LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: kernel on SL6.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 3 Mar 2011 14:43:24 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (106 lines)

Synopsis:	Important: kernel security and bug fix update
Issue date:	2010-11-10
CVE Names:	CVE-2010-2803 CVE-2010-2955 CVE-2010-2962
                   CVE-2010-3079 CVE-2010-3081 CVE-2010-3084
                   CVE-2010-3301 CVE-2010-3432 CVE-2010-3437
                   CVE-2010-3442 CVE-2010-3698 CVE-2010-3705
                   CVE-2010-3904


This update fixes the following security issues:

* Missing sanity checks in the Intel i915 driver in the Linux kernel 
could allow a local, unprivileged user to escalate their privileges.
(CVE-2010-2962, Important)

* compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility
layer implementation was missing sanity checks. This function could be
abused in other areas of the Linux kernel if its length argument can be
controlled from user-space. On 64-bit systems, a local, unprivileged 
user could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)

* A buffer overflow flaw in niu_get_ethtool_tcam_all() in the niu 
Ethernet driver in the Linux kernel, could allow a local user to cause a 
denial of service or escalate their privileges. (CVE-2010-3084, Important)

* A flaw in the IA32 system call emulation provided in 64-bit Linux 
kernels could allow a local user to escalate their privileges. 
(CVE-2010-3301, Important)

* A flaw in sctp_packet_config() in the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation could allow a remote 
attacker to cause a denial of service. (CVE-2010-3432, Important)

* A missing integer overflow check in snd_ctl_new() in the Linux 
kernel's sound subsystem could allow a local, unprivileged user on a 
32-bit system to cause a denial of service or escalate their privileges. 
(CVE-2010-3442, Important)

* A flaw was found in sctp_auth_asoc_get_hmac() in the Linux kernel's 
SCTP implementation. When iterating through the hmac_ids array, it did 
not reset the last id element if it was out of range. This could allow a 
remote attacker to cause a denial of service. (CVE-2010-3705, Important)

* A function in the Linux kernel's Reliable Datagram Sockets (RDS) 
protocol implementation was missing sanity checks, which could allow a 
local, unprivileged user to escalate their privileges. (CVE-2010-3904, 
Important)

* A flaw in drm_ioctl() in the Linux kernel's Direct Rendering Manager
(DRM) implementation could allow a local, unprivileged user to cause an
information leak. (CVE-2010-2803, Moderate)

* It was found that wireless drivers might not always clear allocated
buffers when handling a driver-specific IOCTL information request. A 
local user could trigger this flaw to cause an information leak. 
(CVE-2010-2955, Moderate)

* A NULL pointer dereference flaw in ftrace_regex_lseek() in the Linux
kernel's ftrace implementation could allow a local, unprivileged user to
cause a denial of service. Note: The debugfs file system must be mounted
locally to exploit this issue. It is not mounted by default.
(CVE-2010-3079, Moderate)

* A flaw in the Linux kernel's packet writing driver could be triggered
via the PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local,
unprivileged user with access to "/dev/pktcdvd/control" to cause an
information leak. Note: By default, only users in the cdrom group have
access to "/dev/pktcdvd/control". (CVE-2010-3437, Moderate)

* A flaw was found in the way KVM (Kernel-based Virtual Machine) handled
the reloading of fs and gs segment registers when they had invalid
selectors. A privileged host user with access to "/dev/kvm" could use 
this flaw to crash the host. (CVE-2010-3698, Moderate)


This update also fixes several bugs.

The system must be rebooted for this update to take effect.

SL 6.x

      SRPMS:
kernel-2.6.32-71.7.1.el6.src.rpm
      i386:
kernel-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-doc-2.6.32-71.7.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
kernel-headers-2.6.32-71.7.1.el6.i686.rpm
perf-2.6.32-71.7.1.el6.noarch.rpm
      x86_64:
kernel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-doc-2.6.32-71.7.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm
perf-2.6.32-71.7.1.el6.noarch.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV