LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

July 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA July 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: kernel on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 26 Jul 2011 15:34:34 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (127 lines)

Synopsis:    Important: kernel security and bug fix update
Issue Date:  2011-07-15
CVE Numbers: CVE-2011-0695
              CVE-2010-4649
              CVE-2011-0711
              CVE-2011-1182
              CVE-2011-1576
              CVE-2011-1573
              CVE-2011-1593
              CVE-2011-1745
              CVE-2011-1746
              CVE-2011-2492
              CVE-2011-1776
              CVE-2011-1936
              CVE-2011-2213


The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-4649, Important)

* A race condition in the way new InfiniBand connections were set up 
could allow a remote user to cause a denial of service. (CVE-2011-0695,
Important)

* A flaw in the Stream Control Transmission Protocol (SCTP) 
implementation could allow a remote attacker to cause a denial of 
service if the sysctl "net.sctp.addip_enable" variable was turned on (it 
is off by default). (CVE-2011-1573, Important)

* Flaws in the AGPGART driver implementation when handling certain IOCTL
commands could allow a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,
Important)

* An integer overflow flaw in agp_allocate_memory() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2011-1746, Important)

* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly causing a
denial of service. (CVE-2011-1576, Moderate)

* An integer signedness error in next_pidmap() could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)

* A flaw in the way the Xen hypervisor implementation handled CPUID
instruction emulation during virtual machine exits could allow an
unprivileged guest user to crash a guest. This only affects systems that
have an Intel x86 processor with the Intel VT-x extension enabled.
(CVE-2011-1936, Moderate)

* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user 
to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)

* A missing initialization flaw in the XFS file system implementation
could lead to an information leak. (CVE-2011-0711, Low)

* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user 
to cause an information leak. (CVE-2011-1044, Low)

* A missing validation check was found in the signals implementation. A
local, unprivileged user could use this flaw to send signals via the
sigqueueinfo system call, with the si_code set to SI_TKILL and with 
spoofed process and user IDs, to other processes. Note: This flaw does 
not allow existing permission checks to be bypassed; signals can only be 
sent if your privileges allow you to already do so. (CVE-2011-1182, Low)

* A heap overflow flaw in the EFI GUID Partition Table (GPT) 
implementation could allow a local attacker to cause a denial of service 
by mounting a disk containing specially-crafted partition tables. 
(CVE-2011-1776, Low)

* Structure padding in two structures in the Bluetooth implementation
was not initialized properly before being copied to user-space, possibly
allowing local, unprivileged users to leak kernel stack memory to
user-space. (CVE-2011-2492, Low)

This update fixes several bugs.

The system must be rebooted for this update to take effect.

SL5:
   i386
kernel-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-doc-2.6.18-238.19.1.el5.noarch.rpm
kernel-headers-2.6.18-238.19.1.el5.i386.rpm
kernel-PAE-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-xen-2.6.18-238.19.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.i686.rpm
   Dependencies:
kernel-module-aufs-2.6.18-238.19.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-238.19.1.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.19.1.el5-1.55-1.SL.i686.rpm
kernel-module-openafs-2.6.18-238.19.1.el5-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-238.19.1.el5-1.4.14-80.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.19.1.el5-0.4-2.sl5.i686.rpm

   x86_64
kernel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-doc-2.6.18-238.19.1.el5.noarch.rpm
kernel-headers-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.x86_64.rpm
   Dependencies:
kernel-module-aufs-2.6.18-238.19.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-238.19.1.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-238.19.1.el5-1.55-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-238.19.1.el5-1.4.12-79.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-238.19.1.el5-1.4.14-80.sl5.x86_64.rpm


- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV