5 - RHSA-2006:0144

Problem Description:

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the seventh regular update.

This security advisory has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This is the seventh regular kernel update to Red Hat Enterprise Linux 3.

New features introduced by this update include:

- addition of the bnx2, dell_rbu, and megaraid_sas device drivers
- support for multi-core, multi-threaded Intel Itanium processors
- upgrade of the SATA subsystem to include ATAPI and SMART support
- optional tuning via the new numa_memory_allocator, arp_announce,
and printk_ratelimit sysctls

There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3.

There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the VM subsystem, NPTL handling, autofs4, the USB subsystem, CPU enumeration, and 32-bit-exec-mode handling on 64-bit architectures.

The following device drivers have been upgraded to new versions:

aacraid -------- 1.1.5-2412
bnx2 ----------- 1.4.30 (new)
dell_rbu ------- 2.1 (new)
e1000 ---------- 6.1.16-k3
emulex --------- 7.3.3
fusion --------- 2.06.16.02
ipmi ----------- 35.11
megaraid2 ------ v2.10.10.1
megaraid_sas --- 00.00.02.00 (new)
tg3 ------------ 3.43RH

The following security bugs were fixed in this update:

- a flaw in gzip/zlib handling internal to the kernel that allowed
a local user to cause a denial of service (crash)
(CVE-2005-2458,low)

- a flaw in ext3 EA/ACL handling of attribute sharing that allowed
a local user to gain privileges (CVE-2005-2801, moderate)

- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data
(CVE-2005-3276, low)

Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

112004 - pppd receives error "Couldn't get channel number: bad address" 112066 - RHEL3 U5: Support for SATA features of ICH6R (for U3, AHCI only) 117067 - RHEL3 U3: ICH6 SATA support in ACHI mode 122256 - RHEL3 U6: SATA ATAPI support (HW) 125642 - kernel's Makefile not suited for long directory paths 128015 - RHEL3 U4: SATA AHCI (ICH6) 129265 - kernel panic when repeatedly accessing /proc/bus/usb/devices and hot-swapping usb device 130387 - Processes with Large memory requirment causes swap usage with free memory is present. 130489 - kernel kills db2 processes because of OOM error on RHEL Update2 and Update3 130712 - RHEL3 U7: Add SMART capabilities to libata. 131295 - Hugepages configured on kernel boot line causes x86_64 kernel boot to fail with OOM. 132547 - oops when "scsi add-single-device" sent to /proc/scsi/scsi using aic79xx 134506 - [RHEL3 U3] kernel BUG at exit.c:620! 136583 - LTC18371- [RHEL3 U4]cpu_sibling_map[] is incorrect on x445/x440 137101 - 'noht' does not work for ia32e 137344 - Cannot disable hyperthreading on x86_64 platform 137998 - autofs removes leading path components of /net mounts on timeout 138730 - LTC12369-In RHEL 3 U4 -- top command gave segmentation fault 142579 - Viper: install kernel panics on DP system with 4GB all on cpu#2 144033 - [RHEL3] poll() seems to ignore large timeout 145596 - SMART support in SATA driver 146663 - pl2303 kernel module doesn't work with 'Aten UC-232A' 147870 - O_DIRECT to sparse areas of files give incomplete writes 150559 - Can't install RHEL3 on system with Adaptec AAR 1210SA SATA controller (sata_sil - siimage problem) 152103 - RHEL3 U5: rhgb-client shows illegal instruction and fails. 152650 - aacraid driver in RHEL 3 U4 em64t causes kernel panic 154028 - megaraid2 driver causes panic if loaded for a second time 154385 - Crash on relocated automounts with --bind 156396 - System crash when dump or tar 64k blocksize to tape from raid 156397 - LTC13414-32-bit ping6 on 64-bit kernel not working 156645 - [RHEL3 U5] fails to boot installer on multiple platforms 156987 - FEAT: RHEL3 U5: need hint@pause in ia64 spinloops 156988 - FEAT RHEL3 U7 IPF - performance improvement for the system which CPEI occur continuously. 156999 - RHEL 3 U6: Support for cache identification through 'Deterministic Cache Parameters' [cpuid(4)] 157006 - [ CRM 488904 ] driver update for Adaptec 2410SA needed (1.1.5-2361 > 1.1.5-2371 or higher) 158819 - RHEL3 does not support USBDEVFS 32-bit ioctls on x86_64 158821 - Advanced server 3 ARP timeout messages 159326 - RSS limited to 1.8GB if process pinned to one CPU 159523 - [RHEL3] Does not boot on system with ACPI table crossing page boundary 159874 - [RHEL 3 U5] adding hotplug drive causes kernel panic 159977 - [RHEL3] vi --- files getting deleted 160009 - agpgart will not load for kernel 2.4.21-32 on tyan S2885 motherboard with AMD-8151 agp tunnel 160337 - Keyboard "jammed" during smp runlevel 5 boot on IBM HS20-8843 BladeServer 160539 - [RHEL3] hidden bomb of kmap_atomic/kunmap_atomic bug? 161056 - CVE-2005-2801 Lost ACLs on ext3 161160 - Reproducable panic in mdadm multipathing 161188 - Sometimes data/bss can be executable 161336 - xserver issue on blade center 161866 - Race condition accessing PCI config space 161875 - autofs doesn't remount if nfs server is unreachable at expire time 162065 - aacraid driver hangs if Adaptec 2230SLP array not optimal 162212 - st causes system hang and kernel panic when writing to tape on x86_64 162271 - Problem with b44: SIOCSIFFLAGS: Cannot allocate memory 162417 - (VM) Excessive swapping when free memory is ample 162683 - [RHEL3 and RHEL2.1] ps command core dump 162735 - LTC8356-LSB runtime testcase T.c_oflag_X failed [PATCH] 163176 - Endless loop printing traceback during kernel OOPs 163184 - Explain why the SCSI inquiry is not being returned from the sd for nearly 5 minutes 163239 - [RHEL3] change_page_attr may set _PAGE_NX for kernel code pages 163307 - LTC13178-panic on i5 - sys_ppc32.c 32 bit sys_recvmsg corrupting kernel data structures 163381 - RHEL3U5 x86-64 : xw9300 & numa=on swaps behaviour is unexpected 163901 - FEAT: RHEL3 U6: ia64 multi-core and multi-threading detection 163929 - [RHEL3] [x86_64/ia64] sys_time and sys_gettimeofday disagree 164206 - U5 beta encounters NMI watchdog on Celestica Quartet with 4 Opteron 875 dualcores 164304 - [RHEL3 U5] __wtd_down_from_wakeup not in EL3 ia64 tree 164438 - LTC12403-CMVC482920:I/O errors caused by eeh error injection-drive unavailable 164580 - NFS lockd deadlock 164795 - /usr/src/linux-2.4.21-32.EL/Documentation/networking/e100.txt contians bad info 164828 - RHEL 3 - request to add bnx2 driver 165006 - acct does not have Large File Support 165119 - FEAT RHEL3U7: Need Intel e1000 driver update for the Dell Ophir/Rimon based PCI-E NICs 165364 - SMP kernel does not honor boot parameter "noht" 165412 - [RHEL3] The system hangs when SysRq + c is pressed 165453 - Panic after ENXIO with usb-uhci 165475 - Problem removing a USB device 165680 - CVE-2005-2458 gzip/zlib flaws 165825 - Inquiry (sg) command hang after a write to tape with mptscsi driver 165989 - The msync(MS_SYNC) call should fail after cable pulled from scsi disk 166345 - HA NFS Cluster Problem 166363 - cciss disk dump hangs if module is ever unloaded/reloaded 166364 - Erratic behaviour when system fd limit reached 166578 - aacraid driver needs to be updated to support IBM ServeRAID 8i 166583 - aacraid driver needs to be updated to support IBM ServeRAID 8i 166600 - CRM619504: setrlimit RLIMIT_FSIZE limited to 32-bit values, even on 64-bit kernels 166669 - [RHEL3 U5] waitpid() returns unexpected ECHILD 167674 - RHEL3: need updated forcedeth.o driver? 167800 - CRM648268: kernel reporting init process cutime as very large negative value 167942 - FEAT RHEL3 U7: Need 'bnx2' driver inclusion to support Broadcom 5708C B0 NIC and 5708S BO LOM 168226 - FEAT RHEL3 U7: LSI megaraid_sas driver 168293 - Potential netconsole regression in transmit path 168315 - LTC17567-Fields 'system_potential_processor' and 'partition_max_entiteled_capacity' fields are missing from lparcfg file 168358 - FEAT RHEL3 U7: ipmi driver speedup patch 168359 - FEAT RHEL3 U7: ipmi_poweroff driver update for Dell <8G servers 168390 - Large O_DIRECT write will hang system (MPT fusion) 168392 - kill -6 of multi-threaded application takes 30 minutes to finish 168474 - FEAT RHEL3-U7: Support for HT1000 IDE chipset needed 168541 - RHEL3 U7: x86_64: Remove unique APIC/IO-APIC ID check 168581 - RH EL 3 U7: add support for Broadcom 5714 and 5715C NICs 168597 - FEAT RHEL3 U7: add dell_rbu driver for Dell BIOS updates 168603 - FEAT RHEL3 U7: Need TG3 update to support Broadcom 5721 C1 stepping 168681 - kernel BUG at page_alloc.c:391! 168780 - CVE-2005-3276 sys_get_thread_area minor info leak 168795 - RHEL3U7: ipmi driver fix for PE2650 168896 - LSI MegaRAID RHEL3 Feature - Updated SCSI driver submission 169230 - nfs client: handle long symlinks properly 169294 - [RHEL3 U6] __copy_user/memcpy causes random kernel panic on IA-64 systems 169393 - CRM# 685278 scsi scan not seeing all luns when one lun removed 169511 - [RHEL3] 'getpriority/setpriority' broken with PRIO_USER, who=0 169662 - [RHEL3 U5] Performance problem while extracting tarballs on Fujitsu Siemens Computing D1409, Adaptec S30 array, connected to an aacraid controller. 169992 - LTC18779-Lost dirty bit in kernel memory managment [PATCH] 170429 - RHEL-3: 'physical id' field in /proc/cpuinfo incorrect on AMD-64 hosts 170440 - [RHEL3 U5] Kernel crashing, multiple panics in aacraid driver 170446 - [RHEL3 U7] netdump hangs in processing of CPU stop after diskdump failed. 170529 - LTC17955-82222: Support for Serverworks chipset HT2000 Ethernet Driver (BCM5700 & TG3) 170561 - Broadcom 5706/5708 support 170633 - System Stops responding with "queue 6 full" messages 171129 - RedHat / XW9300 / system panic when logout from GNOME with USB mouse 171377 - LTC18818-pfault interupt race 172233 - rename(2) onto an empty directory fails on NFS file systems 172334 - Invalid message 'Aieee!!! Remote IRR still set after unlock' 172664 - Updated header file with modified author permissions 173280 - New icache prune export 174005 - Update Emulex lpfc driver for RHEL 3 175017 - Assertion failed! idx >= ARRAY_SIZE(xfer_mode_str),libata-core.c,ata_dev_set_mode,line=1673 175154 - [RHEL3 U6] IOs hang in __wait_on_buffer when segments > 170 175211 - Multicast domain membership doesn't follow bonding failover 175365 - LTC19816-Cannot see a concho adapter on U7 kernel 175624 - [RHEL3 U7 PATCH] LSI PCI Express chips to operate properly 175625 - [RHEL3 U7] x86-64: Can't boot with 16 logical processors 175767 - Installer appears to hang when loading mptbase module 176264 - x366 NMI error logged in infinite loop - [crm#769552] Possible regression U7 beta 177023 - CRM 724200: when an active USB serial port device is removed, the system panics and locks up. 177573 - autofs doesn't attempt to remount failed mount points 177691 - negative dentry caching causes long delay when dentry becomes valid 179168 - RHEL3U7Beta-32: Booting/Installing with SATA ATAPI Optical panics