local user to cause a denial of service (crash) (CVE-2005-3055,
moderate)

- a flaw in the exec() handling of multi-threaded tasks using ptrace()
that allowed a local user to cause a denial of service (hang of a
user process) (CVE-2005-3107, low)

- a difference in "sysretq" operation of EM64T (as opposed to Opteron)
processors that allowed a local user to cause a denial of service
(crash) upon return from certain system calls (CVE-2006-0741 and
CVE-2006-0744, important)

- a flaw in unaligned accesses handling on Intel Itanium processors
that allowed a local user to cause a denial of service (crash)
(CVE-2006-0742, important)

- an info leak on AMD-based x86 and x86_64 systems that allowed a local
user to retrieve the floating point exception state of a process
run by a different user (CVE-2006-1056, important)

- a flaw in IPv4 packet output handling that allowed a remote user to
bypass the zero IP ID countermeasure on systems with a disabled
firewall (CVE-2006-1242, low)

- a minor info leak in socket option handling in the network code
(CVE-2006-1343, low)

- a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT
processing that allowed a remote user to cause a denial of service
(crash) or potential memory corruption (CVE-2006-2444, moderate)

Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

97000 - i8253 count too high! resetting... 102504 - cannot reboot on Dell 6450 with RHEL 3 102973 - i8253 count too high 103024 - "i8253 count too high! resetting.." ? 119457 - panics in generic_aio_complete_rw and unmap_kvec after __iodesc_free calls generic_aio_complete_read() 127689 - Reboot fails on Dell PowerEdge 6450 129477 - kernel panic in umount 131881 - clock_gettime() triggers audit kill from i386 binary on x86_64 132105 - autofs (automount) failover does not work 132994 - kernel oops when unplugging usb serial adapter using pl2303 and mct_u232 134555 - System hangs when rebooting Dell PE6450 134736 - kernel panic in md driver (md lacks proper locking of device lists) 142718 - [PATCH] [RHEL3] dpt_i2o modules in RHEL gets oops 146789 - Implement a better solution to the dma memory allocation done in the kernel 146954 - megaraid2 driver fails to recognize all LSI RAID adapters when there are more than 4 with >=4GB 149732 - Hang with radeon driver when DRM DRI actve 152630 - timer interrupt received twice on ATI chipset motherboard, clock runs at double speed 153954 - kernel panic when removing active USB serial converter used as serial console 154680 - Kernel panic on 8GB machines under stress running e1000 diagnostics 157667 - I/O Errors when swtiching Blade USB Media Tray 159862 - kernel oops with usbserial (minicom key pressed) 160600 - Accessing automounted directories can cause a process to hang forever 165246 - EHCI Host driver violates USB2.0 Specification leading to device failures. 167636 - Unable to unmount a local file system exported by NFS 167672 - GART error during bootup 167839 - kernel crashes with an Ooops 169261 - CVE-2005-3055 async usb devio oops 170261 - CVE-2005-3107 zap_threads DoS 171277 - MCE arg parsing broken on x86-64 174818 - [PATCH] bonding: don't drop non-VLAN traffic 175143 - sys_io_setup() can leak an mm reference on failure 175759 - Reboot of Dell 6450 fails 177451 - Kernel panic : Unable to handle kernel paging request at virtual address 6668c79a 177571 - [RHEL3] [RFE] forcedeth driver on xw9300 has minimal support for ethtool and mii-tool 178119 - [RHEL3] dump_stack() isn't implemented on x86_64 178131 - syslog-only netdump still tries to dump memory 178885 - bonding mode=6 + dhcp doesn't work correctly 179657 - Intermittently unable to mount NFS filesystem using autofs --ghost 180968 - Data corruption in ext3 FS when running hazard (corrupt inodes) 181815 - Phantom escalating load due to flawed rq->nr_uninterruptible increment 182961 - IBM x336, x260, and x460 requires acpi=noirq bootup option. 182996 - ST Tape Driver Bug!! 183881 - kernel/libc type mismatch on siginfo_t->si_band - breaks FAM on 64bit arches 185183 - Kernel BUG at pci_dma:43 encountered 185735 - BNX2 Patch in 2.4.21-40.EL kills "Network Device Support" config menu 186058 - CVE-2006-1242 Linux zero IP ID vulnerability? 186244 - CVE-2006-1343 Small information leak in SO_ORIGINAL_DST 186307 - RHEL3U7 fails installation using RSA(2). 186455 - Submission of a patch for non-sequential LUN mapping 186901 - make menuconfig crashes 187548 - IPMI startup race condition 187911 - CVE-2006-1056 FPU Information leak on i386/x86-64 on AMD CPUs 192633 - CVE-2006-2444 SNMP NAT netfilter memory corruption 196938 - [Beta RHEL3 U8 Regression] Processes hung while allocating stack using gdb