A important kernel security and bug fix update was released for Red Hat Enterprise Linux 5, repairing some issues that could allow an unprivileged user to cause a denial of service.

Red Hat Enterprise Linux 5 (both Desktop and Server editions) were affected by these issues. Almost all architectures could have had problems because of this security hole, including i386, x86_64, PPC, s390x and a few others.

The Linux kernel process-trace ability was tested on AMD64 architectures, discovering the possibility of a kernel crash that could allow a local unprivileged user to cause a denial of service.

Due to improper handling of fragmented ESP packets, a possibility of a kernel crash was discovered in the Linux kernel IPsec protocol implementation. If these packages were fragmented in very small chunks, a kernel crash might have occurred during the packet reassembly on the receiving node.

A denial of service could have been caused on 64-bit architectures if a local unprivileged user setup a large interval value for hrtimer, forcing the time expiry value to become negative.

Another problem that could cause a denial of service was found in the Linux kernel PWC USB video driver. The kernel USB subsystem could be brought into the busy-waiting mode by a normal user and cause a DoS.

The updated packages will resolve some other issues as well, like the continual "softlockup" messages that kept occurring on the guest's console after successfully saving and restoring a Red Hat Enterprise Linux 5 para-virtualized guest. Sometimes, a kernel hung and panic occurred when the cpufreq daemon was disabled. Because of this, some system reboots did not complete successfully.

If you intend to apply the updated packages - and this is the advisable thing to do -, first make sure that you've installed all the previously-released updates.