Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated packages fix the following security issues :

* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)

* Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang).
(CVE-2008-2365, Important)

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.
(CVE-2008-0598, Important)

* It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption.
(CVE-2008-1367, Low)

As well, these updated packages fix the following bug :

* On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang.

Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Updated kernel packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated packages fix the following security issues :

* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.
(CVE-2008-0598, Important)

* Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate)

As well, these updated packages fix the following bug :

* Due to a regression, 'gettimeofday' may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

From Red Hat Security Advisory 2008:0519 :

Updated kernel packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated packages fix the following security issues :

* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.
(CVE-2008-0598, Important)

* Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate)

As well, these updated packages fix the following bug :

* Due to a regression, 'gettimeofday' may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

These updated packages fix the following security issues :

  - A security flaw was found in the Linux kernel memory     copy routines, when running on certain AMD64 systems. If     an unsuccessful attempt to copy kernel memory from     source to destination memory locations occurred, the     copy routines did not zero the content at the     destination memory location. This could allow a local     unprivileged user to view potentially sensitive data.
    (CVE-2008-2729, Important)

  - Tavis Ormandy discovered a deficiency in the Linux     kernel 32-bit and 64-bit emulation. This could allow a     local unprivileged user to prepare and run a specially     crafted binary, which would use this deficiency to leak     uninitialized and potentially sensitive data.
    (CVE-2008-0598, Important)

  - Brandon Edwards discovered a missing length validation     check in the Linux kernel DCCP module reconciliation     feature. This could allow a local unprivileged user to     cause a heap overflow, gaining privileges for arbitrary     code execution. (CVE-2008-2358, Moderate)

As well, these updated packages fix the following bug :

  - Due to a regression, 'gettimeofday' may have gone     backwards on certain x86 hardware. This issue was quite     dangerous for time-sensitive systems, such as those used     for transaction systems and databases, and may have     caused applications to produce incorrect results, or     even crash.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2007-6282     Dirk Nehring discovered a vulnerability in the IPsec     code that allows remote users to cause a denial of     service by sending a specially crafted ESP packet.

  - CVE-2008-0598     Tavis Ormandy discovered a vulnerability that allows     local users to access uninitialized kernel memory,     possibly leaking sensitive data. This issue is specific     to the amd64-flavour kernel images.

  - CVE-2008-2729     Andi Kleen discovered an issue where uninitialized     kernel memory was being leaked to userspace during an     exception. This issue may allow local users to gain     access to sensitive data. Only the amd64-flavour Debian     kernel images are affected.

  - CVE-2008-2812     Alan Cox discovered an issue in multiple tty drivers     that allows local users to trigger a denial of service     (NULL pointer dereference) and possibly obtain elevated     privileges.

  - CVE-2008-2826     Gabriel Campana discovered an integer overflow in the     sctp code that can be exploited by local users to cause     a denial of service.

  - CVE-2008-2931     Miklos Szeredi reported a missing privilege check in the     do_change_type() function. This allows local,     unprivileged users to change the properties of mount     points.

  - CVE-2008-3272     Tobias Klein reported a locally exploitable data leak in     the snd_seq_oss_synth_make_info() function. This may     allow local users to gain access to sensitive     information.

  - CVE-2008-3275     Zoltan Sogor discovered a coding error in the VFS that     allows local users to exploit a kernel memory leak     resulting in a denial of service.

These updated packages fix the following security issues :

  - A security flaw was found in the Linux kernel memory     copy routines, when running on certain AMD64 systems. If     an unsuccessful attempt to copy kernel memory from     source to destination memory locations occurred, the     copy routines did not zero the content at the     destination memory location. This could allow a local     unprivileged user to view potentially sensitive data.
    (CVE-2008-2729, Important)

  - Alexey Dobriyan discovered a race condition in the Linux     kernel process-tracing system call, ptrace. A local     unprivileged user could use this flaw to cause a denial     of service (kernel hang). (CVE-2008-2365, Important)

  - Tavis Ormandy discovered a deficiency in the Linux     kernel 32-bit and 64-bit emulation. This could allow a     local unprivileged user to prepare and run a specially     crafted binary, which would use this deficiency to leak     uninitialized and potentially sensitive data.
    (CVE-2008-0598, Important)

  - It was discovered that the Linux kernel handled string     operations in the opposite way to the GNU Compiler     Collection (GCC). This could allow a local unprivileged     user to cause memory corruption. (CVE-2008-1367, Low)

As well, these updated packages fix the following bug :

  - On systems with a large number of CPUs (more than 16),     multiple applications calling the 'times()' system call     may have caused a system hang.

From Red Hat Security Advisory 2008:0508 :

Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated packages fix the following security issues :

* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)

* Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang).
(CVE-2008-2365, Important)

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.
(CVE-2008-0598, Important)

* It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption.
(CVE-2008-1367, Low)

As well, these updated packages fix the following bug :

* On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang.

Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service.
(CVE-2007-6282)

Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712)

Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598)

Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service.
(CVE-2008-1615)

Wei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP NAT did not correctly handle certain length values. Remote attackers could exploit this to execute arbitrary code or crash the system.
(CVE-2008-1673)

Paul Marks discovered that the SIT interfaces did not correctly manage allocated memory. A remote attacker could exploit this to fill all available memory, leading to a denial of service. (CVE-2008-2136)

David Miller and Jan Lieskovsky discovered that the Sparc kernel did not correctly range-check memory regions allocated with mmap. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2137)

The sys_utimensat system call did not correctly check file permissions in certain situations. A local attacker could exploit this to modify the file times of arbitrary files which could lead to a denial of service. (CVE-2008-2148)

Brandon Edwards discovered that the DCCP system in the kernel did not correctly check feature lengths. A remote attacker could exploit this to execute arbitrary code. (CVE-2008-2358)

A race condition was discovered between ptrace and utrace in the kernel. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2365)

The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729)

The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code.
(CVE-2008-2750)

Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2826).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2008-0508.

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2008-0519.

ID	Name	Product	Family	Published	Updated	Severity
33365	CentOS 4 : kernel (CESA-2008:0508)	Nessus	CentOS Local Security Checks	7/2/2008	1/4/2021	high
43692	CentOS 5 : kernel (CESA-2008:0519)	Nessus	CentOS Local Security Checks	1/6/2010	1/4/2021	high
33377	RHEL 5 : kernel (RHSA-2008:0519)	Nessus	Red Hat Local Security Checks	7/2/2008	1/14/2021	high
67706	Oracle Linux 5 : kernel (ELSA-2008-0519)	Nessus	Oracle Linux Local Security Checks	7/12/2013	8/24/2021	high
60430	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
34032	Debian DSA-1630-1 : linux-2.6 - denial of service/information leak	Nessus	Debian Local Security Checks	8/24/2008	1/4/2021	high
33376	RHEL 4 : kernel (RHSA-2008:0508)	Nessus	Red Hat Local Security Checks	7/2/2008	1/14/2021	high
60429	Scientific Linux Security Update : kernel on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
67703	Oracle Linux 4 : kernel (ELSA-2008-0508)	Nessus	Oracle Linux Local Security Checks	7/12/2013	8/24/2021	high
33531	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1)	Nessus	Ubuntu Local Security Checks	7/17/2008	1/19/2021	critical
801453	CentOS RHSA-2008-0508 Security Check	Log Correlation Engine	Generic			high
801454	CentOS RHSA-2008-0519 Security Check	Log Correlation Engine	Generic			high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

critical

high

high