We will be updating all our Redhat Enterprise / CentOS 4/5 server(s) this weekend for a kernel upgrade. This would take place as far as possible during the off-peak hours. A reboot is required to complete the upgrade. The downtime should not exceed 30 minutes and it will be minimize as much as possible. We will track each server till it returns to service after the upgrade and reboot.
This upgrade is scheduled as follows:
Date: 07 May 2008, Saturday to 09 May 2008, Monday
Time: Between 2AM and 8AM EST
Due to the large number of servers that is being upgraded, we do not have a fixed time for your server. If you wish to schedule it, you are free to request it and we will try as much as possible to fit within your time window.
Redhat Enterprise / CentOS 4:
These updated packages fix the following security issues:
* the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important)
* on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local
unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important)
* the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important)
Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue:
* when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local
unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important)
* the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important)
* a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important)
As well, these updated packages fix the following bugs:
* multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such,
they have not been handled as security issues.
* a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved.
* a race condition in UNIX domain sockets may have caused "recv()" to return zero. In clustered configurations, this may have caused unexpected
* to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are
* a client-side race on blocking locks caused large time delays on NFS file systems.
* in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have
caused infinite reboots.
* running the "service network restart" command may have caused networking to fail.
* a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read.
* on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files.
* a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved.
Redhat Enterprise / CentOS 5:
These updated packages fix the following bugs:
* the message buffer for the relay function is allocated against online CPUs, not ones that will be hot-added in the future. If the buffer has already been allocated, hot-adding a CPU, which the relay function works on, will cause a panic, as the message buffer will not be available for such a CPU. In these updated packages, hot-adding a CPU after the message buffer has been allocated no longer causes a panic.
* after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss. This prevented network connections to the guest. In these updated packages, after a migration, a gratuitous ARP request is sent, causing the ARP caches to be refreshed, which minimizes network downtime, and resolves this issue.
* the TAHI IPsec IPv6 Ready Logo test case failed on 64-bit PowerPC systems, when using ESP with the encryption algorithm set to "3des-cbc", and authentication set to "null".
* by default, Red Hat Enterprise Linux running on 64-bit PowerPC systems is set for a 32-bit user-space. When compiling on such systems, 32-bit padding was used, instead of the 64-bit padding required by 64-bit kernels. This resulted in structure fields not being aligned, causing multicast socket
options to fail.
* the XFRM reverse feature for ICMPv6 did not work. In these updated packages, this has been resolved, allowing the TAHI IPsec IPv6 Ready Logo
test case to pass successfully.
If you have any questions regarding this update, please feel free to let us know by simply replying to this email.