| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2010:0670.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)
* A miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)
Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original
reporter
and Grant Diffey of CenITex for reporting CVE-2010-2798.
This update also fixes the following bugs:
* Problems receiving network traffic correctly via a non-standard layer 3
protocol when using the ixgbe driver. This update corrects this issue.
(BZ#618275)
* A bug was found in the way the megaraid_sas driver (for SAS based RAID
controllers) handled physical disks and management IOCTLs. All physical
disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout
occurred. One possible trigger for this bug was running mkfs. This update
resolves this issue by updating the megaraid_sas driver to version 4.31.
(BZ#619363)
* Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes
to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus
writes resulted in the serialization of MSIs, leading to poor performance
on systems with high MSI load. This update adds a new kernel boot
parameter, msi_nolock, which forgoes the PCI bus writes and allows for
better simultaneous processing of MSIs. (BZ#621939)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2010-0670.html
http://www.redhat.com/security/updates/classification/#important
Risk factor : High
|
